Spaces:

28-nini
/

nini_

Running

App Files Files Community

nini_ / app.py

28-nini

Update app.py

9b77562 verified about 1 month ago

raw

history blame contribute delete

38.6 kB

	import os
	import re
	import gradio as gr
	from datetime import datetime
	import tempfile
	import io
	import base64

	# Check for required dependencies
	try:
	import fitz # PyMuPDF
	PDF_SUPPORT = True
	except ImportError:
	PDF_SUPPORT = False
	print("Warning: PyMuPDF not available, PDF support disabled")

	try:
	from gtts import gTTS
	TTS_SUPPORT = True
	except ImportError:
	TTS_SUPPORT = False
	print("Warning: gTTS not available, audio synthesis disabled")

	try:
	from groq import Groq
	GROQ_SUPPORT = True
	except ImportError:
	GROQ_SUPPORT = False
	print("Warning: Groq not available")

	try:
	from transformers import pipeline
	HF_TRANSFORMERS_SUPPORT = True
	except ImportError:
	HF_TRANSFORMERS_SUPPORT = False
	print("Warning: Transformers not available")

	# ✅ Load secrets from environment with better error handling
	groq_key = os.environ.get('GROQ_API_KEY')
	hf_token = os.environ.get('HF_TOKEN')
	kaggle_key = os.environ.get('KAGGLE_KEY')
	kaggle_username = os.environ.get('KAGGLE_USERNAME')

	# Ensure none of the required secrets are missing
	if not all([groq_key, hf_token]):
	raise EnvironmentError("❌ One or more required API keys are missing from environment variables.")

	# Initialize components with fallbacks
	client = None
	phishing_pipe = None

	if GROQ_SUPPORT and groq_key:
	try:
	client = Groq(api_key=groq_key)
	print("✅ Groq client initialized")
	except Exception as e:
	print(f"❌ Groq initialization failed: {e}")

	if HF_TRANSFORMERS_SUPPORT and hf_token:
	try:
	phishing_pipe = pipeline(
	"text-classification",
	model="ealvaradob/bert-finetuned-phishing",
	token=hf_token,
	return_all_scores=True
	)
	print("✅ Phishing detection model loaded")
	except Exception as e:
	print(f"❌ Model loading failed: {e}")
	# Try alternative model
	try:
	phishing_pipe = pipeline(
	"text-classification",
	model="martin-ha/toxic-comment-model",
	return_all_scores=True
	)
	print("✅ Fallback model loaded")
	except Exception as e2:
	print(f"❌ Fallback model also failed: {e2}")

	# Global variables
	history_log = []
	detailed_log = []

	# 🎯 Role options
	role_choices = ["Procurement", "Warehouse", "Admin", "Finance", "Logistics"]

	# 🌍 Language options
	language_choices = [
	"English", "Urdu", "Arabic", "French", "German", "Spanish", "Portuguese", "Hindi", "Turkish",
	"Bengali", "Russian", "Chinese", "Japanese", "Korean", "Swahili", "Indonesian", "Italian",
	"Dutch", "Polish", "Thai", "Vietnamese", "Romanian", "Persian", "Punjabi", "Greek", "Hebrew",
	"Malay", "Czech", "Danish", "Finnish", "Hungarian", "Norwegian", "Slovak", "Swedish", "Tamil",
	"Telugu", "Gujarati", "Marathi", "Pashto", "Serbian", "Croatian", "Ukrainian", "Bulgarian",
	"Filipino", "Sinhala", "Mongolian", "Kazakh", "Azerbaijani", "Nepali", "Malayalam"
	]

	# Glossary terms with tooltip
	GLOSSARY = {
	"phishing": "Phishing is a scam where attackers trick you into revealing personal information.",
	"domain spoofing": "Domain spoofing is when someone fakes a legitimate website's address to deceive you.",
	"malware": "Malicious software designed to harm or exploit systems.",
	"spam": "Unwanted or unsolicited messages.",
	"tone": "The emotional character of the message."
	}

	def extract_text_from_file(file_obj):
	"""Extract text from uploaded files with error handling"""
	if file_obj is None:
	return ""

	try:
	file_path = file_obj.name if hasattr(file_obj, 'name') else str(file_obj)
	ext = file_path.split(".")[-1].lower()

	if ext == "pdf" and PDF_SUPPORT:
	doc = fitz.open(file_path)
	return "\n".join(page.get_text() for page in doc)
	elif ext == "txt":
	with open(file_path, "r", encoding="utf-8", errors="ignore") as f:
	return f.read()
	else:
	return f"Unsupported file type: {ext}"
	except Exception as e:
	return f"Error reading file: {str(e)}"

	def rag_based_reranking(text, bert_analysis, language="English"):
	"""
	RAG/Prompt-Based Reranking: Use LLaMA to reanalyze and improve BERT's classification
	This adds semantic analysis and intent understanding
	"""
	try:
	# Create prompt for LLaMA semantic reanalysis
	reranking_prompt = [
	{
	"role": "system",
	"content": f"""
	You are an expert cybersecurity analyst specializing in phishing detection.
	Your job is to reanalyze email/message content using semantic understanding and intent analysis.

