feat: antispam scoring package

[alexiscolin]

⚠️ WIP - Primarily Proof of Concept

Needs: boards2 integration for testing, threshold tuning, and weight feedback before merge.

Companion to #5185

SpamAssassin-style scoring for Gno realms. Multi-rule engine (19 rules) combining content checks, rate limiting, reputation, Bayesian filter, duplicate detection, and blocklists. Scores accumulate - above 5 might hide, above 8 might reject. Multiple signals make the system harder to game.

Two components:

• p/gnoland/antispam - Pure scoring library (import + customize)
• r/gnoland/antispam - Shared realm with defaults (21 scam patterns, 400 keywords)

Detection Strategies

• Content heuristics: all caps, punctuation spam, repeated chars, link-heavy posts, short posts that are just a URL
• Unicode tricks: zalgo text, invisible chars, cyrillic-in-latin homoglyphs
• Rate limiting: half-weight for moderate bursts, full weight for flooding
• Account reputation: age, balance, username, flag/ban history
• Naive Bayesian filter: probabilistic text classifier that needs 3+ spam-heavy tokens to fire
• MinHash duplicate detection: catches copy-paste (duplicate) spam waves across realms
• Regex blocklists: common scam formats ("send X tokens", email addresses...) and address blocklist (instant blocked)
• Keyword co-occurrence: multiple spam keywords together trigger, single words don't. Leet-speak normalization ("fr33" → "free"), weighted 1-3

Architecture

Package (p/gnoland/antispam)

• Pure functions, no state, no side effects
• Realms own state (Corpus, FingerprintStore, Blocklist, KeywordDict)
• Customize weights, thresholds, patterns per realm

Realm (r/gnoland/antispam)

• Shared on-chain state (pre-trained corpus, blocklist, keywords)
• Admin-only training and pattern management
• Per-address reputation tracking (flags, bans, accepted posts)
• Any realm can Score(), only registered realms can RecordAccepted/Flag/Ban

Score() is read-only - does NOT auto-update reputation. Calling realm must manually record moderation decisions (prevents false positives from poisoning shared data) - Admin only.

See pure README and realm README for planned detailed usage, gas optimization, and integration patterns.

[Gno2D2]

🛠 PR Checks Summary

All Automated Checks passed. ✅

Manual Checks (for Reviewers):

• IGNORE the bot requirements for this PR (force green CI check)

Read More

🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

✅ Automated Checks (for Contributors):

🟢 Maintainers must be able to edit this pull request (more info)

☑️ Contributor Actions:

1. Fix any issues flagged by automated checks.
2. Follow the Contributor Checklist to ensure your PR is ready for review.
   • Add new tests, or document why they are unnecessary.
   • Provide clear examples/screenshots, if necessary.
   • Update documentation, if required.
   • Ensure no breaking changes, or include BREAKING CHANGE notes.
   • Link related issues/PRs, where applicable.

☑️ Reviewer Actions:

1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.

📚 Resources:

• Report a bug with the bot.
• View the bot’s configuration file.

Debug

Automated Checks

Maintainers must be able to edit this pull request (more info)

If

🟢 Condition met
└── 🟢 And
    ├── 🟢 The base branch matches this pattern: ^master$
    └── 🟢 The pull request was created from a fork (head branch repo: alexiscolin/gno)

Then

🟢 Requirement satisfied
└── 🟢 Maintainer can modify this pull request

Manual Checks

**IGNORE** the bot requirements for this PR (force green CI check)

If

🟢 Condition met
└── 🟢 On every pull request

Can be checked by

• Any user with comment edit permission

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[jeronimoalbi]

I have to still go though the code, lots to cover. It's interesting though 👍

[jeronimoalbi]

Just a though but it might be worth exploring a Score() implementation that relies on a rule scoring interface based solution. If each one of the scoring rules follows an interface I think it probably would be possible to implement Score() as basically a loop that iterates the rules and updates the SpamScore instance. Maybe something like ScoringRule.Score(ScoreInput) (score int)?

[alexiscolin]

Thanks for the suggestion! I actually chose the procedural approach to keep the gas optimization strategy explicit. Rules are ordered cheap - to -> expensive with earlyExit checks between groups, so obvious spam never hits regex/Bayes/fingerprints. An interface pipeline would hide that pattern and make it harder to maintain.

That said, no rule plugins are planned right now: but what if that becomes a need down the line? Would refactoring to an interface then be the right move (wagni or not?), or do you see a better approach?

[jeronimoalbi]

The interface pipeline could also be ordered and a comment could be used to describe the gas optimization strategy.

