pyr0ball
b1f3d68724
Adds a domain: field to the pattern taxonomy and surfaces per-domain
hit counts in diagnose summaries for faster triage.
Changes:
- LogPattern gains domain: str = "" (backward-compatible default)
- load_patterns() reads domain from YAML via p.get("domain", "")
- All 42 patterns in default.yaml annotated across 10 domains:
service_health | networking | auth | storage | memory |
kernel | power | web_proxy | media | gpu
- _pattern_domain dict built at startup from compiled patterns
- _domain_counts() helper: maps matched_patterns tags to domains,
counts hits per domain across a result set
- diagnose POST: summary includes by_domain: {domain: count}
- diagnose stream: summary SSE event includes by_domain when
pattern_domain is provided (passed from rest.py at startup)
- /api/search gains ?domain= filter: post-filters results to entries
whose matched_patterns include at least one tag in the given domain
Test fixtures: patch _pattern_domain={} and CONTEXT_DB_PATH in
test_blocklist_endpoints.py and test_glean_tautulli.py (worktree
has no data/ dir; same fix as feat/60-incidents-db).
372 tests passing.
Closes: #32
75 lines
2.7 KiB
Python
75 lines
2.7 KiB
Python
"""Core data models for Turnstone log retrieval."""
|
|
from __future__ import annotations
|
|
|
|
from dataclasses import dataclass, field
|
|
|
|
|
|
@dataclass(frozen=True)
|
|
class RetrievedEntry:
|
|
"""A log entry returned by the retriever, with source metadata and scores."""
|
|
|
|
entry_id: str
|
|
source_id: str # log file path or service name
|
|
sequence: int # original line number — glean order, not wall-clock order
|
|
timestamp_raw: str | None # timestamp as it appeared in the log
|
|
timestamp_iso: str | None # parsed to ISO 8601 for sorting; None if unparseable
|
|
ingest_time: str # when Turnstone indexed this entry (wall clock)
|
|
severity: str | None # ERROR / WARN / INFO / DEBUG / None if not detected
|
|
repeat_count: int # collapsed duplicate count (1 = unique)
|
|
out_of_order: bool # True when timestamp precedes predecessor's timestamp
|
|
matched_patterns: tuple[str, ...] = field(default_factory=tuple) # named pattern hits
|
|
text: str = ""
|
|
bm25_score: float = 0.0
|
|
vector_score: float | None = None
|
|
|
|
|
|
@dataclass(frozen=True)
|
|
class LogPattern:
|
|
"""A named regex pattern for tagging entries at glean time."""
|
|
|
|
name: str # e.g. "device_disconnect", "auth_failure"
|
|
pattern: str # regex string
|
|
severity: str # suggested severity if not present in log line
|
|
description: str # human-readable explanation for the UI
|
|
domain: str = "" # service health domain (networking, storage, auth, etc.)
|
|
|
|
|
|
@dataclass(frozen=True)
|
|
class Incident:
|
|
"""A user-tagged time window marking a known event or failure."""
|
|
|
|
id: str # UUID
|
|
label: str # free-text description ("plex crash", "audio broken")
|
|
issue_type: str # short category tag for pattern building ("qbit_stall", "auth_failure")
|
|
started_at: str | None # ISO timestamp; None = open-ended start
|
|
ended_at: str | None # ISO timestamp; None = open-ended end
|
|
notes: str # additional context
|
|
created_at: str # wall-clock when this was tagged
|
|
severity: str # user-assigned: low / medium / high / critical
|
|
|
|
|
|
@dataclass(frozen=True)
|
|
class ReceivedBundle:
|
|
"""A labeled incident bundle received from a remote Turnstone instance."""
|
|
|
|
id: str
|
|
source_host: str
|
|
issue_type: str
|
|
label: str
|
|
severity: str
|
|
started_at: str | None
|
|
bundled_at: str
|
|
entry_count: int
|
|
bundle_json: str # full bundle serialized as JSON string
|
|
|
|
|
|
@dataclass(frozen=True)
|
|
class SentBundle:
|
|
"""A record of a bundle exported or sent from this instance."""
|
|
|
|
id: str
|
|
incident_id: str
|
|
exported_at: str
|
|
sanitized: bool
|
|
entry_count: int
|
|
bundle_json: str
|