Resolve merge conflicts with main

[Copilot]

Bug Fix

What was the bug?

The branch conflicted with latest main, blocking clean integration.

How did you fix it?

• README conflict resolution

  • Merged the /reflect fallback documentation with main’s engine CLI guidance.
  • Preserved the direction to keep engine CLIs out of the detector image while documenting /reflect structured detection fallback behavior.

• Main branch updates

  • Brought in current workflow, script, and specification updates from main.

Testing

Validated the resolved merge with the existing repository checks.

[Copilot]

Pull request overview

This PR adds a two-phase threat-detection flow to threat-detect, using a fast structured-output triage via api-proxy /reflect before falling back to the existing full detector when triage is suspicious or inconclusive. It also formalizes a strict structured result contract (schema + validation) and extends engine support to dynamically select /reflect models based on advertised structured-output capabilities.

Changes:

• Introduces Phase 1 triage prompt construction with bounded artifact inlining, plus a strict structured result schema/parser.
• Adds a /reflect client with model discovery/capability selection and provider-specific structured-output request shaping.
• Updates CLI flags/env vars plus docs/spec to describe two-phase fail-safe behavior and structured-output requirements.

Show a summary per file

File	Description
specs/threat-detection-spec.md	Documents two-phase default behavior, fail-safe semantics, and structured-output requirements.
README.md	Adds CLI flags/env vars for triage + /reflect, and explains default two-phase flow.
pkg/engine/reflect.go	Implements /reflect HTTP client: model discovery, request shaping, structured parsing, retries.
pkg/engine/reflect_test.go	Adds tests for model selection, request shapes, parsing/retry behavior.
pkg/engine/engine.go	Adds DefaultReflectURL constant for local /reflect.
pkg/engine/capabilities.go	Adds capability parsing + structured-mode selection for /reflect advertised models.
pkg/detector/triage.go	Adds bounded artifact inlining and triage prompt builder (Phase 1).
pkg/detector/triage_test.go	Tests triage prompt inlining/truncation and bundle metadata handling.
pkg/detector/result.go	Adds strict structured-result schema, parser/validator, and IsSafe helper.
pkg/detector/result_test.go	Adds strict structured-result parsing tests.
pkg/detector/prompts/threat_detection_triage.md	Adds the non-agentic triage prompt template with strict JSON-only output rules.
pkg/detector/detector.go	Extends embedded prompts to include the triage prompt template.
pkg/detector/correction.go	Adds bounded correction-feedback helpers for retry prompts.
cmd/threat-detect/main.go	Orchestrates two-phase flow, adds triage/reflect CLI flags & retry logic for full detector parsing.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 14/14 changed files
• Comments generated: 3

[Copilot]

Copilot's findings

• Files reviewed: 14/14 changed files
• Comments generated: 3