2026-05-11 13:00:52 -07:00
4 changed files with 214 additions and 19 deletions
--- a/app/rest.py
+++ b/app/rest.py
@ -62,10 +62,18 @@ def _startup() -> None:
    ensure_schema(DB_PATH)
-_PREFS_DEFAULTS: dict[str, str] = {
+_PREFS_DEFAULTS: dict = {
    "entry_point_style": "topbar",
    "llm_url": "http://localhost:11434",
    "llm_model": "llama3.1:8b",
    "severity_overrides": [
        {
            "name": "PAM auth noise",
            "pattern": r"pam_unix.*auth(?:entication)?\s+fail|auth could not identify",
            "override_severity": "WARN",
            "enabled": True,
        }
    ],
 }
@ -89,10 +97,18 @@ class DiagnoseRequest(BaseModel):
    until: str | None = None
 class SeverityOverride(BaseModel):
    name: str
    pattern: str
    override_severity: str
    enabled: bool = True
 class SettingsBody(BaseModel):
    entry_point_style: str | None = None
    llm_url: str | None = None
    llm_model: str | None = None
    severity_overrides: list[SeverityOverride] | None = None
 class IncidentCreate(BaseModel):
@ -244,6 +260,8 @@ def patch_settings(body: SettingsBody) -> dict:
        prefs["llm_url"] = body.llm_url
    if body.llm_model is not None:
        prefs["llm_model"] = body.llm_model
    if body.severity_overrides is not None:
        prefs["severity_overrides"] = [o.model_dump() for o in body.severity_overrides]
    _save_prefs(prefs)
    return prefs
@ -257,7 +275,8 @@ def list_sources() -> dict:
 def get_stats(
    window: Annotated[int, Query(ge=1, le=168, description="Hours to look back")] = 24,
 ) -> dict:
-    return _stats(DB_PATH, window_hours=window)
+    prefs = _load_prefs()
    return _stats(DB_PATH, window_hours=window, severity_overrides=prefs.get("severity_overrides", []))
@router.post("/api/incidents")
--- a/app/services/search.py
+++ b/app/services/search.py
@ -317,11 +317,33 @@ def list_sources(db_path: Path) -> list[dict]:
    ]
-def stats_summary(db_path: Path, window_hours: int = 24) -> dict:
+def _compile_overrides(overrides: list[dict]) -> list[tuple[re.Pattern[str], str]]:
    """Return (compiled_pattern, override_severity) pairs for enabled rules."""
    compiled = []
    for rule in overrides:
        if not rule.get("enabled", True):
            continue
        try:
            compiled.append((re.compile(rule["pattern"], re.IGNORECASE), rule["override_severity"]))
        except re.error:
            pass
    return compiled
 def _apply_overrides(text: str, original_severity: str, rules: list[tuple[re.Pattern[str], str]]) -> str:
    for pattern, new_sev in rules:
        if pattern.search(text):
            return new_sev
    return original_severity
 def stats_summary(db_path: Path, window_hours: int = 24, severity_overrides: list[dict] | None = None) -> dict:
    """Return aggregate health stats for the dashboard.
    Queries plain log_entries (not FTS) so it works even before the index is built.
    """
    rules = _compile_overrides(severity_overrides or [])
    conn = sqlite3.connect(str(db_path))
    conn.execute("PRAGMA journal_mode=WAL")
    conn.row_factory = sqlite3.Row
@ -365,25 +387,36 @@ def stats_summary(db_path: Path, window_hours: int = 24) -> dict:
        for r in source_rows
    ]
-    # 5 most recent critical entries
+    # Fetch candidate criticals (fetch more so filtering doesn't leave us with too few)
    crit_rows = conn.execute("""
-        SELECT id as entry_id, source_id, sequence, timestamp_iso, severity,
+        SELECT id as entry_id, source_id, timestamp_iso, severity, text
               repeat_count, out_of_order, matched_patterns, text, 0.0 as rank
        FROM log_entries
        WHERE severity = 'CRITICAL' AND repeat_count = 1
        ORDER BY timestamp_iso DESC
-        LIMIT 5
+        LIMIT 25
    """).fetchall()
-    recent_criticals = [
+
-        {
+    # Apply overrides: skip entries whose effective severity is no longer CRITICAL
    suppressed = 0
    recent_criticals = []
    for r in crit_rows:
        effective = _apply_overrides(r["text"], r["severity"], rules)
        if effective == "CRITICAL":
            recent_criticals.append({
                "entry_id": r["entry_id"],
                "source_id": r["source_id"],
                "timestamp_iso": r["timestamp_iso"],
                "severity": r["severity"],
                "text": r["text"],
-        }
+            })
-        for r in crit_rows
+            if len(recent_criticals) == 5:
-    ]
+                break
        else:
