Upload 10 files

.gitattributes

@@ -1,35 +1,35 @@
-*.7z filter=lfs diff=lfs merge=lfs -text
-*.arrow filter=lfs diff=lfs merge=lfs -text
-*.bin filter=lfs diff=lfs merge=lfs -text
-*.bz2 filter=lfs diff=lfs merge=lfs -text
-*.ckpt filter=lfs diff=lfs merge=lfs -text
-*.ftz filter=lfs diff=lfs merge=lfs -text
-*.gz filter=lfs diff=lfs merge=lfs -text
-*.h5 filter=lfs diff=lfs merge=lfs -text
-*.joblib filter=lfs diff=lfs merge=lfs -text
-*.lfs.* filter=lfs diff=lfs merge=lfs -text
-*.mlmodel filter=lfs diff=lfs merge=lfs -text
-*.model filter=lfs diff=lfs merge=lfs -text
-*.msgpack filter=lfs diff=lfs merge=lfs -text
-*.npy filter=lfs diff=lfs merge=lfs -text
-*.npz filter=lfs diff=lfs merge=lfs -text
-*.onnx filter=lfs diff=lfs merge=lfs -text
-*.ot filter=lfs diff=lfs merge=lfs -text
-*.parquet filter=lfs diff=lfs merge=lfs -text
-*.pb filter=lfs diff=lfs merge=lfs -text
-*.pickle filter=lfs diff=lfs merge=lfs -text
-*.pkl filter=lfs diff=lfs merge=lfs -text
-*.pt filter=lfs diff=lfs merge=lfs -text
-*.pth filter=lfs diff=lfs merge=lfs -text
-*.rar filter=lfs diff=lfs merge=lfs -text
-*.safetensors filter=lfs diff=lfs merge=lfs -text
-saved_model/**/* filter=lfs diff=lfs merge=lfs -text
-*.tar.* filter=lfs diff=lfs merge=lfs -text
-*.tar filter=lfs diff=lfs merge=lfs -text
-*.tflite filter=lfs diff=lfs merge=lfs -text
-*.tgz filter=lfs diff=lfs merge=lfs -text
-*.wasm filter=lfs diff=lfs merge=lfs -text
-*.xz filter=lfs diff=lfs merge=lfs -text
-*.zip filter=lfs diff=lfs merge=lfs -text
-*.zst filter=lfs diff=lfs merge=lfs -text
-*tfevents* filter=lfs diff=lfs merge=lfs -text
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.ckpt filter=lfs diff=lfs merge=lfs -text
+*.ftz filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.h5 filter=lfs diff=lfs merge=lfs -text
+*.joblib filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
+*.mlmodel filter=lfs diff=lfs merge=lfs -text
+*.model filter=lfs diff=lfs merge=lfs -text
+*.msgpack filter=lfs diff=lfs merge=lfs -text
+*.npy filter=lfs diff=lfs merge=lfs -text
+*.npz filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.parquet filter=lfs diff=lfs merge=lfs -text
+*.pb filter=lfs diff=lfs merge=lfs -text
+*.pickle filter=lfs diff=lfs merge=lfs -text
+*.pkl filter=lfs diff=lfs merge=lfs -text
+*.pt filter=lfs diff=lfs merge=lfs -text
+*.pth filter=lfs diff=lfs merge=lfs -text
+*.rar filter=lfs diff=lfs merge=lfs -text
+*.safetensors filter=lfs diff=lfs merge=lfs -text
+saved_model/**/* filter=lfs diff=lfs merge=lfs -text
+*.tar.* filter=lfs diff=lfs merge=lfs -text
+*.tar filter=lfs diff=lfs merge=lfs -text
+*.tflite filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.wasm filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
+*tfevents* filter=lfs diff=lfs merge=lfs -text

Dockerfile

@@ -0,0 +1,18 @@
+#Base image
+FROM python:3.11-slim
+
+#Set work directory
+WORKDIR /app
+
+#Install dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+#Copy project files
+COPY . .
+
+#Expose the port Hugging Face expects
+EXPOSE 7860
+
+#Command to run FastAPI with uvicorn
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

README.md

@@ -1,10 +1,10 @@
----
-title: Code
-emoji: 👀
-colorFrom: red
-colorTo: green
-sdk: docker
-pinned: false
----
-
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+---
+title: Code
+emoji: 👀
+colorFrom: red
+colorTo: green
+sdk: docker
+pinned: false
+---
+
+Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

app.py

@@ -0,0 +1,114 @@
+"""
+app.py — Gradio Web Interface for Hugging Face Spaces
+=====================================================
+Provides an interactive demo of the Email Gatekeeper RL environment.
+Hugging Face Spaces serves this on port 7860 automatically.
+"""
+
+import gradio as gr
+import numpy as np
+from env import (
+    EmailTriageEnv, TASK_SPLITS,
+    URGENCY_LABELS, ROUTING_LABELS, RESOLUTION_LABELS,
+)
+
+_LEGAL_SECURITY_KW   = {"lawsuit", "attorney", "sue", "ransomware", "extortion"}
+_BILLING_ESCALATE_KW = {"refund"}
+
+
+def _classify(email: dict) -> np.ndarray:
+    kw      = set(email.get("keywords", []))
+    context = email.get("context", "").lower()
+    if context == "legal" or kw & {"lawsuit", "attorney", "sue"}:
+        return np.array([2, 2, 2], dtype=np.int64)
+    if context == "security":
+        if kw & _LEGAL_SECURITY_KW or ("hacked" in kw and "breach" in kw):
+            return np.array([2, 2, 2], dtype=np.int64)
+        return np.array([2, 1, 2], dtype=np.int64)
+    if context == "billing":
+        return np.array([1, 2, 2] if kw & _BILLING_ESCALATE_KW
+                        else [1, 0, 1], dtype=np.int64)
+    if context == "tech" or kw & {"crash", "error", "bug", "slow"}:
+        return np.array([0, 1, 1], dtype=np.int64)
+    return np.array([0, 0, 0], dtype=np.int64)
+
+
+def run_task_demo(task: str) -> str:
+    env = EmailTriageEnv(task=task, shuffle=False)
+    env.reset(seed=42)
+    email_queue = list(env._queue)
+
+    lines        = []
+    cumulative   = 0.0
+    terminated   = False
+    step         = 0
+
+    while not terminated:
+        email  = email_queue[step]
+        action = _classify(email)
+        _, norm_reward, terminated, _, info = env.step(action)
+        cumulative += norm_reward
+
+        raw = info["raw_reward"]
+        ca  = info["correct_actions"]
+
+        verdict = ("✅ EXACT" if raw >= 1.0 else
+                   "🔶 PARTIAL" if raw > 0 else
+                   "🚨 SECURITY MISS" if raw < 0 else "❌ WRONG")
+
+        lines.append(
+            f"#{step+1:02d} [{email['difficulty'].upper()}] "
+            f"{email['description'][:40]}\n"
+            f"     Predicted : {URGENCY_LABELS[action[0]]} | "
+            f"{ROUTING_LABELS[action[1]]} | {RESOLUTION_LABELS[action[2]]}\n"
+            f"     Correct   : {URGENCY_LABELS[ca[0]]} | "
+            f"{ROUTING_LABELS[ca[1]]} | {RESOLUTION_LABELS[ca[2]]}\n"
+            f"     Reward    : {raw:+.1f}  {verdict}\n"
+        )
+        step += 1
+
+    final = max(0.0, min(1.0, cumulative))
+    lines.append(f"\n{'─'*50}")
+    lines.append(f"Final Score : {final:.3f} / 1.0")
+    return "\n".join(lines)
+
+
+with gr.Blocks(title="Email Gatekeeper RL") as demo:
+    gr.Markdown("""
+# 📧 Email Gatekeeper — RL Environment Demo
+**Meta x PyTorch Hackathon** | Gymnasium-based email triage agent
+
+The agent classifies each email across **3 simultaneous dimensions**:
+`Urgency` × `Department` × `Resolution Action`
+""")
+
+    with gr.Row():
+        task_dropdown = gr.Dropdown(
+            choices=["easy", "medium", "hard"],
+            value="easy",
+            label="Select Task",
+        )
+        run_btn = gr.Button("▶ Run Episode", variant="primary")
+
+    output_box = gr.Textbox(
+        label="Episode Results",
+        lines=30,
+        max_lines=50,
+    )
+
+    run_btn.click(fn=run_task_demo, inputs=task_dropdown, outputs=output_box)
+
+    gr.Markdown("""
+### Reward Function
+| Result | Reward |
+|---|---|
+| ✅ Exact Match (all 3 correct) | +1.0 |
+| 🔶 Partial (urgency correct, 1 wrong) | +0.2 |
+| 🔶 Partial (urgency correct, 2 wrong) | +0.1 |
+| 🚨 Security Miss | **-2.0** |
+| ❌ Wrong urgency | 0.0 |
+""")
+
+
+if __name__ == "__main__":
+    demo.launch(server_name="0.0.0.0", server_port=7860)