	You have received a preliminary classification from a BERT model, but you need to provide a more accurate assessment using your understanding of:
	- Social engineering tactics
	- Urgency patterns
	- Suspicious requests
	- Context and intent
	- Language patterns that indicate deception

	Respond with your reanalysis in this exact format:
	REANALYZED_THREAT_TYPE: [safe/spam/phishing/malware]
	CONFIDENCE_LEVEL: [low/medium/high]
	REASONING: [Brief explanation of your decision]
	SEMANTIC_INDICATORS: [What semantic clues led to this conclusion]
	"""
	},
	{
	"role": "user",
	"content": f"""
	ORIGINAL MESSAGE TO ANALYZE:
	"{text}"

	BERT MODEL'S PRELIMINARY ANALYSIS:
	- Classification: {bert_analysis.get('model_prediction', 'Unknown')}
	- Threat Type: {bert_analysis.get('threat_type', 'unknown')}
	- AI Confidence: {bert_analysis.get('ai_confidence_score', 0)}%

	TASK: Does this message pose a phishing, spam, malware, or other security risk?
	Use your semantic understanding to reanalyze this message. Consider:
	1. Intent and context
	2. Social engineering patterns
	3. Urgency or pressure tactics
	4. Suspicious requests (credentials, money, personal info)
	5. Language patterns that suggest deception
	6. Overall trustworthiness

	Provide your reanalysis using the format specified above.
	"""
	}
	]

	# Get LLaMA's semantic reanalysis
	response = client.chat.completions.create(
	model="llama3-8b-8192",
	messages=reranking_prompt,
	temperature=0.1, # Low temperature for consistent analysis
	max_tokens=500
	)

	llama_response = response.choices[0].message.content.strip()

	# Parse LLaMA's response
	reanalysis = parse_llama_reanalysis(llama_response)

	# Combine BERT and LLaMA insights
	final_analysis = combine_bert_llama_analysis(bert_analysis, reanalysis, text)

	return final_analysis

	except Exception as e:
	print(f"RAG Reranking failed: {e}")
	# Fallback to original BERT analysis
	bert_analysis['rag_error'] = str(e)
	return bert_analysis

	def parse_llama_reanalysis(llama_response):
	"""Parse LLaMA's structured response"""
	reanalysis = {
	'llama_threat_type': 'unknown',
	'llama_confidence': 'medium',
	'llama_reasoning': '',
	'semantic_indicators': ''
	}

	lines = llama_response.split('\n')
	for line in lines:
	line = line.strip()
	if line.startswith('REANALYZED_THREAT_TYPE:'):
	reanalysis['llama_threat_type'] = line.split(':', 1)[1].strip().lower()
	elif line.startswith('CONFIDENCE_LEVEL:'):
	reanalysis['llama_confidence'] = line.split(':', 1)[1].strip().lower()
	elif line.startswith('REASONING:'):
	reanalysis['llama_reasoning'] = line.split(':', 1)[1].strip()
	elif line.startswith('SEMANTIC_INDICATORS:'):
	reanalysis['semantic_indicators'] = line.split(':', 1)[1].strip()

	return reanalysis

	def combine_bert_llama_analysis(bert_analysis, llama_reanalysis, original_text):
	"""
	Combine BERT and LLaMA analysis using hybrid decision logic
	LLaMA's semantic understanding gets priority for final classification
	"""

	# Get both predictions
	bert_threat = bert_analysis.get('threat_type', 'unknown')
	llama_threat = llama_reanalysis.get('llama_threat_type', 'unknown')
	llama_confidence = llama_reanalysis.get('llama_confidence', 'medium')

