intel

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package intel provides a client for the Intel-engine remediation API.

Index

Constants

View Source 
const (
	// DefaultBaseURL is the default Intel-engine MCP API endpoint.
	// MCP routes are at mcp.emphere.dev/v1/* (not api.emphere.dev/v1/intel/*)
	DefaultBaseURL = "https://mcp.emphere.dev"

	// DefaultTimeout is the default HTTP request timeout.
	DefaultTimeout = 30 * time.Second
)

Variables

This section is empty.

Functions

This section is empty.

Types

type APIError 

type APIError struct {
	Error   string `json:"error"`
	Message string `json:"message,omitempty"`
	Detail  string `json:"detail,omitempty"`
}

APIError represents an error response from the API.

type AffectedPackage 

type AffectedPackage struct {
	Name      string `json:"name"`
	Ecosystem string `json:"ecosystem"`
}

AffectedPackage represents a package affected by the CVE.

type AnalyzeCVERequest 

type AnalyzeCVERequest struct {
	CVEID          string  `json:"cve_id"`
	PackageName    *string `json:"package_name,omitempty"`
	CurrentVersion *string `json:"current_version,omitempty"`
	Ecosystem      *string `json:"ecosystem,omitempty"`
	OutputFormat   string  `json:"output_format,omitempty"` // "summary" or "full"
}

AnalyzeCVERequest is the request for CVE analysis.

type AnalyzeCVEResponse 

type AnalyzeCVEResponse struct {
	// Action-oriented fields (primary decision)
	Action          string        `json:"action"`                      // fix_now, fix_later, already_fixed, not_affected, no_fix, needs_review
	ActionReason    string        `json:"action_reason,omitempty"`     // Explanation for action
	CanAutoFix      bool          `json:"can_auto_fix"`                // True if safe to auto-apply
	AutoFixBlockers []string      `json:"auto_fix_blockers,omitempty"` // Reasons blocking auto-fix
	Fix             *FixInfo      `json:"fix,omitempty"`               // Fix command and details
	VerifyCommand   *string       `json:"verify_command,omitempty"`    // Command to verify fix worked
	FeedbackHint    *FeedbackHint `json:"feedback_hint,omitempty"`     // Present when feedback is valuable

	// Version status (if current_version was provided)
	VersionStatus       *string `json:"version_status,omitempty"`        // not_affected, vulnerable, fixed
	VersionStatusReason *string `json:"version_status_reason,omitempty"` // Explanation

	// Risk glance (compact risk summary)
	Risk *RiskGlance `json:"risk,omitempty"`

	// Core identifiers
	CVEID            string            `json:"cve_id"`
	PackageName      *string           `json:"package_name,omitempty"`
	AffectedPackages []AffectedPackage `json:"affected_packages,omitempty"`
	Ecosystem        *string           `json:"ecosystem,omitempty"`

	// Verdict (original decision)
	Verdict string  `json:"verdict,omitempty"` // patch_immediately, patch_with_caution, defer, etc.
	TLDR    *string `json:"tldr,omitempty"`    // One-line summary for quick decision

	// Upgrade path
	UpgradePath *string `json:"upgrade_path,omitempty"` // e.g., "4.17.15 → 4.17.21"
	FixVersion  *string `json:"fix_version,omitempty"`

	// Exploitability signals
	KEVListed      *bool    `json:"kev_listed,omitempty"` // nil = not analyzed
	EPSSScore      *float64 `json:"epss_score,omitempty"`
	EPSSPercentile *float64 `json:"epss_percentile,omitempty"`
	CVSSScore      *float64 `json:"cvss_score,omitempty"`
	EffectiveRisk  *string  `json:"effective_risk,omitempty"`  // critical, high, medium, low
	RecommendedSLA *string  `json:"recommended_sla,omitempty"` // immediate, 24h, 7d, 30d

	// Safety signals (breaking changes + stability)
	HasBreakingChanges bool     `json:"has_breaking_changes"`
	BreakingChanges    []string `json:"breaking_changes,omitempty"` // Descriptions
	Stability          *string  `json:"stability,omitempty"`        // "90% stable, 5% regret"
	RegretIndex        *float64 `json:"regret_index,omitempty"`
	RequiresRestart    *bool    `json:"requires_restart,omitempty"`
	RestartType        *string  `json:"restart_type,omitempty"` // service, reboot

	// Transitive impact
	TransitiveImpact      *string `json:"transitive_impact,omitempty"` // Human-readable
	TransitiveNetPositive *bool   `json:"transitive_net_positive,omitempty"`

	// Remediation commands
	RemediationCommands []RemediationCommand `json:"remediation_commands,omitempty"`
	ActionItems         []string             `json:"action_items,omitempty"`

	// Environment flags
	RemediationType *string `json:"remediation_type,omitempty"`
	RequiresGUI     *bool   `json:"requires_gui,omitempty"`
	RequiresReboot  *bool   `json:"requires_reboot,omitempty"`
	AppliesTo       *string `json:"applies_to,omitempty"`

	// Summaries
	ExecutiveSummary *string `json:"executive_summary,omitempty"`
	EngineerSummary  *string `json:"engineer_summary,omitempty"`

	// Decision support
	DeferSafe *bool    `json:"defer_safe,omitempty"`
	Caveats   []string `json:"caveats,omitempty"`