            suppressed += 1
    # When did we last ingest anything?
    last_row = conn.execute("SELECT MAX(ingest_time) AS t FROM log_entries").fetchone()
    last_ingested: str | None = last_row["t"] if last_row else None
    conn.close()
@ -394,6 +427,8 @@ def stats_summary(db_path: Path, window_hours: int = 24) -> dict:
        "errors_24h": errors_24h,
        "source_health": source_health,
        "recent_criticals": recent_criticals,
        "suppressed_criticals": suppressed,
        "last_ingested": last_ingested,
    }
--- a/web/src/views/DashboardView.vue
+++ b/web/src/views/DashboardView.vue
@ -1,6 +1,15 @@
 <template>
  <div class="p-6 max-w-5xl mx-auto space-y-8">
    <!-- Data freshness banner -->
    <div
      v-if="!loading && stats && isStale"
      class="flex items-center gap-2 rounded border border-surface-border bg-surface-raised px-4 py-2.5 text-xs text-text-dim"
    >
      <span class="text-sev-warn">⚠</span>
      <span>Last ingested: <span class="text-text-muted">{{ shortTs(stats.last_ingested) }}</span> — 24h counts reflect this window, not today.</span>
    </div>
    <!-- Stat cards -->
    <div class="grid grid-cols-1 sm:grid-cols-3 gap-4">
      <div class="rounded border border-surface-border bg-surface-raised p-5">
@ -8,6 +17,9 @@
        <p class="text-3xl font-semibold tabular-nums" :class="stats?.criticals_24h ? 'text-sev-critical' : 'text-text-muted'">
          {{ loading ? '…' : (stats?.criticals_24h ?? 0) }}
        </p>
        <p v-if="stats?.suppressed_criticals" class="text-xs text-text-dim mt-1">
          {{ stats.suppressed_criticals }} suppressed by overrides
        </p>
      </div>
      <div class="rounded border border-surface-border bg-surface-raised p-5">
        <p class="text-text-dim text-xs uppercase tracking-widest mb-2">Errors (24h)</p>
@ -99,6 +111,10 @@
          <p class="text-text-primary text-sm font-mono leading-relaxed line-clamp-2">{{ entry.text }}</p>
        </div>
      </div>
      <p v-if="stats.suppressed_criticals" class="text-xs text-text-dim mt-2">
        {{ stats.suppressed_criticals }} additional critical{{ stats.suppressed_criticals !== 1 ? 's' : '' }} hidden by
        <RouterLink to="/settings" class="text-accent hover:underline">severity overrides</RouterLink>.
      </p>
    </div>
    <!-- Zero state: everything clean -->
@ -115,7 +131,7 @@
 <script setup lang="ts">
 import { ref, computed, onMounted } from 'vue'
-import { useRouter } from 'vue-router'
+import { useRouter, RouterLink } from 'vue-router'
 const router = useRouter()
 const BASE = import.meta.env.BASE_URL.replace(/\/$/, '')
@ -132,6 +148,8 @@ interface StatsResponse {
  total_24h: number
  criticals_24h: number
  errors_24h: number
  suppressed_criticals: number
  last_ingested: string | null
  source_health: SourceHealth[]
  recent_criticals: Array<{
    entry_id: string
@ -156,6 +174,12 @@ const activeIncidents = computed(() =>
  incidents.value.filter(i => !i.ended_at).length
 )
 const isStale = computed(() => {
  if (!stats.value?.last_ingested) return false
  const age = Date.now() - new Date(stats.value.last_ingested).getTime()
  return age > 25 * 60 * 60 * 1000  // older than 25h
 })
 onMounted(async () => {
  await Promise.all([loadStats(), loadIncidents()])
 })
--- a/web/src/views/SettingsView.vue
+++ b/web/src/views/SettingsView.vue
@ -66,6 +66,84 @@
        </div>
      </div>
      <!-- Severity overrides -->
      <div>
        <h2 class="text-text-primary text-sm font-semibold mb-1">Severity Overrides</h2>
        <p class="text-text-dim text-xs mb-3">
          Regex rules applied at query time — entries that match are shown at the overridden severity on the dashboard. DB values are unchanged.