	# Hybrid decision logic
	if llama_confidence == 'high':
	# Trust LLaMA's high-confidence assessment
	final_threat_type = llama_threat
	decision_method = "LLaMA High Confidence"
	elif bert_threat == llama_threat:
	# Both models agree - high confidence in result
	final_threat_type = bert_threat
	decision_method = "BERT + LLaMA Agreement"
	elif llama_threat == 'safe' and bert_threat in ['spam', 'unknown']:
	# LLaMA says safe, BERT unsure - lean towards safe
	final_threat_type = 'safe'
	decision_method = "LLaMA Safety Override"
	elif llama_threat in ['phishing', 'malware'] and bert_threat != 'safe':
	# LLaMA detects serious threat - prioritize security
	final_threat_type = llama_threat
	decision_method = "LLaMA Threat Detection"
	else:
	# Default to BERT with LLaMA insights
	final_threat_type = bert_threat
	decision_method = "BERT with LLaMA Insights"

	# Create enhanced analysis combining both models
	enhanced_analysis = bert_analysis.copy()
	enhanced_analysis.update({
	'final_threat_type': final_threat_type,
	'bert_prediction': bert_threat,
	'llama_prediction': llama_threat,
	'llama_confidence': llama_confidence,
	'llama_reasoning': llama_reanalysis.get('llama_reasoning', ''),
	'semantic_indicators': llama_reanalysis.get('semantic_indicators', ''),
	'decision_method': decision_method,
	'hybrid_analysis': True
	})

	# Recalculate threat score based on final classification
	enhanced_analysis['threat_type'] = final_threat_type
	threat_score = calculate_threat_score(enhanced_analysis)
	enhanced_analysis['threat_score'] = threat_score

	return enhanced_analysis

	def calculate_threat_score(hf_analysis):
	"""
	Calculate threat score based on AI analysis results
	Returns score from 0-100 where higher means more dangerous
	"""
	threat_type = hf_analysis.get('threat_type', 'unknown')
	confidence_percentage = hf_analysis.get('ai_confidence_score', 0)

	if threat_type == 'safe':
	# For safe messages, use INVERSE of confidence
	# High confidence in "safe" = Low threat score
	threat_score = max(0, min(20, (100 - confidence_percentage) * 0.2))

	elif threat_type == 'spam':
	# For spam, map confidence to 21-40% range
	threat_score = 21 + (confidence_percentage * 0.19)

	elif threat_type == 'phishing':
	# For phishing, map confidence to 61-80% range
	threat_score = 61 + (confidence_percentage * 0.19)

	elif threat_type == 'malware':
	# For malware, map confidence to 81-100% range
	threat_score = 81 + (confidence_percentage * 0.19)

	else:
	# For unknown threats, use moderate risk
	threat_score = 41 + (confidence_percentage * 0.19)

	# Ensure score stays within bounds
	threat_score = round(min(100, max(0, threat_score)), 1)

	# Additional safety check for very short, innocent messages
	text = hf_analysis.get('raw_text', '')
	if len(text.strip()) <= 10 and threat_type == 'safe':
	threat_score = min(threat_score, 10.0)

	return threat_score

	def analyze_with_huggingface(text):
	"""
	First stage: Analyze message using Hugging Face BERT model
	Returns detailed technical analysis for LLaMA to interpret
	FIXED VERSION: Properly handles safe messages like "HI"
	"""
	try:
	# Get prediction from Hugging Face model
	result = phishing_pipe(text)

	# Extract prediction details
	prediction = result[0]
	label = prediction['label']
	confidence_score = prediction['score']

	# Convert to percentage
	confidence_percentage = round(confidence_score * 100, 2)

	# Map labels to threat types (adjust based on your model's labels)
	threat_mapping = {
	'PHISHING': 'phishing',
	'LEGITIMATE': 'safe',
	'SPAM': 'spam',
	'MALWARE': 'malware'
	}

	threat_type = threat_mapping.get(label.upper(), 'unknown')

	# FIXED LOGIC: Calculate threat score based on what the model actually detected
	if threat_type == 'safe':
	# For safe messages, use INVERSE of confidence
	# High confidence in "safe" = Low threat score
	threat_score = max(0, min(20, (100 - confidence_percentage) * 0.2))
	threat_level = "Safe"

	elif threat_type == 'spam':
	# For spam, map confidence to 21-40% range
	threat_score = 21 + (confidence_percentage * 0.19)
	threat_level = "Minimal Suspicion"

	elif threat_type == 'phishing':
	# For phishing, map confidence to 61-80% range
	threat_score = 61 + (confidence_percentage * 0.19)
	threat_level = "Likely Threat"

	elif threat_type == 'malware':
	# For malware, map confidence to 81-100% range
	threat_score = 81 + (confidence_percentage * 0.19)
	threat_level = "Severe Threat"

	else:
	# For unknown threats, use moderate risk
	threat_score = 41 + (confidence_percentage * 0.19)
	threat_level = "Needs Attention"

