backend/core/fusion.py

WEIGHTS = {
    "phishing":  0.45,
    "url":       0.35,
    "injection": 0.20,
}

SEVERITY_BANDS = [
    (0.90, "CRITICAL"),
    (0.70, "HIGH"),
    (0.40, "MEDIUM"),
    (0.0,  "LOW"),
]

SEVERITY_DESCRIPTIONS = {
    "CRITICAL": "Confirmed or near-certain attack. Do not interact with this content.",
    "HIGH":     "Strong indicators of malicious intent. Exercise extreme caution.",
    "MEDIUM":   "Suspicious patterns detected. Verify before taking any action.",
    "LOW":      "Minor anomalies noted. Likely safe but worth being aware of.",
}


def fuse(phishing: float, url: float, injection: float) -> dict:
    ph  = max(0.0, min(1.0, float(phishing)))
    ur  = max(0.0, min(1.0, float(url)))
    inj = max(0.0, min(1.0, float(injection)))

    raw = (ph  * WEIGHTS["phishing"] +
           ur  * WEIGHTS["url"] +
           inj * WEIGHTS["injection"])

    # Threshold 0.45 — catches borderline URL scores like 0.46-0.49
    active_vectors = sum(1 for s in [ph, ur, inj] if s > 0.45)

    if active_vectors >= 3:
        bonus        = 0.18
        bonus_reason = "All 3 engines triggered — coordinated multi-vector attack"
    elif active_vectors == 2:
        bonus        = 0.09
        bonus_reason = "2 engines triggered — corroborated attack"
    else:
        bonus        = 0.0
        bonus_reason = None

    final    = min(raw + bonus, 1.0)
    severity = next(s for threshold, s in SEVERITY_BANDS if final >= threshold)

    breakdown = {
        "phishing": {
            "raw_score": round(ph * 100, 1),
            "weighted":  round(ph * WEIGHTS["phishing"] * 100, 1),
            "weight":    WEIGHTS["phishing"],
            "fired":     ph > 0.45
        },
        "url": {
            "raw_score": round(ur * 100, 1),
            "weighted":  round(ur * WEIGHTS["url"] * 100, 1),
            "weight":    WEIGHTS["url"],
            "fired":     ur > 0.45
        },
        "injection": {
            "raw_score": round(inj * 100, 1),
            "weighted":  round(inj * WEIGHTS["injection"] * 100, 1),
            "weight":    WEIGHTS["injection"],
            "fired":     inj > 0.45
        },
    }

    return {
        "final_score":          round(final * 100, 1),
        "raw_score":            round(raw * 100, 1),
        "severity":             severity,
        "severity_description": SEVERITY_DESCRIPTIONS[severity],
        "active_vectors":       active_vectors,
        "bonus_applied":        bonus > 0,
        "bonus_points":         round(bonus * 100, 1),
        "bonus_reason":         bonus_reason,
        "individual": {
            "phishing":  round(ph * 100, 1),
            "url":       round(ur * 100, 1),
            "injection": round(inj * 100, 1),
        },
        "breakdown": breakdown,
        "weights":   WEIGHTS,
    }