Another lighter approach might to just use a scoring function type:

type ScoringFunc func(ScoreInput) []RuleHit

// ...

rules := []ScoringFunc{
  ScoreBlocklist,
  ScoreRate,
  ScoreReputation,
  // ...
}

In any case is just a recommendation, if it makes sense, to avoid defining the inline functions, the earlyExit() calls and reducing the function's body.

[jeronimoalbi]

Truncating the content might leave relevant pieces out of the scoring, I think is not a good idea truncating it within the package 🤔, devs can truncate it when calling Score() from a realm.

[jeronimoalbi]

Minor improvement, it could be applied to the other cases too:

Suggested change

	func (bl *Blocklist) AllowAddress(addr string) {
	bl.allowed.Set(addr, true)
	}
	func (bl *Blocklist) AllowAddress(addr string) {
	bl.allowed.Set(addr, struct{}{})
	}

[jeronimoalbi]

Why not using individual ones instead of combining them? Compiling a big expression or even evaluating it might end up being more expensive. Also with individual ones you would be able to potentially stop early.

With that change you could provably also remove the limit of 30 expressions.

[jeronimoalbi]

Maybe:

Suggested change

	Balance int64
	Balance chain.Coins

If so then later on you could do Balance.AmountOf(string) int64, which could be used in the future to improve the reputation implementation.

[jeronimoalbi]

Maybe something like ValidContentCount or AcceptedContentCount? In any case some field documentation would be handy to better understand the field 🙏

[jeronimoalbi]

WDYT about using 15 or 30 days instead of 1? Reasoning is that within that period account is new and might be starting with the first interactions.

[jeronimoalbi]

Right now repBanPenalty is 1, so it could be removed 🤔

[jeronimoalbi]

Test would benefit from using the constants:

Suggested change

	wantMin: 3,
	wantMin: WeightNewAccount + WeightNoUsername + WeightLowBalance,

[jeronimoalbi]

Suggested change

	import antispamr "gno.land/r/gnoland/antispam"
	import engine "gno.land/p/gnoland/antispam"
	import (
	antispamr "gno.land/r/gnoland/antispam"
	engine "gno.land/p/gnoland/antispam"
	)

[jeronimoalbi]

Could be joined:

Suggested change

	if corpus == nil || corpus.Size() < bayesMinCorpusSize {
	return 0, ""
	}
	if len(tokens) == 0 {
	return 0, ""
	}
	if corpus == nil || corpus.Size() < bayesMinCorpusSize || len(tokens) == 0 {
	return 0, ""
	}

[jeronimoalbi]

Typo

Suggested change

	// Tokens appearing in spam more than this% of the time are considered spam indicators.
	// Tokens appearing in spam more than this % of the time are considered spam indicators.

[jeronimoalbi]

Out of curiosity, wouldn't some ham tokens potentially be considered spam if they are used a lot when content is trained as spam?

[jeronimoalbi]

Could be public, it might be handy for other packages 👍

[jeronimoalbi]

Also possible:

Suggested change

	if dict == nil || dict.Size() == 0 {
	return 0, ""
	}
	if len(tokens) == 0 {
	return 0, ""
	}
	if dict == nil || dict.Size() == 0 || len(tokens) == 0
	return 0, ""
	}

[jeronimoalbi]

Why not?

Suggested change

	if c.Size() < 4 {
	t.Errorf("expected size >= 4, got %d", c.Size())
	}
	if c.Size() != 6 {
	t.Errorf("expected size 6, got %d", c.Size())
	}

[jeronimoalbi]

Could be removed, already tested in TestCorpus():

Suggested change

	if c.Size() != 9 {
	t.Fatalf("test setup: expected corpus size 9, got %d", c.Size())
	}

[jeronimoalbi]

Size checks could be removed from other Bayes related tests to keep them simpler

[jeronimoalbi]

Using table tests here would keep the tests DRY

[jeronimoalbi]

This could be removed, there is already a test case that checks zero length:

Suggested change

	if len(fp1) == 0 {
	t.Fatal("expected non-empty fingerprint")
	}

[jeronimoalbi]

I'm wondering if it makes sense to count links, tutorials or other type of Markdown content are valid and could be link heavy. It would be better to consider the number of links versus the rest of the content, or maybe just to remove the rule.

[jeronimoalbi]

I think we would need more eyes on the PR, it's quite big and has a lot of specifics to check. Also having others opinions would be helpful.

Maybe the realm could be part of other PR, for easier review and merge.

cc @Kouteki

[lbrown2007]

@alexiscolin do we need to add more reviewers to this? Is this a in the next 2 week cycle or should I push it another cycle back?