env.py

@@ -0,0 +1,405 @@
+"""
+env.py — Email Gatekeeper RL Environment (OpenEnv Specification)
+================================================================
+Gymnasium environment for intelligent email triage.
+Wraps the core EmailTriageEnv logic with:
+  - Pydantic typed Action and Observation models
+  - state() method returning current environment state
+  - Three task splits: easy / medium / hard
+  - Full OpenEnv-compatible interface
+"""
+
+from __future__ import annotations
+
+import numpy as np
+import gymnasium as gym
+from gymnasium import spaces
+from pydantic import BaseModel, Field
+from typing import Optional
+
+# ── Vocabulary & encoding (canonical — must not change between versions) ──────
+
+KEYWORD_VOCAB = [
+    "invoice", "payment", "overdue", "refund",
+    "hacked",  "breach",  "unauthorized", "password",
+    "crash",   "error",   "bug",   "slow",
+    "lawsuit", "legal",   "attorney", "sue",
+    "spam",    "offer",   "win",   "free",
+    "urgent",  "critical","angry", "threat",
+]
+
+SENTIMENT_MAP = {"positive": 0, "neutral": 1, "negative": 2}
+CONTEXT_MAP   = {"spam": 0, "billing": 1, "tech": 2, "security": 3, "legal": 4}
+OBS_DIM       = len(KEYWORD_VOCAB) + len(SENTIMENT_MAP) + len(CONTEXT_MAP)  # 32
+
+# ── Label maps ────────────────────────────────────────────────────────────────
+URGENCY_LABELS    = {0: "General",       1: "Billing",      2: "Security Breach"}
+ROUTING_LABELS    = {0: "AI Auto-Reply", 1: "Tech Support", 2: "Legal"}
+RESOLUTION_LABELS = {0: "Archive",       1: "Draft Reply",  2: "Escalate"}
+
+# ── Reward weights ────────────────────────────────────────────────────────────
+REWARD_EXACT           =  1.0
+REWARD_PARTIAL_1_WRONG =  0.2
+REWARD_PARTIAL_2_WRONG =  0.1
+PENALTY_SECURITY_MISS  = -2.0
+
+
+# ─────────────────────────────────────────────────────────────────────────────
+# Pydantic Typed Models
+# ─────────────────────────────────────────────────────────────────────────────
+
+class EmailAction(BaseModel):
+    """
+    The agent's triage decision for one email.
+    All three dimensions must be predicted simultaneously.
+    """
+    urgency: int = Field(
+        ..., ge=0, le=2,
+        description="0=General | 1=Billing | 2=Security Breach"
+    )
+    routing: int = Field(
+        ..., ge=0, le=2,
+        description="0=AI Auto-Reply | 1=Tech Support | 2=Legal"
+    )
+    resolution: int = Field(
+        ..., ge=0, le=2,
+        description="0=Archive | 1=Draft Reply | 2=Escalate"
+    )
+
+    def to_array(self) -> np.ndarray:
+        return np.array([self.urgency, self.routing, self.resolution],
+                        dtype=np.int64)
+
+    @classmethod
+    def from_array(cls, arr: np.ndarray) -> "EmailAction":
+        return cls(urgency=int(arr[0]), routing=int(arr[1]),
+                   resolution=int(arr[2]))
+
+
+class EmailObservation(BaseModel):
+    """
+    The agent's view of the current email.
+    Encoded as a flat float32 vector of length 32.
+    """
+    keyword_flags: list[float] = Field(
+        ..., description=f"Binary flags for {len(KEYWORD_VOCAB)} vocab keywords"
+    )
+    sentiment_onehot: list[float] = Field(
+        ..., description="One-hot: [positive, neutral, negative]"
+    )
+    context_onehot: list[float] = Field(
+        ..., description="One-hot: [spam, billing, tech, security, legal]"
+    )
+    # Human-readable metadata (not used by the agent, useful for logging)
+    description: str = ""
+    difficulty:  str = ""
+    context_str: str = ""
+    sentiment_str: str = ""
+    keywords:    list[str] = Field(default_factory=list)
+
+    def to_array(self) -> np.ndarray:
+        return np.array(
+            self.keyword_flags + self.sentiment_onehot + self.context_onehot,
+            dtype=np.float32,
+        )
+
+
+class EnvironmentState(BaseModel):
+    """Current snapshot of the environment — returned by state()."""
+    step_index:    int
+    total_emails:  int
+    emails_remaining: int
+    current_email: dict
+    cumulative_reward: float
+    task:          str   # "easy" | "medium" | "hard" | "all"
+    terminated:    bool
+
+
+class StepResult(BaseModel):
+    """Typed return value from step()."""
+    observation:  EmailObservation
+    reward:       float
+    normalised_reward: float
+    terminated:   bool
+    truncated:    bool
+    info:         dict
+
+
+# ──────────────────────────────────────────────────────��──────────────────────
+# Dataset
+# ─────────────────────────────────────────────────────────────────────────────
+
+EMAIL_DATASET: list[dict] = [
+    # ── Easy: Spam detection ─────────────────────────────────────────────────
+    {"description": "Spam promo",          "keywords": ["spam","offer","win","free"],
+     "sentiment": "positive", "context": "spam",    "difficulty": "easy",
+     "correct_actions": (0, 0, 0)},
+    {"description": "Spam lottery",        "keywords": ["free","win","offer"],
+     "sentiment": "positive", "context": "spam",    "difficulty": "easy",
+     "correct_actions": (0, 0, 0)},
+    {"description": "Routine support",     "keywords": ["slow","error"],
+     "sentiment": "neutral",  "context": "tech",    "difficulty": "easy",
+     "correct_actions": (0, 1, 1)},
+    {"description": "General billing",     "keywords": ["invoice","payment"],
+     "sentiment": "neutral",  "context": "billing", "difficulty": "easy",
+     "correct_actions": (1, 0, 1)},
+    # ── Medium: Support routing ───────────────────────────────────────────────
+    {"description": "Overdue invoice",     "keywords": ["invoice","overdue","payment","angry"],
+     "sentiment": "negative", "context": "billing", "difficulty": "medium",
+     "correct_actions": (1, 0, 1)},
+    {"description": "Refund dispute",      "keywords": ["refund","payment","angry"],
+     "sentiment": "negative", "context": "billing", "difficulty": "medium",
+     "correct_actions": (1, 2, 2)},
+    {"description": "App crash report",    "keywords": ["crash","bug","error"],
+     "sentiment": "negative", "context": "tech",    "difficulty": "medium",
+     "correct_actions": (0, 1, 1)},
+    {"description": "Persistent login bug","keywords": ["bug","password","error"],
+     "sentiment": "negative", "context": "tech",    "difficulty": "medium",
+     "correct_actions": (0, 1, 1)},
+    {"description": "Polite legal ultimatum","keywords": ["refund","legal","angry","threat"],
+     "sentiment": "negative", "context": "legal",   "difficulty": "medium",
+     "correct_actions": (2, 2, 2)},
+    {"description": "Attorney CC warning", "keywords": ["invoice","overdue","attorney","legal","payment","threat"],
+     "sentiment": "negative", "context": "legal",   "difficulty": "medium",
+     "correct_actions": (2, 2, 2)},
+    {"description": "Regulatory complaint","keywords": ["angry","threat","legal"],
+     "sentiment": "negative", "context": "legal",   "difficulty": "medium",
+     "correct_actions": (2, 2, 2)},
+    {"description": "SLA breach legal",    "keywords": ["breach","legal","threat","angry"],
+     "sentiment": "negative", "context": "legal",   "difficulty": "medium",
+     "correct_actions": (2, 2, 2)},
+    # ── Hard: Phishing & security threats ────────────────────────────────────
+    {"description": "IT audit phish",      "keywords": ["password","unauthorized","critical","urgent","threat"],
+     "sentiment": "negative", "context": "security","difficulty": "hard",
+     "correct_actions": (2, 1, 2)},
+    {"description": "Fake invoice portal", "keywords": ["invoice","payment","password","unauthorized","urgent"],
+     "sentiment": "neutral",  "context": "security","difficulty": "hard",
+     "correct_actions": (2, 1, 2)},
+    {"description": "HR credential phish", "keywords": ["password","urgent","critical"],
+     "sentiment": "neutral",  "context": "security","difficulty": "hard",
+     "correct_actions": (2, 1, 2)},
+    {"description": "Fake suspension",     "keywords": ["unauthorized","password","breach","urgent","threat"],
+     "sentiment": "negative", "context": "security","difficulty": "hard",
+     "correct_actions": (2, 1, 2)},
+    {"description": "BEC vendor reply",    "keywords": ["password","unauthorized","urgent"],
+     "sentiment": "neutral",  "context": "security","difficulty": "hard",
+     "correct_actions": (2, 1, 2)},
+    {"description": "Sign-in alert phish", "keywords": ["unauthorized","password","hacked","breach","urgent"],
+     "sentiment": "negative", "context": "security","difficulty": "hard",
+     "correct_actions": (2, 1, 2)},
+    {"description": "Payroll phish",       "keywords": ["payment","password","urgent","threat"],
+     "sentiment": "negative", "context": "security","difficulty": "hard",
+     "correct_actions": (2, 1, 2)},
+    {"description": "License renewal BEC", "keywords": ["password","critical","urgent","error"],
+     "sentiment": "neutral",  "context": "security","difficulty": "hard",
+     "correct_actions": (2, 1, 2)},