        </p>
        <div class="space-y-2 mb-3">
          <div
            v-for="(rule, i) in prefs.severity_overrides"
            :key="i"
            class="flex items-start gap-3 rounded border border-surface-border bg-surface p-3"
          >
            <button
              @click="toggleOverride(i)"
              :class="[
                'mt-0.5 w-9 h-5 rounded-full flex-shrink-0 transition-colors relative',
                rule.enabled ? 'bg-accent' : 'bg-surface-border'
              ]"
              :title="rule.enabled ? 'Enabled — click to disable' : 'Disabled — click to enable'"
            >
              <span :class="['absolute top-0.5 w-4 h-4 rounded-full bg-white shadow transition-transform', rule.enabled ? 'translate-x-4' : 'translate-x-0.5']"></span>
            </button>
            <div class="flex-1 min-w-0">
              <div class="flex items-center gap-2 flex-wrap">
                <span class="text-sm text-text-primary font-medium">{{ rule.name }}</span>
                <span class="text-xs px-1.5 py-0.5 rounded bg-surface-border text-text-dim">→ {{ rule.override_severity }}</span>
              </div>
              <p class="text-xs text-text-dim font-mono mt-0.5 truncate">{{ rule.pattern }}</p>
            </div>
            <button
              @click="deleteOverride(i)"
              class="text-text-dim hover:text-sev-error text-xs flex-shrink-0 mt-0.5"
              title="Delete rule"
            >✕</button>
          </div>
          <p v-if="!prefs.severity_overrides?.length" class="text-text-dim text-xs">No rules configured.</p>
        </div>
        <!-- Add rule form -->
        <div v-if="!showAddOverride">
          <button
            @click="showAddOverride = true"
            class="text-accent text-xs hover:underline"
          >+ Add override rule</button>
        </div>
        <div v-else class="rounded border border-surface-border bg-surface p-3 space-y-2">
          <div class="grid grid-cols-1 sm:grid-cols-2 gap-2">
            <div>
              <label class="block text-xs text-text-dim mb-1">Name</label>
              <input v-model="newRule.name" type="text" placeholder="e.g. PAM auth noise"
                class="w-full bg-surface-raised border border-surface-border rounded px-2 py-1.5 text-sm text-text-primary placeholder-text-dim focus:outline-none focus:border-accent" />
            </div>
            <div>
              <label class="block text-xs text-text-dim mb-1">Override severity</label>
              <select v-model="newRule.override_severity"
                class="w-full bg-surface-raised border border-surface-border rounded px-2 py-1.5 text-sm text-text-primary focus:outline-none focus:border-accent">
                <option>WARN</option>
                <option>INFO</option>
                <option>DEBUG</option>
              </select>
            </div>
          </div>
          <div>
            <label class="block text-xs text-text-dim mb-1">Pattern (regex)</label>
            <input v-model="newRule.pattern" type="text" placeholder="e.g. pam_unix.*auth"
              class="w-full bg-surface-raised border border-surface-border rounded px-2 py-1.5 text-sm font-mono text-text-primary placeholder-text-dim focus:outline-none focus:border-accent" />
          </div>
          <div class="flex gap-2">
            <button @click="addOverride"
              class="px-3 py-1.5 bg-accent text-surface text-xs rounded font-medium hover:opacity-90 transition-opacity">
              Add
            </button>
            <button @click="showAddOverride = false" class="text-text-dim hover:text-text-primary text-xs">Cancel</button>
          </div>
        </div>
      </div>
      <p
        v-if="saveStatus"
        class="text-xs"
@ -82,14 +160,24 @@ import { ref, onMounted } from 'vue'
 const BASE = import.meta.env.BASE_URL.replace(/\/$/, '')
 interface SeverityOverride {
  name: string
  pattern: string
  override_severity: string
  enabled: boolean
 }
 interface Prefs {
  entry_point_style: 'topbar' | 'fab'
  llm_url: string
  llm_model: string
  severity_overrides: SeverityOverride[]
 }
-const prefs      = ref<Prefs>({ entry_point_style: 'topbar', llm_url: '', llm_model: '' })
+const prefs      = ref<Prefs>({ entry_point_style: 'topbar', llm_url: '', llm_model: '', severity_overrides: [] })
 const saveStatus = ref<{ ok: boolean; msg: string } | null>(null)
 const showAddOverride = ref(false)
 const newRule = ref<SeverityOverride>({ name: '', pattern: '', override_severity: 'WARN', enabled: true })
 const entryPointOptions = [
  { value: 'topbar', label: 'Top bar',  desc: 'Persistent input bar below the nav on every page' },
@ -134,4 +222,33 @@ async function saveLlm() {
    saveStatus.value = { ok: false, msg: 'Save failed — check server connection' }
  }
 }
 async function saveOverrides() {
  try {
    await patch({ severity_overrides: prefs.value.severity_overrides })
    saveStatus.value = { ok: true, msg: 'Overrides saved' }
    setTimeout(() => { saveStatus.value = null }, 2000)
  } catch {
    saveStatus.value = { ok: false, msg: 'Save failed — check server connection' }
  }
 }
 async function toggleOverride(i: number) {
  const rule = prefs.value.severity_overrides[i]
  if (rule) rule.enabled = !rule.enabled
  await saveOverrides()
 }
 async function deleteOverride(i: number) {
  prefs.value.severity_overrides.splice(i, 1)
  await saveOverrides()
 }
 async function addOverride() {
  if (!newRule.value.name.trim() || !newRule.value.pattern.trim()) return
  prefs.value.severity_overrides.push({ ...newRule.value })
  newRule.value = { name: '', pattern: '', override_severity: 'WARN', enabled: true }
  showAddOverride.value = false
  await saveOverrides()
 }
 </script>