	# Ensure score stays within bounds
	threat_score = round(min(100, max(0, threat_score)), 1)

	# Additional safety check for very short, innocent messages
	if len(text.strip()) <= 10 and threat_type == 'safe':
	# For very short messages classified as safe, ensure low threat score
	threat_score = min(threat_score, 10.0)
	threat_level = "Safe"

	# Create technical analysis summary for LLaMA
	technical_analysis = {
	'model_prediction': label,
	'ai_confidence_score': confidence_percentage,
	'threat_type': threat_type,
	'threat_score': threat_score,
	'threat_level': threat_level,
	'raw_text': text[:500]
	}

	return technical_analysis

	except Exception as e:
	# Fallback analysis if Hugging Face model fails
	return {
	'model_prediction': 'UNKNOWN',
	'ai_confidence_score': 0,
	'threat_type': 'unknown',
	'threat_score': 50.0,
	'threat_level': 'Needs Attention',
	'raw_text': text[:500],
	'error': str(e)
	}

	def build_enhanced_prompt_messages(hf_analysis, language="English", role="Admin"):
	"""
	Build prompt that includes both BERT and LLaMA reanalysis for final interpretation
	"""
	# Check if hybrid analysis was performed
	if hf_analysis.get('hybrid_analysis', False):
	technical_data = f"""
	HYBRID AI ANALYSIS RESULTS:
	- BERT Model Prediction: {hf_analysis.get('bert_prediction', 'Unknown')}
	- LLaMA Semantic Analysis: {hf_analysis.get('llama_prediction', 'Unknown')}
	- Final Classification: {hf_analysis['final_threat_type']}
	- Decision Method: {hf_analysis.get('decision_method', 'Standard')}
	- LLaMA Confidence: {hf_analysis.get('llama_confidence', 'medium')}
	- Threat Score: {hf_analysis['threat_score']}% (0-100, higher = more dangerous)
	- LLaMA Reasoning: {hf_analysis.get('llama_reasoning', 'N/A')}
	- Semantic Indicators: {hf_analysis.get('semantic_indicators', 'N/A')}
	- Original Message: "{hf_analysis['raw_text']}"
	"""
	else:
	technical_data = f"""
	STANDARD AI ANALYSIS:
	- Model Prediction: {hf_analysis['model_prediction']}
	- Detected Threat Type: {hf_analysis['threat_type']}
	- Threat Score: {hf_analysis['threat_score']}% (0-100, higher = more dangerous)
	- Original Message: "{hf_analysis['raw_text']}"
	"""

	if 'error' in hf_analysis or 'rag_error' in hf_analysis:
	error_msg = hf_analysis.get('error', hf_analysis.get('rag_error', ''))
	technical_data += f"\n- Analysis Note: {error_msg}"

	return [
	{
	"role": "system",
	"content": f"""
	You are a friendly cybersecurity assistant helping employees in the supply chain industry.
	You have received results from a hybrid AI analysis system that combines:
	1. BERT model for technical pattern detection
	2. LLaMA model for semantic understanding and intent analysis

	Your job is to explain these results in SIMPLE, NON-TECHNICAL language that anyone can understand.

	Guidelines:
	- Use everyday words instead of technical jargon
	- The threat score ranges from 0-100 where higher numbers mean more dangerous
	- Explain both what the computers found AND why it matters
	- Give clear, practical advice for a {role} employee
	- If there's disagreement between models, explain what that means

	Always respond completely in {language} only.
	Make it sound like you're talking to a friend, not giving a technical report.
	"""
	},
	{
	"role": "user",
	"content": f"""
	Please analyze this hybrid security check and explain it in simple terms:

	{technical_data}

	Respond in this format using everyday language:
	1. Tone: (How does the message sound? Pushy, friendly, normal, etc.)
	2. Threat Type: (What kind of danger is this? Safe message, scam attempt, spam, etc.)
	3. Threat Score: (Show the danger level number from 0-100)
	4. AI Analysis Summary: (What did both computer systems find? Did they agree?)
	5. Simple Explanation (in {language}): (Explain in plain words why this is safe or dangerous)
	6. What should you do as a {role} worker (in {language}): (Clear, simple steps)
	7. Why the computers flagged this: (Explain what the AI systems noticed)
	8. Detailed Advisory (in {language}): (Comprehensive guidance and precautions)
	"""
	}
	]

	def get_threat_level_display(threat_score):
	"""
	Get color-coded threat level display based on corrected 5-level system
	"""
	if threat_score <= 20:
	return "🟢 SAFE - No threat detected"
	elif threat_score <= 40:
	return "🟡 MINIMAL SUSPICION - Minor concerns"
	elif threat_score <= 60:
	return "🟠 NEEDS ATTENTION - Requires careful review"
	elif threat_score <= 80:
	return "🔴 LIKELY THREAT - High probability of danger"
	else:
	return "⚫ SEVERE THREAT - Immediate action required"

	def generate_text_report(analysis_data, hf_analysis, input_text):
	"""
	Generate a structured text report that can be downloaded as a .txt file
	"""
	timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")

	report = f"""
	================================================================================
	ZEROPHISH GATE - SECURITY ANALYSIS REPORT
	================================================================================