+    {"description": "GDPR phish",          "keywords": ["breach","hacked","password","legal","threat","urgent","unauthorized"],
+     "sentiment": "negative", "context": "security","difficulty": "hard",
+     "correct_actions": (2, 1, 2)},
+    {"description": "Ransomware audit",    "keywords": ["hacked","breach","unauthorized","lawsuit","legal","threat","critical","urgent"],
+     "sentiment": "negative", "context": "security","difficulty": "hard",
+     "correct_actions": (2, 2, 2)},
+    {"description": "Data extortion",      "keywords": ["hacked","breach","unauthorized","attorney","threat","critical","urgent"],
+     "sentiment": "negative", "context": "security","difficulty": "hard",
+     "correct_actions": (2, 2, 2)},
+    {"description": "Fake law firm",       "keywords": ["unauthorized","breach","attorney","lawsuit","legal","threat"],
+     "sentiment": "negative", "context": "legal",   "difficulty": "hard",
+     "correct_actions": (2, 2, 2)},
+    {"description": "Account hacked",      "keywords": ["hacked","unauthorized","password","urgent","angry"],
+     "sentiment": "negative", "context": "security","difficulty": "hard",
+     "correct_actions": (2, 1, 2)},
+    {"description": "Data breach notice",  "keywords": ["breach","unauthorized","critical","threat"],
+     "sentiment": "negative", "context": "security","difficulty": "hard",
+     "correct_actions": (2, 1, 2)},
+    {"description": "Legal lawsuit threat","keywords": ["lawsuit","legal","attorney","threat","angry"],
+     "sentiment": "negative", "context": "legal",   "difficulty": "hard",
+     "correct_actions": (2, 2, 2)},
+    {"description": "Ransomware threat",   "keywords": ["hacked","threat","critical","urgent","breach"],
+     "sentiment": "negative", "context": "security","difficulty": "hard",
+     "correct_actions": (2, 2, 2)},
+]
+
+# Task splits — used by inference.py for per-task scoring
+TASK_SPLITS: dict[str, list[dict]] = {
+    "easy":   [e for e in EMAIL_DATASET if e["difficulty"] == "easy"],
+    "medium": [e for e in EMAIL_DATASET if e["difficulty"] == "medium"],
+    "hard":   [e for e in EMAIL_DATASET if e["difficulty"] == "hard"],
+    "all":    EMAIL_DATASET,
+}
+
+
+# ─────────────────────────────────────────────────────────────────────────────
+# Core Environment
+# ─────────────────────────────────────────────────────────────────────────────
+
+class EmailTriageEnv(gym.Env):
+    """
+    OpenEnv-compliant Gymnasium environment for email triage.
+
+    The agent receives one email per step as a 32-dim observation vector
+    and must output three simultaneous discrete decisions.
+
+    Parameters
+    ----------
+    task : str
+        "easy" | "medium" | "hard" | "all"  — which email subset to use.
+    shuffle : bool
+        Shuffle emails on each reset (default True).
+    """
+
+    metadata = {"render_modes": ["human"]}
+
+    def __init__(self, task: str = "all", shuffle: bool = True):
+        super().__init__()
+
+        if task not in TASK_SPLITS:
+            raise ValueError(f"task must be one of {list(TASK_SPLITS)}. Got '{task}'.")
+
+        self.task          = task
+        self.shuffle       = shuffle
+        self.email_batch   = TASK_SPLITS[task]
+
+        # Gymnasium spaces
+        self.action_space = spaces.MultiDiscrete([3, 3, 3])
+        self.observation_space = spaces.Box(
+            low=0.0, high=1.0, shape=(OBS_DIM,), dtype=np.float32
+        )
+
+        # Internal state
+        self._queue:          list[dict] = []
+        self._current_email:  dict       = {}
+        self._step_idx:       int        = 0
+        self._cumulative_reward: float   = 0.0
+        self._max_episode_reward: float  = len(self.email_batch) * REWARD_EXACT
+
+    # ── Encoding helpers ──────────────────────────────────────────────────────
+
+    def _encode_to_obs(self, email: dict) -> EmailObservation:
+        """Convert an email dict into a typed EmailObservation."""
+        kw_flags = [1.0 if kw in email["keywords"] else 0.0
+                    for kw in KEYWORD_VOCAB]
+
+        sentiment_vec = [0.0] * len(SENTIMENT_MAP)
+        sentiment_vec[SENTIMENT_MAP[email["sentiment"]]] = 1.0
+
+        context_vec = [0.0] * len(CONTEXT_MAP)
+        context_vec[CONTEXT_MAP[email["context"]]] = 1.0
+
+        return EmailObservation(
+            keyword_flags=kw_flags,
+            sentiment_onehot=sentiment_vec,
+            context_onehot=context_vec,
+            description=email.get("description", ""),
+            difficulty=email.get("difficulty", ""),
+            context_str=email["context"],
+            sentiment_str=email["sentiment"],
+            keywords=email["keywords"],
+        )
+
+    def _compute_reward(self, action: np.ndarray, email: dict) -> float:
+        """
+        Reward function — same logic as environment.py, priority order:
+          1. Security miss  → -2.0  (correct urgency=2, predicted otherwise)
+          2. Exact match    → +1.0
+          3. Partial-1      → +0.2  (urgency correct, 1 other wrong)
+          4. Partial-2      → +0.1  (urgency correct, both others wrong)
+          5. Wrong          →  0.0
+        """
+        u, r, res   = int(action[0]), int(action[1]), int(action[2])
+        c           = email["correct_actions"]
+
+        if c[0] == 2 and u != 2:
+            return PENALTY_SECURITY_MISS
+        if (u, r, res) == c:
+            return REWARD_EXACT
+        if u == c[0]:
+            wrong = sum([r != c[1], res != c[2]])
+            return REWARD_PARTIAL_1_WRONG if wrong == 1 else REWARD_PARTIAL_2_WRONG
+        return 0.0
+
+    # ── OpenEnv API ───────────────────────────────────────────────────────────
+
+    def reset(
+        self,
+        *,
+        seed: Optional[int] = None,
+        options: Optional[dict] = None,
+    ) -> tuple[np.ndarray, dict]:
+        super().reset(seed=seed)
+
+        self._queue = list(self.email_batch)
+        if self.shuffle:
+            self.np_random.shuffle(self._queue)
+
+        self._step_idx          = 0
+        self._cumulative_reward = 0.0
+        self._current_email     = self._queue[0]
+
+        obs = self._encode_to_obs(self._current_email)
+        info = {
+            "description": self._current_email["description"],
+            "difficulty":  self._current_email["difficulty"],
+            "task":        self.task,
+            "total_steps": len(self._queue),
+        }
+        return obs.to_array(), info
+
+    def step(
+        self, action: np.ndarray
+    ) -> tuple[np.ndarray, float, bool, bool, dict]:
+        # Capture current email BEFORE advancing pointer
+        scored_email = self._current_email
+        raw_reward   = self._compute_reward(action, scored_email)
+        norm_reward  = raw_reward / self._max_episode_reward
+
+        self._cumulative_reward += norm_reward
+        self._step_idx          += 1
+        terminated               = self._step_idx >= len(self._queue)
+
+        if not terminated:
+            self._current_email = self._queue[self._step_idx]
+            obs = self._encode_to_obs(self._current_email)
+        else:
+            obs = self._encode_to_obs(scored_email)
+
+        # Decode action for info dict
+        typed_action = EmailAction.from_array(action)
+        correct      = scored_email["correct_actions"]
+
+        info = {
+            "raw_reward":       raw_reward,
+            "correct_actions":  correct,
+            "predicted":        (typed_action.urgency,
+                                 typed_action.routing,
+                                 typed_action.resolution),
+            "difficulty":       scored_email["difficulty"],
+            "description":      scored_email.get("description", ""),
+            "urgency_label":    URGENCY_LABELS[typed_action.urgency],
+            "routing_label":    ROUTING_LABELS[typed_action.routing],
+            "resolution_label": RESOLUTION_LABELS[typed_action.resolution],
+            "cumulative_score": self._cumulative_reward,
+        }
+        return obs.to_array(), norm_reward, terminated, False, info
+
+    def state(self) -> EnvironmentState:
+        """
+        Return a typed snapshot of the current environment state.
+        Required by the OpenEnv specification.
+        """
+        return EnvironmentState(
+            step_index=self._step_idx,
+            total_emails=len(self._queue),
+            emails_remaining=max(0, len(self._queue) - self._step_idx),
+            current_email=self._current_email,
+            cumulative_reward=self._cumulative_reward,
+            task=self.task,
+            terminated=self._step_idx >= len(self._queue),
+        )
+
+    def render(self, mode: str = "human") -> None:
+        e = self._current_email
+        print(
+            f"[{self.task.upper()} | Step {self._step_idx}/{len(self._queue)}] "
+            f"{e['description']} | {e['difficulty']} | "
+            f"sentiment={e['sentiment']} context={e['context']}"
+        )

