pyr0ball
1131816666
Bundle export (#51): - _redact_text() with 5 compiled regex patterns (IPv4, email, user=, host=, password=) - build_bundle(sanitize=False) — per-entry redaction at export time - sent_bundles table tracks every outgoing export (GET and POST /send) - GET /api/sent-bundles exposes history; SentBundle model added - BundlesView: Received/Sent tabs, sanitized badge, 5-entry preview, re-download - IncidentsView: Sanitize PII checkbox next to Send Bundle Onboarding wizard (#52): - app/services/discover.py: journald/Docker/file detection (best-effort, safe in containers) - GET /api/setup/status, /discover, POST /api/setup/write (additive, appends to existing) - SetupWizard.vue: 3-step Detect → Select → Confirm - Step 1 shows grouped summary (journald/file/docker counts) - Step 2: collapsible groups with All/None section toggles - journald + file: pre-selected; docker: collapsed, none pre-selected - Step 3: YAML preview before write - SourcesView: shows wizard on first run; Add Source button reuses it NL source addition (#53): - app/services/nl_source.py: keyword shortcut (13 well-known apps) + LLM fallback - POST /api/setup/interpret: keyword → LLM → null (graceful fallback) - NL field in wizard step 2; manual form shown when interpretation fails - Added sources appear in grouped list immediately
74 lines
2.7 KiB
Python
74 lines
2.7 KiB
Python
"""Core data models for Turnstone log retrieval."""
|
|
from __future__ import annotations
|
|
|
|
from dataclasses import dataclass, field
|
|
|
|
|
|
@dataclass(frozen=True)
|
|
class RetrievedEntry:
|
|
"""A log entry returned by the retriever, with source metadata and scores."""
|
|
|
|
entry_id: str
|
|
source_id: str # log file path or service name
|
|
sequence: int # original line number — glean order, not wall-clock order
|
|
timestamp_raw: str | None # timestamp as it appeared in the log
|
|
timestamp_iso: str | None # parsed to ISO 8601 for sorting; None if unparseable
|
|
ingest_time: str # when Turnstone indexed this entry (wall clock)
|
|
severity: str | None # ERROR / WARN / INFO / DEBUG / None if not detected
|
|
repeat_count: int # collapsed duplicate count (1 = unique)
|
|
out_of_order: bool # True when timestamp precedes predecessor's timestamp
|
|
matched_patterns: tuple[str, ...] = field(default_factory=tuple) # named pattern hits
|
|
text: str = ""
|
|
bm25_score: float = 0.0
|
|
vector_score: float | None = None
|
|
|
|
|
|
@dataclass(frozen=True)
|
|
class LogPattern:
|
|
"""A named regex pattern for tagging entries at glean time."""
|
|
|
|
name: str # e.g. "device_disconnect", "auth_failure"
|
|
pattern: str # regex string
|
|
severity: str # suggested severity if not present in log line
|
|
description: str # human-readable explanation for the UI
|
|
|
|
|
|
@dataclass(frozen=True)
|
|
class Incident:
|
|
"""A user-tagged time window marking a known event or failure."""
|
|
|
|
id: str # UUID
|
|
label: str # free-text description ("plex crash", "audio broken")
|
|
issue_type: str # short category tag for pattern building ("qbit_stall", "auth_failure")
|
|
started_at: str | None # ISO timestamp; None = open-ended start
|
|
ended_at: str | None # ISO timestamp; None = open-ended end
|
|
notes: str # additional context
|
|
created_at: str # wall-clock when this was tagged
|
|
severity: str # user-assigned: low / medium / high / critical
|
|
|
|
|
|
@dataclass(frozen=True)
|
|
class ReceivedBundle:
|
|
"""A labeled incident bundle received from a remote Turnstone instance."""
|
|
|
|
id: str
|
|
source_host: str
|
|
issue_type: str
|
|
label: str
|
|
severity: str
|
|
started_at: str | None
|
|
bundled_at: str
|
|
entry_count: int
|
|
bundle_json: str # full bundle serialized as JSON string
|
|
|
|
|
|
@dataclass(frozen=True)
|
|
class SentBundle:
|
|
"""A record of a bundle exported or sent from this instance."""
|
|
|
|
id: str
|
|
incident_id: str
|
|
exported_at: str
|
|
sanitized: bool
|
|
entry_count: int
|
|
bundle_json: str
|