	Analysis Date: {timestamp}
	Generated by: ZeroPhish Gate AI Security System

	================================================================================
	ANALYZED MESSAGE
	================================================================================

	{input_text}

	================================================================================
	THREAT ASSESSMENT SUMMARY
	================================================================================

	AI Detection: {hf_analysis.get('model_prediction', 'Unknown')}
	Message Type: {hf_analysis.get('threat_type', 'Unknown').title()}
	Threat Score: {hf_analysis.get('threat_score', 'N/A')}%

	================================================================================
	DETAILED ANALYSIS
	================================================================================

	"""

	# Parse detailed analysis sections
	sections = {}
	current_section = ""
	lines = analysis_data.split('\n')

	for line in lines:
	line = line.strip()
	if line.startswith(('1. Tone:', '2. Threat Type:', '3. Threat Score:', '4. Simple Explanation', '5. What should you do', '6. Why the computer', '7. Detailed Advisory')):
	current_section = line
	sections[current_section] = ""
	elif current_section and line and not line.startswith('🤖'):
	sections[current_section] += line + " "

	# Add detailed analysis sections
	section_titles = [
	("1. Tone:", "MESSAGE TONE ANALYSIS"),
	("2. Threat Type:", "THREAT CLASSIFICATION"),
	("3. Threat Score:", "THREAT SCORE ASSESSMENT"),
	("4. Simple Explanation", "DETAILED EXPLANATION"),
	("5. What should you do", "RECOMMENDED ACTIONS"),
	("6. Why the computer", "AI DETECTION REASONING"),
	("7. Detailed Advisory", "COMPREHENSIVE ADVISORY")
	]

	for section_key, section_title in section_titles:
	content_text = ""
	for key, value in sections.items():
	if key.startswith(section_key):
	content_text = value.strip()
	break

	if content_text:
	report += f"""
	{section_title}
	{'-' * len(section_title)}

	{content_text}

	"""

	# Footer
	report += f"""
	================================================================================
	REPORT FOOTER
	================================================================================

	This report was generated by ZeroPhish Gate AI Security System.
	For support or questions, contact your IT security team.

	Report ID: ZPG-{timestamp.replace(' ', 'T').replace(':', '-')}
	Analysis completed at: {timestamp}

	================================================================================
	"""

	return report

	def generate_downloadable_report(analysis_data, hf_analysis, input_text):
	"""
	Generate a downloadable report file
	"""
	# Create text report
	text_report = generate_text_report(analysis_data, hf_analysis, input_text)

	# Create downloadable file
	timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
	filename = f"zerophish_security_report_{timestamp}.txt"

	# Create a temporary file for download
	with tempfile.NamedTemporaryFile(mode='w', suffix='.txt', delete=False, encoding='utf-8') as f:
	f.write(text_report)
	temp_path = f.name

	return temp_path

	def add_visual_badges(text):
	tags = []
	if "urgent" in text.lower():
	tags.append("🔴 Urgent Tone Detected")
	if "suspicious" in text.lower() and "domain" in text.lower():
	tags.append("🗘 Suspicious Domain")
	if "safe" in text.lower() or "threat type: safe" in text.lower():
	tags.append("🟩 Clean")
	if "ai model" in text.lower():
	tags.append("🤖 AI-Enhanced Analysis")
	if tags:
	return text + "\n\n🚨 Visual Tags:\n" + "\n".join(tags)
	return text

	def apply_glossary_tooltips(text):
	"""Apply HTML tooltips for glossary terms"""
	# First, convert newlines to HTML breaks
	text = text.replace('\n', '<br>')

	# Apply tooltips to glossary terms
	for term, definition in GLOSSARY.items():
	pattern = re.compile(rf'\b{re.escape(term)}\b', re.IGNORECASE)
	# Create HTML span with title attribute for tooltip
	tooltip_html = f'<span title="{definition}" style="font-weight: bold; text-decoration: underline; cursor: help; color: #0066cc;">{term}</span>'
	text = pattern.sub(tooltip_html, text)