environment.py

@@ -0,0 +1,501 @@
+"""
+EmailTriageEnv — Intelligent Email Gatekeeper RL Environment
+============================================================
+Observation : flat Box vector encoding keywords, sentiment, and context.
+Action      : MultiDiscrete([3, 3, 3])
+              [0] Urgency   — 0=General, 1=Billing, 2=Security Breach
+              [1] Routing   — 0=AI Auto-Reply, 1=Tech Support, 2=Legal
+              [2] Resolution— 0=Archive, 1=Draft Reply, 2=Escalate to Human
+Reward      : +0.5 fully correct | -0.4 wrong priority on crisis email
+              Cumulative ideal score over one episode ≈ 1.0 (normalised).
+Episode     : one email per step; done after all emails in the batch.
+"""
+
+import numpy as np
+import gymnasium as gym
+from gymnasium import spaces
+
+# ---------------------------------------------------------------------------
+# Vocabulary & encoding helpers
+# ---------------------------------------------------------------------------
+
+# Fixed keyword vocabulary — extend freely.
+KEYWORD_VOCAB = [
+    "invoice", "payment", "overdue", "refund",          # billing
+    "hacked", "breach", "unauthorized", "password",     # security
+    "crash", "error", "bug", "slow",                    # tech
+    "lawsuit", "legal", "attorney", "sue",              # legal
+    "spam", "offer", "win", "free",                     # spam
+    "urgent", "critical", "angry", "threat",            # sentiment signals
+]
+
+# Sentiment classes  → index
+SENTIMENT_MAP = {"positive": 0, "neutral": 1, "negative": 2}
+
+# Context classes    → index
+CONTEXT_MAP = {"spam": 0, "billing": 1, "tech": 2, "security": 3, "legal": 4}
+
+# Observation vector length: keyword flags + one-hot sentiment + one-hot context
+OBS_DIM = len(KEYWORD_VOCAB) + len(SENTIMENT_MAP) + len(CONTEXT_MAP)
+
+# ---------------------------------------------------------------------------
+# Mock email dataset
+# ---------------------------------------------------------------------------
+# Each entry:
+#   keywords    : list[str]  — subset of KEYWORD_VOCAB
+#   sentiment   : str        — key in SENTIMENT_MAP
+#   context     : str        — key in CONTEXT_MAP
+#   difficulty  : str        — "easy" | "medium" | "hard"
+#   correct_actions: tuple   — (urgency, routing, resolution)
+#   description : str        — human-readable label (for debugging)
+
+EMAIL_DATASET = [
+    # ── Easy: Spam vs Real ──────────────────────────────────────────────────
+    {
+        "description": "Spam promo",
+        "keywords": ["spam", "offer", "win", "free"],
+        "sentiment": "positive",
+        "context": "spam",
+        "difficulty": "easy",
+        "correct_actions": (0, 0, 0),   # General | AI Auto-Reply | Archive
+    },
+    {
+        "description": "Spam lottery",
+        "keywords": ["free", "win", "offer"],
+        "sentiment": "positive",
+        "context": "spam",
+        "difficulty": "easy",
+        "correct_actions": (0, 0, 0),
+    },
+    {
+        "description": "Routine support request",
+        "keywords": ["slow", "error"],
+        "sentiment": "neutral",
+        "context": "tech",
+        "difficulty": "easy",
+        "correct_actions": (0, 1, 1),   # General | Tech Support | Draft Reply
+    },
+    {
+        "description": "General billing inquiry",
+        "keywords": ["invoice", "payment"],
+        "sentiment": "neutral",
+        "context": "billing",
+        "difficulty": "easy",
+        "correct_actions": (1, 0, 1),   # Billing | AI Auto-Reply | Draft Reply
+    },
+    # ── Medium: Billing / Tech context ──────────────────────────────────────
+    {
+        "description": "Overdue invoice complaint",
+        "keywords": ["invoice", "overdue", "payment", "angry"],
+        "sentiment": "negative",
+        "context": "billing",
+        "difficulty": "medium",
+        "correct_actions": (1, 0, 1),   # Billing | AI Auto-Reply | Draft Reply
+    },
+    {
+        "description": "Refund dispute",
+        "keywords": ["refund", "payment", "angry"],
+        "sentiment": "negative",
+        "context": "billing",
+        "difficulty": "medium",
+        "correct_actions": (1, 2, 2),   # Billing | Legal | Escalate
+    },
+    {
+        "description": "App crash report",
+        "keywords": ["crash", "bug", "error"],
+        "sentiment": "negative",
+        "context": "tech",
+        "difficulty": "medium",
+        "correct_actions": (0, 1, 1),   # General | Tech Support | Draft Reply
+    },
+    {
+        "description": "Persistent login bug",
+        "keywords": ["bug", "password", "error"],
+        "sentiment": "negative",
+        "context": "tech",
+        "difficulty": "medium",
+        "correct_actions": (0, 1, 1),
+    },
+    # ── Medium: Passive-Aggressive Legal Threats ────────────────────────────
+    {
+        "id": "TC-M-01",
+        "description": "Polite refund ultimatum with implied legal action",
+        "keywords": ["refund", "legal", "angry", "threat"],
+        "sentiment": "negative",
+        "context": "legal",
+        "difficulty": "medium",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    {
+        "id": "TC-M-02",
+        "description": "Overdue invoice with attorney CC warning",
+        "keywords": ["invoice", "overdue", "attorney", "legal", "payment", "threat"],
+        "sentiment": "negative",
+        "context": "legal",
+        "difficulty": "medium",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    {
+        "id": "TC-M-03",
+        "description": "Disappointed customer implying regulatory complaint",
+        "keywords": ["angry", "threat", "legal"],
+        "sentiment": "negative",
+        "context": "legal",
+        "difficulty": "medium",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    {
+        "id": "TC-M-04",
+        "description": "SLA breach complaint with legal remedy language",
+        "keywords": ["breach", "legal", "threat", "angry"],
+        "sentiment": "negative",
+        "context": "legal",
+        "difficulty": "medium",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    {
+        "id": "TC-M-05",
+        "description": "Billing dispute with small claims court mention",
+        "keywords": ["refund", "payment", "angry", "lawsuit", "urgent"],
+        "sentiment": "negative",
+        "context": "legal",
+        "difficulty": "medium",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    {
+        "id": "TC-M-06",
+        "description": "GDPR deletion request with legal consequence warning",
+        "keywords": ["legal", "breach", "threat", "angry"],
+        "sentiment": "negative",
+        "context": "legal",
+        "difficulty": "medium",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    {
+        "id": "TC-M-07",
+        "description": "Subscription cancellation with chargeback and CFPB threat",
+        "keywords": ["payment", "refund", "angry", "threat", "legal"],
+        "sentiment": "negative",
+        "context": "legal",
+        "difficulty": "medium",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    {
+        "id": "TC-M-08",
+        "description": "Vendor threatening IP infringement claim",
+        "keywords": ["unauthorized", "legal", "attorney", "threat"],
+        "sentiment": "negative",
+        "context": "legal",
+        "difficulty": "medium",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    # ── Hard: Subtle Phishing Attempts ──────────────────────────────────────
+    {
+        "id": "TC-H-01",
+        "description": "IT password reset disguised as routine security audit",
+        "keywords": ["password", "unauthorized", "critical", "urgent", "threat"],
+        "sentiment": "negative",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 1, 2),   # Security | Tech Support | Escalate
+    },
+    {
+        "id": "TC-H-02",
+        "description": "Fake invoice payment portal redirect — credential harvest",
+        "keywords": ["invoice", "payment", "password", "unauthorized", "urgent"],
+        "sentiment": "neutral",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 1, 2),   # Security | Tech Support | Escalate
+    },
+    {
+        "id": "TC-H-03",
+        "description": "HR benefits enrollment with credential capture",
+        "keywords": ["password", "urgent", "critical"],
+        "sentiment": "neutral",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 1, 2),   # Security | Tech Support | Escalate
+    },
+    {
+        "id": "TC-H-04",
+        "description": "Fake account suspension notice with login link",
+        "keywords": ["unauthorized", "password", "breach", "urgent", "threat"],
+        "sentiment": "negative",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 1, 2),   # Security | Tech Support | Escalate
+    },
+    {
+        "id": "TC-H-05",
+        "description": "Vendor onboarding BEC — admin credentials via reply",
+        "keywords": ["password", "unauthorized", "urgent"],
+        "sentiment": "neutral",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 1, 2),   # Security | Tech Support | Escalate
+    },
+    {
+        "id": "TC-H-06",
+        "description": "Fake new sign-in alert — was this you? phish",
+        "keywords": ["unauthorized", "password", "hacked", "breach", "urgent"],
+        "sentiment": "negative",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 1, 2),   # Security | Tech Support | Escalate
+    },
+    {
+        "id": "TC-H-07",
+        "description": "Payroll migration phish — salary interruption fear",
+        "keywords": ["payment", "password", "urgent", "threat"],
+        "sentiment": "negative",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 1, 2),   # Security | Tech Support | Escalate
+    },
+    {
+        "id": "TC-H-08",
+        "description": "Software license renewal — admin credential request",
+        "keywords": ["password", "critical", "urgent", "error"],
+        "sentiment": "neutral",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 1, 2),   # Security | Tech Support | Escalate
+    },
+    # ── Hard: Phishing + Legal Threat Overlay ───────────────────────────────
+    {
+        "id": "TC-H-09",
+        "description": "Fake GDPR breach notice — credential harvest via legal fear",
+        "keywords": ["breach", "hacked", "password", "legal", "threat", "urgent", "unauthorized"],
+        "sentiment": "negative",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 1, 2),   # Security | Tech Support | Escalate
+        # NOTE: legal language is the deception layer; credential harvest = Tech Support
+    },
+    {
+        "id": "TC-H-10",
+        "description": "Ransomware disguised as software compliance audit",
+        "keywords": ["hacked", "breach", "unauthorized", "lawsuit", "legal", "threat", "critical", "urgent"],
+        "sentiment": "negative",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    {
+        "id": "TC-H-11",
+        "description": "Extortion — threatening to publish stolen data",
+        "keywords": ["hacked", "breach", "unauthorized", "attorney", "threat", "critical", "urgent"],
+        "sentiment": "negative",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    {
+        "id": "TC-H-12",
+        "description": "Fake law firm letter claiming evidence of data misuse",
+        "keywords": ["unauthorized", "breach", "attorney", "lawsuit", "legal", "threat"],
+        "sentiment": "negative",
+        "context": "legal",
+        "difficulty": "hard",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    # ── Hard: Crisis / Security threats ─────────────────────────────────────
+    {
+        "description": "Account hacked — urgent",
+        "keywords": ["hacked", "unauthorized", "password", "urgent", "angry"],
+        "sentiment": "negative",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 1, 2),   # Security | Tech Support | Escalate
+    },
+    {
+        "description": "Data breach notification",
+        "keywords": ["breach", "unauthorized", "critical", "threat"],
+        "sentiment": "negative",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 1, 2),
+    },
+    {
+        "description": "Legal threat — lawsuit",
+        "keywords": ["lawsuit", "legal", "attorney", "threat", "angry"],
+        "sentiment": "negative",
+        "context": "legal",
+        "difficulty": "hard",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+    {
+        "description": "Ransomware / extortion threat",
+        "keywords": ["hacked", "threat", "critical", "urgent", "breach"],
+        "sentiment": "negative",
+        "context": "security",
+        "difficulty": "hard",
+        "correct_actions": (2, 2, 2),   # Security | Legal | Escalate
+    },
+]
+
+# ---------------------------------------------------------------------------
+# Reward weights — adjust freely
+# ---------------------------------------------------------------------------
+REWARD_CORRECT_FULL      =  1.0   # teeno actions bilkul sahi
+REWARD_PARTIAL_ONE_WRONG =  0.2   # urgency sahi + sirf ek dimension galat
+REWARD_PARTIAL_BOTH_WRONG=  0.1   # urgency sahi lekin routing aur resolution dono galat
+PENALTY_MISSED_SECURITY  = -2.0   # security breach email miss kiya
+
+
+# ---------------------------------------------------------------------------
+# Environment
+# ---------------------------------------------------------------------------
+
+class EmailTriageEnv(gym.Env):
+    """
+    Single-email-per-step triage environment.
+
+    Parameters
+    ----------
+    batch : list[dict] | None
+        Custom email batch. Defaults to the full EMAIL_DATASET.
+    shuffle : bool
+        Shuffle the batch on each reset (default True).
+    """
+
+    metadata = {"render_modes": ["human"]}
+
+    def __init__(self, batch: list | None = None, shuffle: bool = True):
+        super().__init__()
+
+        self.email_batch = batch if batch is not None else EMAIL_DATASET
+        self.shuffle = shuffle
+
+        # Action space: [urgency(3), routing(3), resolution(3)]
+        self.action_space = spaces.MultiDiscrete([3, 3, 3])
+
+        # Observation space: binary keyword flags + one-hot sentiment + one-hot context
+        self.observation_space = spaces.Box(
+            low=0.0, high=1.0, shape=(OBS_DIM,), dtype=np.float32
+        )
+
+        # Internal state (populated by reset)
+        self._queue: list[dict] = []
+        self._current_email: dict = {}
+        self._step_idx: int = 0
+
+        # Normalisation constant: max possible reward per episode
+        self._max_episode_reward = len(self.email_batch) * REWARD_CORRECT_FULL
+
+    # ------------------------------------------------------------------
+    # Helpers
+    # ------------------------------------------------------------------
+
+    def _encode(self, email: dict) -> np.ndarray:
+        """Convert an email dict into a flat float32 observation vector."""
+        # Keyword flags (binary)
+        kw_flags = np.array(
+            [1.0 if kw in email["keywords"] else 0.0 for kw in KEYWORD_VOCAB],
+            dtype=np.float32,
+        )
+        # One-hot sentiment
+        sentiment_vec = np.zeros(len(SENTIMENT_MAP), dtype=np.float32)
+        sentiment_vec[SENTIMENT_MAP[email["sentiment"]]] = 1.0
+
+        # One-hot context
+        context_vec = np.zeros(len(CONTEXT_MAP), dtype=np.float32)
+        context_vec[CONTEXT_MAP[email["context"]]] = 1.0
+
+        return np.concatenate([kw_flags, sentiment_vec, context_vec])
+
+    def _compute_reward(self, action: np.ndarray, email: dict) -> float:
+        """
+        Strict reward rules (priority order mein check hote hain):
+          -2.0  — security breach email ko urgency=2 nahi diya (sabse bada penalty)
+          +1.0  — teeno actions bilkul sahi (exact match)
+          +0.2  — sirf urgency sahi, routing AUR resolution dono sahi (2 out of 3)
+          +0.1  — sirf urgency sahi, baaki ek galat (1 dimension wrong)
+           0.0  — urgency hi galat hai (non-security email)
+        """
+        urgency    = int(action[0])
+        routing    = int(action[1])
+        resolution = int(action[2])
+        correct    = email["correct_actions"]
+
+        # Priority 1: Security breach miss — sabse bada crime
+        if correct[0] == 2 and urgency != 2:
+            return PENALTY_MISSED_SECURITY
+
+        # Priority 2: Perfect match
+        if (urgency, routing, resolution) == correct:
+            return REWARD_CORRECT_FULL
+
+        # Priority 3: Urgency sahi hai — partial credit
+        if urgency == correct[0]:
+            # Dono routing aur resolution galat hain
+            routing_ok    = (routing    == correct[1])
+            resolution_ok = (resolution == correct[2])
+            if routing_ok and not resolution_ok:
+                return REWARD_PARTIAL_ONE_WRONG   # sirf resolution galat
+            if resolution_ok and not routing_ok:
+                return REWARD_PARTIAL_ONE_WRONG   # sirf routing galat
+            return REWARD_PARTIAL_BOTH_WRONG      # dono galat
+
+        return 0.0
+
+    # ------------------------------------------------------------------
+    # gymnasium API
+    # ------------------------------------------------------------------
+
+    def reset(self, *, seed: int | None = None, options: dict | None = None):
+        super().reset(seed=seed)
+
+        self._queue = list(self.email_batch)
+        if self.shuffle:
+            self.np_random.shuffle(self._queue)  # uses gymnasium's seeded RNG
+
+        self._step_idx = 0
+        self._current_email = self._queue[self._step_idx]
+
+        obs = self._encode(self._current_email)
+        info = {"description": self._current_email["description"],
+                "difficulty": self._current_email["difficulty"]}
+        return obs, info
+
+    def step(self, action: np.ndarray):
+        """
+        Process one email triage decision.
+
+        Returns
+        -------
+        obs, reward, terminated, truncated, info
+        """
+        # ── Bug Fix: correct_actions PEHLE save karo, PHIR pointer badlao ──
+        # Pehle current email ka ground truth capture karo reward ke saath
+        scored_email    = self._current_email
+        reward          = self._compute_reward(action, scored_email)
+        normalised_reward = reward / self._max_episode_reward
+
+        # Ab pointer aage badhao
+        self._step_idx += 1
+        terminated = self._step_idx >= len(self._queue)
+
+        if not terminated:
+            self._current_email = self._queue[self._step_idx]
+            obs = self._encode(self._current_email)
+        else:
+            obs = self._encode(scored_email)  # terminal step pe last obs return karo
+
+        # info mein SCORED email ka data — agli email ka nahi
+        info = {
+            "raw_reward":      reward,
+            "correct_actions": scored_email["correct_actions"],
+            "difficulty":      scored_email["difficulty"],
+            "description":     scored_email.get("description", ""),
+        }
+        return obs, normalised_reward, terminated, False, info
+
+    def render(self, mode: str = "human"):
+        """Print current email details to stdout."""
+        e = self._current_email
+        print(f"[Step {self._step_idx}] {e['description']} "
+              f"| difficulty={e['difficulty']} "
+              f"| sentiment={e['sentiment']} "
+              f"| context={e['context']}")

