v0.4.2 — full Python parity + shared-lexicon drift guard

Third release in the v0.4 line. Completes Python parity across the entire detection stack and eliminates inline lexicon drift between the JS and Python ports.

What's new

JS refactor — load from shared JSON (no behavior change)

• core/semantic-detector.js loads INJECTION_SEEDS + THREAT_IDF from core/semantic-lexicon.json (−255 LOC inline).
• core/nli-classifier.js loads THREAT_INTENTS + NLI_SYSTEM_PROMPT from core/nli-intents.json (−50 LOC inline).
• Both fail loudly on missing JSON — defense modules must not silently load empty arrays.

Drift tests pinning the JSON contract

• test/shared-lexicon.test.js (JS, 8 assertions)
• test/test_shared_lexicon.py (Python, 10 assertions)
• Both wired into the test runners + GitHub Actions CI. Future contributors can't re-inline data without the build breaking.

Python LLM classifier tiebreaker

• classify_with_ollama() added to core/semantic_detector.py (stdlib urllib, no extra deps).
• semantic_scan() now calls the classifier when the embedding layer returns a borderline alert verdict. Block/benign verdicts skip the call — no wasted round trip.
• Final verdict ORs three layers: embedding ∨ offline ∨ (classifier confident).

Cumulative across v0.4.0 → v0.4.2

	v0.3.0	v0.4.0	v0.4.1	v0.4.2
JS tests	52	83	83	91
Python tests	0	28	88	105
Shared JSON pattern files	1	1	3	3
Inline JS lexicon copies	yes	yes	yes	none

Upgrade notes

Nothing for existing users — JS behavior is byte-identical. Python users who want the LLM classifier path should have Ollama running with the model set via SHIELD_CLASSIFIER_MODEL (default deepseek-r1:8b).

Closes

• #3 (v0.4.2 roadmap)