	# Handle markdown-style bold text
	text = re.sub(r'\\(.?)\\*', r'<strong>\1</strong>', text)

	# Wrap in a simple div
	html_output = f'<div style="padding: 10px; line-height: 1.5; font-size: 14px;">{text}</div>'

	return html_output



	def synthesize_audio(text, language="English"):
	if not text.strip():
	return None

	try:
	# Language code mapping (expand as needed)
	lang_map = {
	"english": "en",
	"spanish": "es",
	"french": "fr",
	"german": "de",
	"hindi": "hi",
	"arabic": "ar",
	"urdu": "ur" # gTTS supports Urdu as 'ur'
	}

	# Get language code (default to English if not found)
	lang_code = lang_map.get(language.lower(), "en")

	# Generate speech with proper language handling
	tts = gTTS(text=text[:200], lang=lang_code, slow=False)

	with tempfile.NamedTemporaryFile(suffix=".mp3", delete=False) as tmp_file:
	tmp_path = tmp_file.name
	tts.save(tmp_path)
	return tmp_path

	except Exception as e:
	print(f"Audio synthesis error: {e}")
	return None

	def new_chat():
	"""Reset all fields for a new chat session"""
	return (
	"", # text_input
	None, # file_input
	"", # output
	gr.update(visible=False), # report_btn
	gr.update(visible=False), # ignore_btn
	gr.update(visible=False), # report_msg
	None, # audio_output
	None, # report_file
	)

	def analyze_message_interface(text_input, uploaded_file, language, role):
	file_text = extract_text_from_file(uploaded_file) if uploaded_file else ""
	text_input = text_input.strip()
	file_text = file_text.strip()

	if not text_input and not file_text:
	return "❌ No input provided via text or file.", gr.update(visible=False), history_log, gr.update(choices=[], value=None), "", None, gr.update(visible=False), gr.update(visible=False), None

	combined_input = f"User message:\n{text_input}\n\nAttached file content:\n{file_text}" if text_input and file_text else (text_input or file_text)

	# STAGE 1: Hugging Face BERT Analysis
	print("🤖 Stage 1: Running Hugging Face BERT analysis...")
	bert_analysis = analyze_with_huggingface(combined_input)

	# STAGE 1.5: RAG-Based Reranking with LLaMA Semantic Analysis
	print("🧠 Stage 1.5: RAG-based reranking with LLaMA semantic analysis...")
	hf_analysis = rag_based_reranking(combined_input, bert_analysis, language)

	# Calculate final threat score
	threat_score = calculate_threat_score(hf_analysis)
	hf_analysis['threat_score'] = threat_score

	# Stage 2: Final LLaMA Interpretation
	print("🧠 Stage 2: Final LLaMA interpretation of hybrid analysis...")
	messages = build_enhanced_prompt_messages(hf_analysis, language, role)
	response = client.chat.completions.create(
	model="llama3-8b-8192",
	messages=messages,
	temperature=0.3,
	max_tokens=1000
	)
	result = response.choices[0].message.content.strip()

	# In your analyze_message_interface function:
	audio_path = synthesize_audio(result, language) # Pass the same language selected in UI

	# Add hybrid analysis summary to the result
	if hf_analysis.get('hybrid_analysis', False):
	result += f"\n\n🤖 Hybrid AI Analysis Summary:\n"
	result += f"- BERT Detection: {hf_analysis.get('bert_prediction', 'Unknown').title()}\n"
	result += f"- LLaMA Reanalysis: {hf_analysis.get('llama_prediction', 'Unknown').title()}\n"
	result += f"- Final Decision: {hf_analysis['final_threat_type'].title()}\n"
	result += f"- Method: {hf_analysis.get('decision_method', 'Standard')}\n"
	result += f"- Threat Score: {hf_analysis['threat_score']}%"
	else:
	result += f"\n\n🤖 Computer Analysis Summary:\n- Detection: {hf_analysis['model_prediction']}\n- Message Type: {hf_analysis['threat_type'].title()}\n- Threat Score: {hf_analysis['threat_score']}%"

	result_with_badges = add_visual_badges(result)
	result_with_tooltips = apply_glossary_tooltips(result_with_badges)

	# Determine if threat based on final analysis
	final_threat_type = hf_analysis.get('final_threat_type', hf_analysis.get('threat_type', 'unknown'))
	is_threat = hf_analysis['threat_score'] > 20

	# Extract information for logging
	threat_score_str = f"{hf_analysis['threat_score']}%"
	status = "Safe" if final_threat_type == 'safe' else "Review"

	history_log.append([
	datetime.now().strftime("%Y-%m-%d %H:%M"),
	combined_input[:40] + "...",
	threat_score_str,
	final_threat_type.title(),
	status
	])