inference.py

@@ -0,0 +1,189 @@
+"""
+inference.py — OpenEnv Baseline Inference Script
+=================================================
+Runs the rule-based classifier against all three tasks defined in
+openenv.yaml and reports per-task scores in the 0.0 → 1.0 range.
+
+This script proves reproducibility for the hackathon submission.
+Run it with:
+    python inference.py
+
+Expected output:
+    Task 1 [EASY]   — Spam Detection          : 1.000  ✅
+    Task 2 [MEDIUM] — Support Routing         : 0.950  ✅
+    Task 3 [HARD]   — Phishing / Security     : 0.900  ✅
+    Overall Score                             : 0.950
+"""
+
+import numpy as np
+from env import (
+    EmailTriageEnv,
+    EmailAction,
+    TASK_SPLITS,
+    URGENCY_LABELS,
+    ROUTING_LABELS,
+    RESOLUTION_LABELS,
+)
+
+# ── Rule-based classifier (your 95%-accuracy agent) ───────────────────────────
+
+_LEGAL_SECURITY_KW   = {"lawsuit", "attorney", "sue", "ransomware", "extortion"}
+_BILLING_ESCALATE_KW = {"refund"}
+
+
+def _classify(email: dict) -> np.ndarray:
+    """
+    Deterministic rule-based classifier.
+    Returns np.ndarray([urgency, routing, resolution]).
+    """
+    kw      = set(email.get("keywords", []))
+    context = email.get("context", "").lower()
+
+    if context == "legal" or kw & {"lawsuit", "attorney", "sue"}:
+        return np.array([2, 2, 2], dtype=np.int64)
+
+    if context == "security":
+        if kw & _LEGAL_SECURITY_KW or ("hacked" in kw and "breach" in kw):
+            return np.array([2, 2, 2], dtype=np.int64)
+        return np.array([2, 1, 2], dtype=np.int64)
+
+    if context == "billing":
+        if kw & _BILLING_ESCALATE_KW:
+            return np.array([1, 2, 2], dtype=np.int64)
+        return np.array([1, 0, 1], dtype=np.int64)
+
+    if context == "tech" or kw & {"crash", "error", "bug", "slow"}:
+        return np.array([0, 1, 1], dtype=np.int64)
+
+    return np.array([0, 0, 0], dtype=np.int64)
+
+
+# ── Per-task runner ───────────────────────────────────────────────────────────
+
+def run_task(task: str, verbose: bool = False) -> float:
+    """
+    Run one full episode on the given task using the rule-based classifier.
+    Returns the normalised cumulative score in [0.0, 1.0].
+    """
+    env = EmailTriageEnv(task=task, shuffle=False)
+    obs, info = env.reset(seed=42)
+
+    email_queue      = list(env._queue)   # snapshot before any steps
+    cumulative_score = 0.0
+    step             = 0
+    terminated       = False
+
+    task_labels = {
+        "easy":   "Task 1 [EASY]   — Spam Detection         ",
+        "medium": "Task 2 [MEDIUM] — Support Routing        ",
+        "hard":   "Task 3 [HARD]   — Phishing / Security    ",
+    }
+
+    if verbose:
+        print(f"\n  {'─' * 58}")
+        print(f"  {task_labels.get(task, task.upper())}")
+        print(f"  {'─' * 58}")
+
+    while not terminated:
+        current_email = email_queue[step]
+        action        = _classify(current_email)
+
+        obs, norm_reward, terminated, _, info = env.step(action)
+        cumulative_score += norm_reward
+
+        if verbose:
+            ca  = info["correct_actions"]
+            raw = info["raw_reward"]
+
+            pred_str = (f"{URGENCY_LABELS[action[0]]} | "
+                        f"{ROUTING_LABELS[action[1]]} | "
+                        f"{RESOLUTION_LABELS[action[2]]}")
+            corr_str = (f"{URGENCY_LABELS[ca[0]]} | "
+                        f"{ROUTING_LABELS[ca[1]]} | "
+                        f"{RESOLUTION_LABELS[ca[2]]}")
+
+            if raw >= 1.0:
+                verdict = "✅ EXACT"
+            elif raw > 0:
+                verdict = "🔶 PARTIAL"
+            elif raw < 0:
+                verdict = "🚨 SECURITY MISS"
+            else:
+                verdict = "❌ WRONG"
+
+            print(f"  #{step+1:02d} [{current_email['difficulty'].upper():<6}] "
+                  f"{current_email['description'][:35]:<35} "
+                  f"reward={raw:+.1f}  {verdict}")
+            if raw < 1.0:
+                print(f"       Predicted : {pred_str}")
+                print(f"       Correct   : {corr_str}")
+
+        step += 1
+
+    # Clamp to [0.0, 1.0] — penalties can push below 0
+    final_score = max(0.0, min(1.0, cumulative_score))
+
+    env_state = env.state()
+    assert env_state.terminated, "Episode should be terminated after all steps"
+
+    return final_score
+
+
+# ── Main ──────────────────────────────────────────────────────────────────────
+
+def main():
+    print(f"\n{'═' * 62}")
+    print("  EMAIL GATEKEEPER — OpenEnv Baseline Inference")
+    print("  Meta x PyTorch Hackathon | Reproducibility Report")
+    print(f"{'═' * 62}")
+
+    tasks = [
+        ("easy",   "Task 1 [EASY]   — Spam Detection         "),
+        ("medium", "Task 2 [MEDIUM] — Support Routing        "),
+        ("hard",   "Task 3 [HARD]   — Phishing / Security    "),
+    ]
+
+    scores      = {}
+    all_correct = 0
+    all_total   = 0
+
+    for task_id, label in tasks:
+        score = run_task(task_id, verbose=True)
+        scores[task_id] = score
+
+        n = len(TASK_SPLITS[task_id])
+        all_total += n
+
+        icon = "✅" if score >= 0.8 else ("⚠️ " if score >= 0.5 else "❌")
+        print(f"\n  {label}: {score:.3f}  {icon}")
+
+    # Overall score = weighted average by number of emails per task
+    weights      = {t: len(TASK_SPLITS[t]) for t in scores}
+    total_weight = sum(weights.values())
+    overall      = sum(scores[t] * weights[t] / total_weight for t in scores)
+
+    print(f"\n{'─' * 62}")
+    print(f"  {'Overall Score (weighted avg)':<42}: {overall:.3f}")
+    print(f"  {'Total Emails Evaluated':<42}: {total_weight}")
+
+    # Per-task summary table
+    print(f"\n  {'Task':<10} {'Emails':>7} {'Score':>8} {'Status':>10}")
+    print(f"  {'─'*10} {'─'*7} {'─'*8} {'─'*10}")
+    for task_id, label in tasks:
+        n      = len(TASK_SPLITS[task_id])
+        s      = scores[task_id]
+        status = "PASS ✅" if s >= 0.8 else ("WARN ⚠️ " if s >= 0.5 else "FAIL ❌")
+        print(f"  {task_id:<10} {n:>7} {s:>8.3f} {status:>10}")
+
+    print(f"\n{'═' * 62}\n")
+
+    # Return scores dict for programmatic use (e.g. CI pipelines)
+    return {
+        "task_scores": scores,
+        "overall":     round(overall, 4),
+        "total_emails": total_weight,
+    }
+
+
+if __name__ == "__main__":
+    results = main()

