feat: v3.0.0 - ML integration, leetspeak detection, Unicode normalization

- Add ML-powered toxicity detection with TensorFlow.js integration
- Implement leetspeak detection with 3 intensity levels (basic, moderate, aggressive)
- Add Unicode normalization for homoglyph and obfuscation detection
- Implement result caching with LRU eviction for high-performance repeated checks
- Add configuration export/import for sharing between environments
- Add comprehensive benchmarks for both JS and Python packages
- Update documentation with new features and API reference

Author: thegdsks

.github/dependabot.yml

@@ -0,0 +1,79 @@
+version: 2
+updates:
+  # Root npm dependencies
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 3
+    groups:
+      # Group ALL minor and patch updates together
+      all-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps)"
+
+  # JavaScript package (packages/js)
+  - package-ecosystem: "npm"
+    directory: "/packages/js"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 3
+    groups:
+      # Group dev dependencies
+      dev-dependencies:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group production dependencies
+      production:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          - "patch"
+    labels:
+      - "dependencies"
+      - "javascript"
+    commit-message:
+      prefix: "chore(deps)"
+
+  # Python dependencies
+  - package-ecosystem: "pip"
+    directory: "/packages/py"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 2
+    groups:
+      all-python:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+    labels:
+      - "dependencies"
+      - "python"
+    commit-message:
+      prefix: "chore(deps)"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 2
+    groups:
+      actions:
+        patterns:
+          - "*"
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps)"

.github/workflows/auto-release.yml

@@ -65,13 +65,27 @@ jobs:
             echo "Manual release triggered: ${{ github.event.inputs.release_type }} (${{ github.event.inputs.channel }})"
             exit 0
           fi
-          
+
+          # Get the commit message
+          COMMIT_MSG=$(git log -1 --pretty=%B)
+          echo "Commit message: $COMMIT_MSG"
+
+          # Skip release for dependency updates and version bumps
+          if [[ "$COMMIT_MSG" =~ ^chore\(deps ]] || \
+             [[ "$COMMIT_MSG" =~ ^Merge\ pull\ request.*dependabot ]] || \
+             [[ "$COMMIT_MSG" =~ \[skip\ ci\] ]] || \
+             [[ "$COMMIT_MSG" =~ ^chore:\ bump\ version ]]; then
+            echo "should_release=false" >> $GITHUB_OUTPUT
+            echo "⏭️ Skipping release for dependency/maintenance commit"
+            exit 0
+          fi
+
           # Use sync-versions.js script for semantic release detection
           chmod +x scripts/sync-versions.js
-          
+
           # Check if commit should trigger a release using our semantic detection
           RELEASE_OUTPUT=$(node scripts/sync-versions.js detect 2>&1)
-          
+
           if echo "$RELEASE_OUTPUT" | grep -q "should_release=true"; then
             echo "$RELEASE_OUTPUT" >> $GITHUB_OUTPUT
             echo "🎯 Semantic release detected"
@@ -210,6 +224,7 @@ jobs:
   publish-npm:
     name: 📦 Publish to npm
     runs-on: ubuntu-latest
+    environment: npm-publish
     needs: [detect-release, bump-version, build]
     if: always() && needs.detect-release.outputs.should_release == 'true' && needs.build.result == 'success'
 
@@ -238,17 +253,20 @@ jobs:
           name: packages-${{ github.sha }}
           path: ./artifacts/
 
-      - name: 🔧 Install root dependencies  
+      - name: 🔧 Upgrade npm for OIDC support
+        run: npm install -g npm@latest
+
+      - name: 🔧 Install root dependencies
         run: |
           # Install root dependencies to get husky and other tools
           npm ci
-          
+
       - name: 📦 Publish to npm
         working-directory: packages/js
         run: |
           npm ci --ignore-scripts
           npm run build
-          
+
           # Determine npm tag
           if [ "${{ needs.detect-release.outputs.channel }}" = "beta" ]; then
             NPM_TAG="beta"
@@ -257,11 +275,11 @@ jobs:
           else
             NPM_TAG="latest"
           fi
-          
+
           echo "Publishing to npm with tag: $NPM_TAG"
-          npm publish --tag $NPM_TAG
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          # Using OIDC trusted publisher - no token needed
+          # --provenance adds verified build attestation
+          npm publish --tag $NPM_TAG --provenance --access public
 
   # Publish to PyPI
   publish-pypi:
@@ -335,10 +353,17 @@ jobs:
         run: |
           git config --local user.email "action@github.com"
           git config --local user.name "GitHub Action"
-          
+
           TAG_NAME="v${{ needs.bump-version.outputs.new_version }}"
-          git tag $TAG_NAME
-          git push origin $TAG_NAME
+
+          # Check if tag already exists
+          if git rev-parse "$TAG_NAME" >/dev/null 2>&1; then
+            echo "⚠️ Tag $TAG_NAME already exists, skipping tag creation"
+          else
+            git tag $TAG_NAME
+            git push origin $TAG_NAME
+            echo "✅ Created and pushed tag $TAG_NAME"
+          fi
           
       - name: 📝 Generate Release Notes
         id: notes