	# Store data for detailed view
	detailed_log.append({
	"full_input": combined_input,
	"full_result": result_with_badges,
	"hf_analysis": hf_analysis,
	"timestamp": datetime.now().strftime("%Y-%m-%d %H:%M:%S")
	})

	audio_path = synthesize_audio(result, language)

	# Generate downloadable report
	report_file = generate_downloadable_report(result_with_badges, hf_analysis, combined_input)

	return (
	result_with_tooltips, # output as plain text
	gr.update(visible=is_threat), # report_btn
	history_log,
	gr.update(choices=[str(i) for i in range(len(detailed_log))], value=None),
	"", # full_view
	audio_path,
	gr.update(visible=is_threat), # report_msg
	gr.update(visible=is_threat), # ignore_btn
	report_file # report_file for download
	)

	def view_full_report(index):
	try:
	idx = int(index)
	record = detailed_log[idx]
	hf_data = record['hf_analysis']

	report = f"📅 Timestamp: {record['timestamp']}\n\n"
	report += f"📝 Input Message:\n{record['full_input']}\n\n"
	report += f"🤖 Computer Security Check:\n"
	report += f"- What AI Found: {hf_data['model_prediction']}\n"
	report += f"- Message Type: {hf_data['threat_type']}\n"
	report += f"- Threat Score: {hf_data.get('threat_score', 'N/A')}%\n"
	if 'error' in hf_data:
	report += f"- Note: {hf_data['error']}\n"
	report += f"\n📜 Detailed Analysis:\n{record['full_result']}"

	return report
	except:
	return "❌ Invalid selection"

	def report_to_it(language):
	english_msg = "✅ Your request has been forwarded to the concerning department..."
	if history_log:
	history_log[-1][4] = "Reported"

	if language.lower() == "english":
	return english_msg, history_log

	prompt = [{
	"role": "user",
	"content": f'Translate this message into {language} and include the English version in brackets:\n\n"{english_msg}"'
	}]
	response = client.chat.completions.create(
	model="llama3-8b-8192",
	messages=prompt,
	temperature=0.2,
	max_tokens=250
	)
	output = response.choices[0].message.content.strip()

	match = re.search(r'([^\[]+)(\[[^\]]+\])', output)
	if match:
	return f"{match.group(1).strip()}\n{match.group(2).strip()}", history_log
	else:
	return f"{output}\n[{english_msg}]", history_log

	def ignore_latest():
	if history_log:
	history_log[-1][4] = "Ignored"
	return history_log

	def clear_history():
	history_log.clear()
	detailed_log.clear()
	return [], [], "", gr.update(visible=False)

	def create_interface():
	"""Create the Gradio interface"""

	with gr.Blocks(
	title="ZeroPhish Gate - Phishing Detection",
	theme=gr.themes.Soft(),
	css="""
	.main-header { text-align: center; margin-bottom: 20px; }
	.analysis-output { padding: 15px; border-radius: 10px; }
	"""
	) as demo:

	gr.HTML("""
	<div class="main-header">
	<h1>🛡️ ZeroPhish Gate</h1>
	<h3>AI-Powered Phishing & Threat Detection</h3>
	<p>Analyze messages, emails, and documents for potential security threats</p>
	</div>
	""")

	# System status
	status_msg = "🟢 System Ready"
	if not (GROQ_SUPPORT and groq_key):
	status_msg += " (Advanced AI disabled)"
	if not phishing_pipe:
	status_msg += " (Using basic detection)"

	gr.Markdown(f"Status: {status_msg}")

	with gr.Row():
	with gr.Column(scale=3):
	text_input = gr.Textbox(
	label="📝 Message to Analyze",
	placeholder="Paste suspicious email, SMS, or message here...",
	lines=5
	)

	file_input = gr.File(
	label="📎 Upload File (Optional)",
	file_types=[".txt", ".pdf"] if PDF_SUPPORT else [".txt"]
	)

	with gr.Column(scale=1):
	role = gr.Dropdown(
	label="👤 Your Role",
	choices=role_choices,
	value="Admin"
	)

	language = gr.Dropdown(
	label="🌐 Language",
	choices=language_choices,
	value="English"
	)

	analyze_btn = gr.Button(
	"🔍 Analyze Message",
	variant="primary",
	size="lg"
	)

	new_chat_btn = gr.Button("🆕 New Chat", variant="secondary")

	with gr.Row():
	output = gr.HTML(
	label="📊 Analysis Results",
	elem_classes=["analysis-output"]
	)