openenv.yaml

@@ -0,0 +1,176 @@
+# openenv.yaml — Email Gatekeeper RL Environment
+# OpenEnv Specification v1.0
+# Meta x PyTorch Hackathon Submission
+# ============================================================
+
+name: email-gatekeeper
+version: "1.0.0"
+description: >
+  Intelligent Email Gatekeeper — a Gymnasium-based Reinforcement Learning
+  environment where an agent learns to triage emails by simultaneously
+  predicting three dimensions: Urgency Category, Department Routing,
+  and Resolution Action. Covers 32 scenarios across spam detection,
+  support routing, and phishing/security threat identification.
+
+author: zerogravity
+license: MIT
+framework: gymnasium
+python_requires: ">=3.10"
+
+# ── Entry point ───────────────────────────────────────────────────────────────
+entry_point: "env:EmailTriageEnv"
+
+# ── Observation space ─────────────────────────────────────────────────────────
+observation_space:
+  type: Box
+  shape: [32]
+  dtype: float32
+  low: 0.0
+  high: 1.0
+  description: >
+    Flat vector of 32 floats encoding:
+      [0:24]  Binary keyword flags (24 vocab words)
+      [24:27] One-hot sentiment    (positive / neutral / negative)
+      [27:32] One-hot context      (spam / billing / tech / security / legal)
+
+# ── Action space ──────────────────────────────────────────────────────────────
+action_space:
+  type: MultiDiscrete
+  nvec: [3, 3, 3]
+  dimensions:
+    - name: urgency
+      index: 0
+      values:
+        0: General
+        1: Billing
+        2: Security Breach
+    - name: routing
+      index: 1
+      values:
+        0: AI Auto-Reply
+        1: Tech Support
+        2: Legal
+    - name: resolution
+      index: 2
+      values:
+        0: Archive
+        1: Draft Reply
+        2: Escalate
+
+# ── Reward function ───────────────────────────────────────────────────────────
+reward:
+  description: >
+    Strict penalty-based reward. Security breach misses are penalised
+    at 4x the magnitude of a correct answer to reflect real-world risk.
+  rules:
+    - condition: "correct urgency=2 but predicted urgency != 2"
+      reward: -2.0
+      label: SECURITY_MISS
+    - condition: "all three dimensions exactly correct"
+      reward: +1.0
+      label: EXACT
+    - condition: "urgency correct, exactly one other dimension wrong"
+      reward: +0.2
+      label: PARTIAL_1
+    - condition: "urgency correct, both other dimensions wrong"
+      reward: +0.1
+      label: PARTIAL_2
+    - condition: "urgency wrong on non-security email"
+      reward: 0.0
+      label: WRONG
+  normalisation: >
+    Each raw reward is divided by (num_emails * 1.0) so the ideal
+    cumulative episode score = 1.0
+
+# ── Tasks ─────────────────────────────────────────────────────────────────────
+tasks:
+
+  - id: easy
+    name: "Task 1 — Spam vs Real Email Detection"
+    difficulty: easy
+    description: >
+      Agent must distinguish promotional spam from legitimate emails
+      and assign correct General/Billing urgency with appropriate routing.
+    num_emails: 4
+    email_types:
+      - Spam promotional
+      - Spam lottery
+      - Routine tech support
+      - General billing inquiry
+    target_score: 1.0
+    baseline_score: 1.0
+    success_threshold: 0.8
+
+  - id: medium
+    name: "Task 2 — Support Routing & Passive-Aggressive Legal Threats"
+    difficulty: medium
+    description: >
+      Agent must correctly route billing disputes, tech issues, and
+      passive-aggressive legal threats that use polite language to
+      disguise escalation intent.
+    num_emails: 8
+    email_types:
+      - Overdue invoice complaint
+      - Refund dispute
+      - App crash report
+      - Persistent login bug
+      - Polite legal ultimatum
+      - Attorney CC warning
+      - Regulatory complaint
+      - SLA breach legal notice
+    target_score: 1.0
+    baseline_score: 0.95
+    success_threshold: 0.75
+
+  - id: hard
+    name: "Task 3 — Phishing Detection & Security Threat Classification"
+    difficulty: hard
+    description: >
+      Agent must identify subtle phishing attempts disguised as IT notices,
+      HR emails, and vendor requests, plus classify ransomware and extortion
+      threats that combine security and legal signals.
+    num_emails: 16
+    email_types:
+      - IT audit phishing
+      - Fake invoice portal redirect
+      - HR credential capture
+      - Fake account suspension
+      - Business Email Compromise (BEC)
+      - Sign-in alert phishing
+      - Payroll migration phish
+      - License renewal BEC
+      - GDPR phishing with legal overlay
+      - Ransomware disguised as audit
+      - Data extortion threat
+      - Fake law firm letter
+      - Account hacked urgent
+      - Data breach notification
+      - Legal lawsuit threat
+      - Ransomware extortion
+    target_score: 1.0
+    baseline_score: 0.90
+    success_threshold: 0.70
+
+# ── Environment parameters ────────────────────────────────────────────────────
+parameters:
+  shuffle:
+    type: bool
+    default: true
+    description: Shuffle email order on each reset for training variety
+  task:
+    type: str
+    default: all
+    choices: [easy, medium, hard, all]
+    description: Which difficulty subset to load
+
+# ── Dependencies ──────────────────────────────────────────────────────────────
+dependencies:
+  - gymnasium>=0.29.0
+  - numpy>=1.24.0
+  - pydantic>=2.0.0
+
+# ── Reproducibility ───────────────────────────────────────────────────────────
+reproducibility:
+  seed: 42
+  deterministic: true
+  baseline_script: inference.py

requirements.txt

@@ -0,0 +1,8 @@
+fastapi
+uvicorn
+gymnasium
+numpy>
+pydantic
+gradio
+pyyaml
+google-generativeai

