turnstone/app/services/models.py

"""Core data models for Turnstone log retrieval."""
from __future__ import annotations

from dataclasses import dataclass, field


@dataclass(frozen=True)
class RetrievedEntry:
    """A log entry returned by the retriever, with source metadata and scores."""

    entry_id: str
    source_id: str          # log file path or service name
    sequence: int           # original line number — ingest order, not wall-clock order
    timestamp_raw: str | None       # timestamp as it appeared in the log
    timestamp_iso: str | None       # parsed to ISO 8601 for sorting; None if unparseable
    ingest_time: str                # when Turnstone indexed this entry (wall clock)
    severity: str | None            # ERROR / WARN / INFO / DEBUG / None if not detected
    repeat_count: int               # collapsed duplicate count (1 = unique)
    out_of_order: bool              # True when timestamp precedes predecessor's timestamp
    matched_patterns: tuple[str, ...] = field(default_factory=tuple)  # named pattern hits
    text: str = ""
    bm25_score: float = 0.0
    vector_score: float | None = None


@dataclass(frozen=True)
class LogPattern:
    """A named regex pattern for tagging entries at ingest time."""

    name: str           # e.g. "device_disconnect", "auth_failure"
    pattern: str        # regex string
    severity: str       # suggested severity if not present in log line
    description: str    # human-readable explanation for the UI


@dataclass(frozen=True)
class Incident:
    """A user-tagged time window marking a known event or failure."""

    id: str                    # UUID
    label: str                 # free-text description ("plex crash", "audio broken")
    started_at: str | None     # ISO timestamp; None = open-ended start
    ended_at: str | None       # ISO timestamp; None = open-ended end
    notes: str                 # additional context
    created_at: str            # wall-clock when this was tagged
    severity: str              # user-assigned: low / medium / high / critical