	with gr.Row():
	report_btn = gr.Button("🚨 Report to IT", visible=False, variant="stop")
	ignore_btn = gr.Button("🙊 Ignore Message", visible=False)

	report_msg = gr.Textbox(label="📣 IT Confirmation", visible=False, interactive=False)

	with gr.Row():
	audio_output = gr.Audio(label="🔊 Voice Output (Click to Play)", interactive=False, autoplay=False)
	report_file = gr.File(label="📄 Download Security Report", interactive=False)

	with gr.Accordion("📜 Risk History & Detailed Reports", open=False):
	history_table = gr.Dataframe(
	headers=["Time", "Preview", "Threat Score", "Type", "Status"],
	label="📜 Risk History Log",
	interactive=False,
	wrap=True
	)
	clear_btn = gr.Button("🧹 Clear History")

	selected_idx = gr.Dropdown(label="📂 Select Report to View", choices=[], interactive=True)
	full_view = gr.Textbox(label="🔍 Detailed Analysis", lines=12, interactive=False)

	with gr.Accordion("ℹ️ Help & Information", open=False):
	gr.Markdown("""
	### How to Use
	1. Paste or type the suspicious message in the text box
	2. Upload a file (PDF or TXT) if needed
	3. Select your role for personalized advice
	4. Click Analyze to get results

	### Threat Types
	- 🟢 Safe: No threats detected
	- 🟡 Spam: Unwanted promotional content
	- 🟠 Suspicious: Potentially harmful content
	- 🔴 Phishing: Attempts to steal information
	- 🔴 Malware: Malicious software threats

	### Tips
	- Always verify suspicious requests through official channels
	- Never click links or download attachments from unknown senders
	- When in doubt, contact your IT security team
	""")

	with gr.Accordion("📚 Glossary Help", open=False):
	gr.Markdown("""
	Hover over underlined blue terms in the analysis to see their definitions:
	- Phishing: A type of online scam where attackers trick you into giving away personal information
	- Domain Spoofing: When a fake website mimics a trusted one by using a similar-looking web address
	- Malware: Software designed to harm or gain unauthorized access to your device or data
	- Spam: Unwanted or unsolicited messages, usually advertisements or scams
	- Tone: The emotional tone in a message, like being urgent or friendly
	""")

	with gr.Accordion("🤖 AI Pipeline Info", open=False):
	gr.Markdown("""
	Three-Stage Hybrid Analysis Pipeline:
	1. Stage 1 - BERT Model: Technical phishing pattern detection
	2. Stage 1.5 - RAG Reranking: LLaMA semantic reanalysis for intent understanding
	3. Stage 2 - Final Interpretation: User-friendly explanation generation

	RAG-Based Reranking Benefits:
	✅ Semantic Understanding: LLaMA analyzes intent and context, not just patterns
	✅ Social Engineering Detection: Better detection of psychological manipulation
	✅ Hybrid Decision Making: Combines pattern matching with contextual analysis
	✅ Reduced False Positives: More accurate classification of legitimate messages

	How It Works:
	- BERT identifies technical patterns (suspicious links, keywords, etc.)
	- LLaMA reanalyzes for social engineering, urgency, and intent
	- System combines both analyses for final classification
	- Prioritizes safety while reducing false alarms

	Message Classification:
	- Safe: Normal, legitimate messages
	- Spam: Unwanted promotional content
	- Phishing: Attempts to steal personal information
	- Malware: Messages with malicious attachments or links
	""")

	# Event handlers
	analyze_btn.click(
	fn=analyze_message_interface,
	inputs=[text_input, file_input, language, role],
	outputs=[output, report_btn, history_table, selected_idx, full_view, audio_output, report_msg, ignore_btn, report_file]
	)

	new_chat_btn.click(
	fn=new_chat,
	inputs=[],
	outputs=[text_input, file_input, output, report_btn, ignore_btn, report_msg, audio_output, report_file]
	)

	selected_idx.change(fn=view_full_report, inputs=[selected_idx], outputs=[full_view])
	report_btn.click(fn=report_to_it, inputs=[language], outputs=[report_msg, history_table])
	report_btn.click(lambda: gr.update(visible=True), outputs=report_msg)
	ignore_btn.click(fn=ignore_latest, outputs=[history_table])
	clear_btn.click(fn=clear_history, outputs=[history_table, selected_idx, full_view, report_msg])

	return demo

	# Create and launch the interface
	if __name__ == "__main__":
	demo = create_interface()
	demo.launch(
	server_name="0.0.0.0",
	server_port=7860,
	show_error=True,
	share=False
	)