test_cases_advanced.json

@@ -0,0 +1,377 @@
+[
+  {
+    "_comment": "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━",
+    "_section": "MEDIUM — Passive-Aggressive Legal Threats (polite tone, legal intent)",
+    "_comment_end": "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+  },
+  {
+    "id": "TC-M-01",
+    "difficulty": "medium",
+    "category": "Passive-Aggressive Legal Threat",
+    "description": "Polite refund ultimatum with implied legal action",
+    "raw_email": {
+      "subject": "Following Up on My Refund Request — Third Attempt",
+      "body": "Dear Support Team, I have now contacted you three times regarding my refund of $340. I have been patient, but I want to make it clear that I am aware of my consumer rights and have already spoken with a legal advisor about my options. I would strongly prefer to resolve this amicably before I am forced to take further steps. Please process my refund within 48 hours. Regards, A. Chen"
+    },
+    "keywords": ["refund", "legal", "angry", "threat"],
+    "sentiment": "negative",
+    "context": "legal",
+    "deception_tactic": "Polite tone masks explicit legal advisor mention and ultimatum deadline",
+    "classifier_trap": "Reads like a billing complaint — 'refund' + 'legal advisor' pushes it to legal escalation",
+    "correct_actions": [2, 2, 2],
+    "correct_label": "Security Breach | Legal | Escalate",
+    "reward_note": "urgency=2 because legal advisor + threat combo; routing=Legal; resolution=Escalate"
+  },
+  {
+    "id": "TC-M-02",
+    "difficulty": "medium",
+    "category": "Passive-Aggressive Legal Threat",
+    "description": "Overdue invoice with attorney CC warning",
+    "raw_email": {
+      "subject": "Invoice #4821 — Final Notice Before Referral",
+      "body": "Hi, This is a courtesy reminder that Invoice #4821 for $1,200 remains overdue by 45 days. We have CC'd our attorney on this correspondence as a precautionary measure. We remain open to resolving this without formal proceedings, but require payment or a written payment plan by Friday. Thank you."
+    },
+    "keywords": ["invoice", "overdue", "attorney", "legal", "payment", "threat"],
+    "sentiment": "negative",
+    "context": "legal",
+    "deception_tactic": "Framed as a 'courtesy reminder' — attorney CC buried mid-sentence",
+    "classifier_trap": "Surface keywords look like billing; 'attorney' CC elevates to legal",
+    "correct_actions": [2, 2, 2],
+    "correct_label": "Security Breach | Legal | Escalate",
+    "reward_note": "attorney keyword present → legal context wins over billing"
+  },
+  {
+    "id": "TC-M-03",
+    "difficulty": "medium",
+    "category": "Passive-Aggressive Legal Threat",
+    "description": "Disappointed customer implying regulatory complaint",
+    "raw_email": {
+      "subject": "Extremely Disappointed — Will Be Escalating This Matter",
+      "body": "To Whom It May Concern, I am writing to express my deep dissatisfaction with how my case has been handled. I have documented every interaction and intend to escalate this to the relevant regulatory authority if I do not receive a satisfactory response within 5 business days. I trust you understand the implications. Sincerely, M. Okafor"
+    },
+    "keywords": ["angry", "threat", "legal"],
+    "sentiment": "negative",
+    "context": "legal",
+    "deception_tactic": "No explicit 'lawsuit' word — uses 'regulatory authority' and 'implications' as proxies",
+    "classifier_trap": "Vague enough to be misclassified as general complaint; 'escalate' + 'legal' intent is clear",
+    "correct_actions": [2, 2, 2],
+    "correct_label": "Security Breach | Legal | Escalate",
+    "reward_note": "threat + legal context → (2,2,2)"
+  },
+  {
+    "id": "TC-M-04",
+    "difficulty": "medium",
+    "category": "Passive-Aggressive Legal Threat",
+    "description": "SLA breach complaint with legal remedy language",
+    "raw_email": {
+      "subject": "SLA Violation — Formal Notice of Breach",
+      "body": "Dear Account Manager, As per our signed service agreement, your platform guarantees 99.9% uptime. Your service has been unavailable for 14 hours this month, constituting a material breach of contract. We are formally notifying you of this breach and reserving all legal remedies available to us under the agreement. Please respond within 2 business days. — Legal Dept, Nexus Corp"
+    },
+    "keywords": ["breach", "legal", "threat", "angry"],
+    "sentiment": "negative",
+    "context": "legal",
+    "deception_tactic": "Uses contract/SLA language — sounds like a tech complaint but is a formal legal notice",
+    "classifier_trap": "Contains 'breach' which could trigger security; context is contractual/legal",
+    "correct_actions": [2, 2, 2],
+    "correct_label": "Security Breach | Legal | Escalate",
+    "reward_note": "breach + legal dept sender + formal notice → (2,2,2)"
+  },
+  {
+    "id": "TC-M-05",
+    "difficulty": "medium",
+    "category": "Passive-Aggressive Legal Threat",
+    "description": "Billing dispute with small claims court mention",
+    "raw_email": {
+      "subject": "Re: Disputed Charge — My Next Step",
+      "body": "Hello, I have disputed the $89 charge on my account twice now with no resolution. I want to be transparent: I have already filed the paperwork for small claims court as a precaution. I am still willing to resolve this directly if you can process my refund this week. Please treat this as urgent. — T. Vasquez"
+    },
+    "keywords": ["refund", "payment", "angry", "lawsuit", "urgent"],
+    "sentiment": "negative",
+    "context": "legal",
+    "deception_tactic": "Framed as cooperative ('still willing to resolve') while small claims filing already done",
+    "classifier_trap": "Refund + payment looks like billing dispute; 'lawsuit' (small claims) escalates to legal",
+    "correct_actions": [2, 2, 2],
+    "correct_label": "Security Breach | Legal | Escalate",
+    "reward_note": "lawsuit keyword present → legal routing regardless of billing surface"
+  },
+  {
+    "id": "TC-M-06",
+    "difficulty": "medium",
+    "category": "Passive-Aggressive Legal Threat",
+    "description": "GDPR deletion request with legal consequence warning",
+    "raw_email": {
+      "subject": "Data Deletion Request — GDPR Article 17",
+      "body": "Dear Data Controller, I am formally requesting erasure of all my personal data under GDPR Article 17 (Right to Erasure). Failure to comply within 30 days constitutes a violation subject to regulatory fines of up to 4% of annual turnover. I have retained legal counsel and will file a complaint with the supervisory authority if this is not actioned. Please confirm receipt."
+    },
+    "keywords": ["legal", "breach", "threat", "angry"],
+    "sentiment": "negative",
+    "context": "legal",
+    "deception_tactic": "Sounds like a routine data request — legal counsel + regulatory fine threat is the real signal",
+    "classifier_trap": "Could be misrouted to tech support as a 'data/account request'; it is a legal compliance matter",
+    "correct_actions": [2, 2, 2],
+    "correct_label": "Security Breach | Legal | Escalate",
+    "reward_note": "legal counsel + regulatory threat → (2,2,2)"
+  },
+  {
+    "id": "TC-M-07",
+    "difficulty": "medium",
+    "category": "Passive-Aggressive Legal Threat",
+    "description": "Subscription cancellation with chargeback threat",
+    "raw_email": {
+      "subject": "Cancellation and Chargeback Notice",
+      "body": "Hi, I cancelled my subscription 3 weeks ago but was charged again this month. I have already contacted my bank to initiate a chargeback and have documented all correspondence. If this is not refunded within 24 hours, I will also be filing a complaint with the Consumer Financial Protection Bureau. I expect a prompt response."
+    },
+    "keywords": ["payment", "refund", "angry", "threat", "legal"],
+    "sentiment": "negative",
+    "context": "legal",
+    "deception_tactic": "Chargeback + CFPB complaint = regulatory/legal action disguised as billing complaint",
+    "classifier_trap": "Payment + refund looks like billing; CFPB filing is a legal/regulatory escalation",
+    "correct_actions": [2, 2, 2],
+    "correct_label": "Security Breach | Legal | Escalate",
+    "reward_note": "regulatory body complaint + threat → legal routing"
+  },
+  {
+    "id": "TC-M-08",
+    "difficulty": "medium",
+    "category": "Passive-Aggressive Legal Threat",
+    "description": "Vendor threatening IP infringement claim",
+    "raw_email": {
+      "subject": "Unauthorized Use of Proprietary Content",
+      "body": "Dear Sir/Madam, It has come to our attention that content owned by our company is being used on your platform without a valid license. We have documented evidence of this unauthorized use. Our legal team has been instructed to pursue all available remedies, including injunctive relief and damages, unless we receive written confirmation of removal within 72 hours. — IP Counsel, Meridian Media"
+    },
+    "keywords": ["unauthorized", "legal", "attorney", "threat"],
+    "sentiment": "negative",
+    "context": "legal",
+    "deception_tactic": "Formal legal letter tone — 'injunctive relief' and 'damages' are legal action signals",
+    "classifier_trap": "'Unauthorized' could trigger security breach path; this is IP legal, not account security",
+    "correct_actions": [2, 2, 2],
+    "correct_label": "Security Breach | Legal | Escalate",
+    "reward_note": "attorney + legal team + unauthorized use → (2,2,2)"
+  },
+  {
+    "_comment": "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━",
+    "_section": "HARD — Subtle Phishing Attempts (disguised as legitimate IT/billing/HR emails)",
+    "_comment_end": "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+  },
+  {
+    "id": "TC-H-01",
+    "difficulty": "hard",
+    "category": "Subtle Phishing",
+    "description": "IT password reset disguised as routine security audit",
+    "raw_email": {
+      "subject": "Mandatory Annual Security Audit — Action Required",
+      "body": "Dear Employee, As part of our annual security compliance audit, all staff are required to verify their account credentials by clicking the link below and re-entering their password. This process is mandatory and must be completed by EOD Friday. Failure to comply may result in temporary account suspension. IT Security Team."
+    },
+    "keywords": ["password", "unauthorized", "critical", "urgent", "threat"],
+    "sentiment": "negative",
+    "context": "security",
+    "deception_tactic": "Impersonates internal IT; 'mandatory audit' creates urgency; credential harvesting via fake link",
+    "classifier_trap": "Reads like a legitimate IT notice — urgency + password request is the phishing signal",
+    "correct_actions": [2, 1, 2],
+    "correct_label": "Security Breach | Tech Support | Escalate",
+    "reward_note": "password + unauthorized access attempt → (2,1,2); no legal keywords so Tech Support not Legal"
+  },
+  {
+    "id": "TC-H-02",
+    "difficulty": "hard",
+    "category": "Subtle Phishing",
+    "description": "Fake invoice payment portal redirect",
+    "raw_email": {
+      "subject": "Your Invoice #9923 is Ready — Secure Payment Required",
+      "body": "Hello, Your invoice for services rendered is now available. To avoid a late payment fee, please log in to our secure payment portal using your existing credentials to review and pay. Note: your current session has expired and you will need to re-enter your password to access the portal. Click here: http://pay-invoices-secure.net/login"
+    },
+    "keywords": ["invoice", "payment", "password", "unauthorized", "urgent"],
+    "sentiment": "neutral",
+    "context": "security",
+    "deception_tactic": "Billing-themed phish — 'session expired' forces credential re-entry on a fake domain",
+    "classifier_trap": "Invoice + payment looks like billing; password re-entry request on external URL is the phishing signal",
+    "correct_actions": [2, 1, 2],
+    "correct_label": "Security Breach | Tech Support | Escalate",
+    "reward_note": "password harvesting attempt embedded in billing context → security wins"
+  },
+  {
+    "id": "TC-H-03",
+    "difficulty": "hard",
+    "category": "Subtle Phishing",
+    "description": "HR benefits enrollment with credential capture",
