v1.0.0
Initial release of cboxdk/laravel-risk — an explainable, config-driven request risk-scoring pipeline for Laravel.
Weighted-additive scoring (RiskContext → Signals → Outcome: allow/flag/challenge/step-up/reject) with a full reasons breakdown on every assessment.
Free-core signals (no paid API, clean licenses): honeypot + submit timing, user-agent anomalies, disposable email (bundled list), MX-record deliverability, velocity (per-IP, HMAC-stored), IP reputation (stamparm/ipsum, banded by list count), and Tor exit. Opt-in StopForumSpam (cached, fail-open).
DX: risk: middleware, RiskAssessed event hook, Risk facade, contract-based providers (IpReputation/DisposableDomains/MailDomainResolver/TorExitNodes) + swappable cache, custom signals via config, test fakes. Configurable weights, thresholds, per-signal bands, allowlists, and monitor/enforce mode.
Ships in monitor mode; explainable by design (GDPR Art. 22); data-minimization defaults. See the docs and CHANGELOG.