Back to docs
Classifier Behavior

Schema Gaps & Classifier

How unknown resources get classified. Agents should check source to distinguish rules from semantic fallback.

RecourseOS is rules-first. Deterministic handlers decide known AWS, GCP, Azure, and Azure AD resource types. The unknown-resource classifier only runs when a resource type does not have a known handler and --classifier is enabled.

Public Contract

Classifier output uses the same recoverability tiers as deterministic rules:

  • reversible
  • recoverable-with-effort
  • recoverable-from-backup
  • unrecoverable
  • needs-review

Unknown-resource classification is conservative. When evidence is weak, ambiguous, or missing, RecourseOS should return needs-review instead of marking a destructive change safe.

Semantic Signals

The classifier looks for provider-neutral safety signals that commonly affect recoverability:

  • deletion protection
  • versioning or soft delete
  • backups, snapshots, and point-in-time recovery
  • recovery or deletion windows
  • config-only resources
  • attachment or relationship resources
  • credential material that cannot be recovered after deletion

Known Limits

Some resources require context that may not exist in a Terraform plan, shell command, or MCP tool call:

  • DNS record recovery can depend on out-of-band zone backups, IP ownership, and target resource state.
  • Secret, key, and certificate child resources may not include parent retention or purge-protection settings.
  • Unknown provider resources can look similar while having very different recovery behavior.
  • Live cloud state is only available when explicit evidence is supplied.

BitNet Classifier

BitNet is a 1-bit quantized neural network classifier for unknown resource types. It handles the long tail of cloud providers (Scaleway, UpCloud, Exoscale, Hetzner, etc.) that don't have explicit handlers.

Architecture

The classifier uses a three-layer routing system:

  1. 1. Exact mappings (confidence 1.0): Manually verified resource → category mappings for ~180 common resources.
  2. 2. BitNet model (89% accuracy): 1-bit quantized neural network trained on 400+ labeled resource types.
  3. 3. Pattern fallback: Regex-based pattern matching for common suffixes like _bucket, _volume, _policy.

Model Characteristics

  • Size: ~217 KB (ships with binary)
  • Architecture: Token embeddings → 64-dim hidden layer → 13 output categories
  • Training data: 400+ resource types across 10+ cloud providers
  • Production accuracy: 90.5% on held-out test (105/116)

Known Model Weaknesses

PatternFailure ModeFix
_document suffixOver-demotes to no-verificationExact mapping for google_firestore_document
_container suffixOver-demotes to no-verificationExact mapping for CosmosDB containers
_attached suffixOver-demotes to no-verificationExact mapping for google_compute_attached_disk
serverless_cacheMisclassifies as streamingExact mapping for aws_elasticache_serverless_cache
ami tokenNot recognized as disk imageExact mappings for aws_ami, aws_ami_copy
_ciphertext suffixOver-demotes to no-verificationExact mapping for google_kms_secret_ciphertext

Safety Requirements

  • Rules win for known resources.
  • Unknown destructive resources require evidence before they can be treated as safe.
  • Classifier output must include confidence and evidence.
  • Missing recovery evidence should be visible to users and agents.
  • False-safe outcomes are more dangerous than false-review outcomes.