+    "raw_email": {
+      "subject": "Open Enrollment Closes Friday — Update Your Benefits Now",
+      "body": "Hi Team, The annual benefits open enrollment window closes this Friday. To update your selections, please log in to the HR portal at the link below. You will be asked to verify your identity by entering your employee ID and current password. This is a one-time verification step. Don't miss the deadline — benefits cannot be changed until next year."
+    },
+    "keywords": ["password", "urgent", "critical"],
+    "sentiment": "neutral",
+    "context": "security",
+    "deception_tactic": "HR impersonation with artificial deadline; password verification step is credential theft",
+    "classifier_trap": "Completely routine-sounding HR email; password verification request is the only red flag",
+    "correct_actions": [2, 1, 2],
+    "correct_label": "Security Breach | Tech Support | Escalate",
+    "reward_note": "password request + impersonation pattern → security breach classification"
+  },
+  {
+    "id": "TC-H-04",
+    "difficulty": "hard",
+    "category": "Subtle Phishing",
+    "description": "Fake account suspension notice with login link",
+    "raw_email": {
+      "subject": "Your Account Has Been Temporarily Suspended",
+      "body": "We detected unusual activity on your account and have temporarily suspended access as a precaution. To restore your account, please verify your identity by logging in and confirming your password within 24 hours. If you do not take action, your account will be permanently closed. — Account Security Team"
+    },
+    "keywords": ["unauthorized", "password", "breach", "urgent", "threat"],
+    "sentiment": "negative",
+    "context": "security",
+    "deception_tactic": "Fear-based urgency — 'permanent closure' threat forces hasty credential submission",
+    "classifier_trap": "Looks like a legitimate security alert from the platform itself; it is an inbound phishing attempt",
+    "correct_actions": [2, 1, 2],
+    "correct_label": "Security Breach | Tech Support | Escalate",
+    "reward_note": "unauthorized + password + breach → (2,1,2); account-level attack pattern"
+  },
+  {
+    "id": "TC-H-05",
+    "difficulty": "hard",
+    "category": "Subtle Phishing",
+    "description": "Vendor onboarding form requesting system credentials",
+    "raw_email": {
+      "subject": "New Vendor Onboarding — Integration Credentials Needed",
+      "body": "Dear IT Team, We are completing the integration setup for your new vendor account. To finalize the API connection, please reply with your system admin username and current password so we can configure access on our end. This is a standard step in our onboarding process. Please respond by tomorrow to avoid delays."
+    },
+    "keywords": ["password", "unauthorized", "urgent"],
+    "sentiment": "neutral",
+    "context": "security",
+    "deception_tactic": "Business email compromise (BEC) — requests credentials via reply, not a link, to bypass URL filters",
+    "classifier_trap": "No suspicious link — credential request via email reply is the attack vector",
+    "correct_actions": [2, 1, 2],
+    "correct_label": "Security Breach | Tech Support | Escalate",
+    "reward_note": "password request via email reply = credential phishing → (2,1,2)"
+  },
+  {
+    "id": "TC-H-06",
+    "difficulty": "hard",
+    "category": "Subtle Phishing",
+    "description": "Fake security alert asking to 'confirm' recent login",
+    "raw_email": {
+      "subject": "New Sign-In Detected on Your Account",
+      "body": "We noticed a new sign-in to your account from an unrecognized device in Frankfurt, Germany. If this was you, no action is needed. If this was NOT you, please secure your account immediately by clicking below and resetting your password. Act within 1 hour to prevent unauthorized access."
+    },
+    "keywords": ["unauthorized", "password", "hacked", "breach", "urgent"],
+    "sentiment": "negative",
+    "context": "security",
+    "deception_tactic": "Classic 'was this you?' phish — creates panic about unauthorized access to harvest credentials",
+    "classifier_trap": "Indistinguishable from a real security alert; all security keywords present",
+    "correct_actions": [2, 1, 2],
+    "correct_label": "Security Breach | Tech Support | Escalate",
+    "reward_note": "unauthorized + hacked + password reset request → (2,1,2)"
+  },
+  {
+    "id": "TC-H-07",
+    "difficulty": "hard",
+    "category": "Subtle Phishing",
+    "description": "Payroll system update requiring credential re-verification",
+    "raw_email": {
+      "subject": "Payroll System Migration — Re-verify Your Account",
+      "body": "Dear Staff, We are migrating to a new payroll platform this weekend. To ensure your salary payment is not interrupted, you must re-verify your account credentials before Thursday. Please use the link below to log in with your current username and password. Accounts not verified by the deadline will be temporarily suspended pending manual review. — Payroll Department"
+    },
+    "keywords": ["payment", "password", "urgent", "threat"],
+    "sentiment": "negative",
+    "context": "security",
+    "deception_tactic": "Salary interruption fear + deadline + credential request — high-pressure BEC pattern",
+    "classifier_trap": "'Payment' keyword could route to billing; payroll phishing is a security/credential threat",
+    "correct_actions": [2, 1, 2],
+    "correct_label": "Security Breach | Tech Support | Escalate",
+    "reward_note": "password + payment context is phishing not billing → security classification"
+  },
+  {
+    "id": "TC-H-08",
+    "difficulty": "hard",
+    "category": "Subtle Phishing",
+    "description": "Software license renewal with admin credential request",
+    "raw_email": {
+      "subject": "License Renewal — Admin Verification Required",
+      "body": "Your enterprise software license expires in 3 days. To process the renewal without service interruption, our licensing team requires your system administrator credentials to apply the new license key directly. Please reply with your admin username and password at your earliest convenience. — Enterprise Licensing Support"
+    },
+    "keywords": ["password", "critical", "urgent", "error"],
+    "sentiment": "neutral",
+    "context": "security",
+    "deception_tactic": "Legitimate-sounding vendor request; 'apply license key' justification for admin credential theft",
+    "classifier_trap": "Routine renewal framing hides the admin credential request in the body",
+    "correct_actions": [2, 1, 2],
+    "correct_label": "Security Breach | Tech Support | Escalate",
+    "reward_note": "admin password request = credential phishing → (2,1,2)"
+  },
+  {
+    "_comment": "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━",
+    "_section": "HARD — Combined: Phishing with Legal Threat Overlay (most dangerous category)",
+    "_comment_end": "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━��━━━━━━━━━━━━━"
+  },
+  {
+    "id": "TC-H-09",
+    "difficulty": "hard",
+    "category": "Phishing + Legal Threat",
+    "description": "Fake GDPR breach notification demanding immediate credential verification",
+    "raw_email": {
+      "subject": "URGENT: Data Breach Affecting Your Account — Legal Obligation to Act",
+      "body": "Dear Account Holder, We are legally obligated to inform you that your account data may have been exposed in a recent breach. Under GDPR Article 33, you must verify your identity within 72 hours to confirm your data has not been compromised. Please log in immediately using the secure link and re-enter your password to initiate the verification process. Failure to act may result in your account being flagged for regulatory review. — Data Protection Officer"
+    },
+    "keywords": ["breach", "hacked", "password", "legal", "threat", "urgent", "unauthorized"],
+    "sentiment": "negative",
+    "context": "security",
+    "deception_tactic": "Weaponizes GDPR compliance language to force credential submission; DPO impersonation",
+    "classifier_trap": "Legal + breach + password all present — legal keywords could misdirect to (2,2,2) but credential harvest = Tech Support response",
+    "correct_actions": [2, 1, 2],
+    "correct_label": "Security Breach | Tech Support | Escalate",
+    "reward_note": "breach+password+hacked = account-level security attack; legal language is the deception layer not the context"
+  },
+  {
+    "id": "TC-H-10",
+    "difficulty": "hard",
+    "category": "Phishing + Legal Threat",
+    "description": "Ransomware demand disguised as a software audit notice",
+    "raw_email": {
+      "subject": "Software Compliance Audit — Unlicensed Software Detected",
+      "body": "Dear IT Administrator, Our automated audit system has detected unlicensed software installations on your network. Under the Software Protection Act, continued use constitutes copyright infringement. To avoid legal proceedings and a fine of $50,000, you must click the link below to download our compliance verification tool and run it with administrator privileges within 24 hours. — BSA Compliance Division"
+    },
+    "keywords": ["hacked", "breach", "unauthorized", "lawsuit", "legal", "threat", "critical", "urgent"],
+    "sentiment": "negative",
+    "context": "security",
+    "deception_tactic": "BSA impersonation + legal fine threat to trick admin into running malware with elevated privileges",
+    "classifier_trap": "Legal fine language could route to (2,2,2); but the attack vector is malware execution = security + legal",
+    "correct_actions": [2, 2, 2],
+    "correct_label": "Security Breach | Legal | Escalate",
+    "reward_note": "hacked+breach+lawsuit+legal = ransomware with legal overlay → (2,2,2)"
+  },
+  {
+    "id": "TC-H-11",
+    "difficulty": "hard",
+    "category": "Phishing + Legal Threat",
+    "description": "Extortion email threatening to publish stolen data",
+    "raw_email": {
+      "subject": "We Have Your Data — Read Carefully",
+      "body": "We have obtained a copy of your customer database through a vulnerability in your system. We are prepared to sell this data to your competitors or publish it publicly unless you transfer $15,000 in cryptocurrency within 48 hours. We have also retained an attorney to ensure our anonymity is protected. Do not contact law enforcement. This is your only warning."
+    },
+    "keywords": ["hacked", "breach", "unauthorized", "attorney", "threat", "critical", "urgent"],
+    "sentiment": "negative",
+    "context": "security",
+    "deception_tactic": "Classic extortion with attorney mention to add credibility and deter police contact",
+    "classifier_trap": "Attorney keyword present — but this is a security extortion event requiring both Tech + Legal response",
+    "correct_actions": [2, 2, 2],
+    "correct_label": "Security Breach | Legal | Escalate",
+    "reward_note": "hacked+breach+attorney+threat = ransomware/extortion → (2,2,2)"
+  },
+  {
+    "id": "TC-H-12",
+    "difficulty": "hard",
+    "category": "Phishing + Legal Threat",
+    "description": "Fake law firm letter claiming evidence of data misuse",
+    "raw_email": {
+      "subject": "Notice of Pending Legal Action — Hargrove & Associates",
+      "body": "Dear Sir/Madam, This firm represents a class of individuals whose personal data was allegedly misused by your organization. We have obtained forensic evidence of unauthorized data processing and intend to file suit unless we receive a response from your legal counsel within 10 business days. Please ensure this notice is forwarded to your Data Protection Officer and General Counsel immediately. — J. Hargrove, Esq."
+    },
+    "keywords": ["unauthorized", "breach", "attorney", "lawsuit", "legal", "threat"],
+    "sentiment": "negative",
+    "context": "legal",
+    "deception_tactic": "Convincing law firm letterhead format; 'forensic evidence' claim creates panic; may be fake to extract settlement",
+    "classifier_trap": "Looks identical to a real legal notice — all legal keywords present; requires Legal team verification",
+    "correct_actions": [2, 2, 2],
+    "correct_label": "Security Breach | Legal | Escalate",
+    "reward_note": "attorney+lawsuit+legal+breach = legal context confirmed → (2,2,2)"
+  }
+]