feat: domain-view mapping for patterns and diagnose output (#32) #64

Closed

pyr0ball wants to merge 0 commits from feat/32-domain-view into main

pyr0ball commented

2026-06-01 19:57:30 -07:00

Owner

Summary

LogPattern gains domain: str = "" — backward compatible, existing YAML without domain: still parses
All 42 patterns annotated across 10 domains: service_health, networking, auth, storage, memory, kernel, power, web_proxy, media, gpu
Diagnose POST and stream summaries include by_domain: {domain: count} — instant triage signal before reading individual entries
/api/search?domain=networking post-filters results to entries tagged with patterns in that domain

Test plan

372 tests passing
Run a ZFS+Plex diagnose — confirm by_domain: {storage: N, media: M} in summary
Run /api/search?q=error&domain=networking — confirm only networking-tagged entries returned
Check that patterns without a domain: field (future custom patterns) return empty domain counts without errors

## Summary - `LogPattern` gains `domain: str = ""` — backward compatible, existing YAML without `domain:` still parses - All 42 patterns annotated across 10 domains: service_health, networking, auth, storage, memory, kernel, power, web_proxy, media, gpu - Diagnose POST and stream summaries include `by_domain: {domain: count}` — instant triage signal before reading individual entries - `/api/search?domain=networking` post-filters results to entries tagged with patterns in that domain ## Test plan - [ ] 372 tests passing - [ ] Run a ZFS+Plex diagnose — confirm `by_domain: {storage: N, media: M}` in summary - [ ] Run `/api/search?q=error&domain=networking` — confirm only networking-tagged entries returned - [ ] Check that patterns without a `domain:` field (future custom patterns) return empty domain counts without errors

pyr0ball added 1 commit 2026-06-01 19:57:31 -07:00

feat: domain-view mapping for patterns and diagnose output (#32 ) 02c1b1a032

Adds a domain: field to the pattern taxonomy and surfaces per-domain
hit counts in diagnose summaries for faster triage.

Changes:
- LogPattern gains domain: str = "" (backward-compatible default)
- load_patterns() reads domain from YAML via p.get("domain", "")
- All 42 patterns in default.yaml annotated across 10 domains:
    service_health | networking | auth | storage | memory |
    kernel | power | web_proxy | media | gpu
- _pattern_domain dict built at startup from compiled patterns
- _domain_counts() helper: maps matched_patterns tags to domains,
  counts hits per domain across a result set
- diagnose POST: summary includes by_domain: {domain: count}
- diagnose stream: summary SSE event includes by_domain when
  pattern_domain is provided (passed from rest.py at startup)
- /api/search gains ?domain= filter: post-filters results to entries
  whose matched_patterns include at least one tag in the given domain

Test fixtures: patch _pattern_domain={} and CONTEXT_DB_PATH in
test_blocklist_endpoints.py and test_glean_tautulli.py (worktree
has no data/ dir; same fix as feat/60-incidents-db).

372 tests passing.

Closes: #32