	// Metadata
	Cached bool `json:"cached"`

	// Error fields (for error responses)
	Error     *string `json:"error,omitempty"`
	ErrorCode *string `json:"error_code,omitempty"`
}

AnalyzeCVEResponse is the response from CVE analysis. Matches intel-engine _format_summary() output.

type BatchTriageRequest 

type BatchTriageRequest struct {
	CVEIDs []string `json:"cve_ids"`
}

BatchTriageRequest is the request for batch CVE triage.

type BatchTriageResponse 

type BatchTriageResponse struct {
	Results []VerdictResponse `json:"results"` // Sorted by risk
	Summary TriageSummary     `json:"summary"`
	Error   *string           `json:"error,omitempty"`
}

BatchTriageResponse is the batch triage response. Matches intel-engine _batch_triage_impl() output.

type CheckAffectedRequest 

type CheckAffectedRequest struct {
	CVEID          string `json:"cve_id"`
	PackageName    string `json:"package_name"`
	CurrentVersion string `json:"current_version"`
	Ecosystem      string `json:"ecosystem"`
}

CheckAffectedRequest checks if a specific version is affected.

type CheckAffectedResponse 

type CheckAffectedResponse struct {
	CVEID               string  `json:"cve_id"`
	PackageName         string  `json:"package_name"`
	CurrentVersion      string  `json:"current_version"`
	Ecosystem           string  `json:"ecosystem"`
	Status              string  `json:"status"` // not_affected, vulnerable, fixed, unknown, error
	Explanation         *string `json:"explanation,omitempty"`
	FixVersion          *string `json:"fix_version,omitempty"`
	IntroducedVersion   *string `json:"introduced_version,omitempty"`
	LastAffectedVersion *string `json:"last_affected_version,omitempty"`
	Action              string  `json:"action,omitempty"` // none_required, upgrade_recommended
	Message             *string `json:"message,omitempty"`
	Cached              bool    `json:"cached"`
	Error               *string `json:"error,omitempty"`
	ErrorCode           *string `json:"error_code,omitempty"`
}

CheckAffectedResponse is the affected check response. Matches intel-engine _check_if_affected_impl() output.

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is an HTTP client for the Intel-engine API.

func NewClient 

func NewClient(keypair *auth.Keypair, opts ...ClientOption) *Client

NewClient creates a new Intel-engine API client.

func (*Client) AnalyzeCVE 

func (c *Client) AnalyzeCVE(ctx context.Context, req *AnalyzeCVERequest) (*AnalyzeCVEResponse, error)

AnalyzeCVE performs full CVE analysis.

func (*Client) BatchTriage 

func (c *Client) BatchTriage(ctx context.Context, cveIDs []string) (*BatchTriageResponse, error)

BatchTriage triages multiple CVEs at once.

func (*Client) CheckIfAffected 

func (c *Client) CheckIfAffected(ctx context.Context, req *CheckAffectedRequest) (*CheckAffectedResponse, error)

CheckIfAffected checks if a specific version is affected by a CVE.

func (*Client) GetCVEVerdict 

func (c *Client) GetCVEVerdict(ctx context.Context, cveID string) (*VerdictResponse, error)

GetCVEVerdict performs quick verdict lookup.

func (*Client) Ping 

func (c *Client) Ping(ctx context.Context) error

Ping checks if the API is reachable.

func (*Client) ReportOutcome 

func (c *Client) ReportOutcome(ctx context.Context, req *ReportOutcomeRequest) (*ReportOutcomeResponse, error)

ReportOutcome reports the outcome of a remediation attempt. Note: The intel-engine MCP endpoint is /v1/feedback (not report-outcome)

type ClientOption 

type ClientOption func(*Client)

ClientOption configures a Client.

func WithBaseURL 

func WithBaseURL(url string) ClientOption

WithBaseURL sets a custom base URL.

func WithHTTPClient 

func WithHTTPClient(client *http.Client) ClientOption

WithHTTPClient sets a custom HTTP client.

func WithTimeout 

func WithTimeout(timeout time.Duration) ClientOption

WithTimeout sets a custom HTTP timeout.

type CommandAlternative 

type CommandAlternative struct {
	Label   string `json:"label"`
	Command string `json:"command"`
}

CommandAlternative is an alternative command option.

type FeedbackHint 

type FeedbackHint struct {
	Tool    string          `json:"tool"` // "report_remediation_outcome"
	When    string          `json:"when"` // "after attempting remediation"
	Prefill FeedbackPrefill `json:"prefill"`
}

FeedbackHint indicates when feedback should be reported.

type FeedbackPrefill 

type FeedbackPrefill struct {
	CVEID       string `json:"cve_id"`
	PackageName string `json:"package_name,omitempty"`
	Ecosystem   string `json:"ecosystem,omitempty"`
	FromVersion string `json:"from_version,omitempty"`
	ToVersion   string `json:"to_version,omitempty"`
}

FeedbackPrefill contains default values for feedback reporting.

type FixInfo 

type FixInfo struct {
	Command     string  `json:"command"`                // Ready-to-run command
	Tool        *string `json:"tool,omitempty"`         // npm, pip, go, etc.
	Package     *string `json:"package,omitempty"`      // Package name
	FromVersion *string `json:"from_version,omitempty"` // Current version
	ToVersion   *string `json:"to_version,omitempty"`   // Target fix version
}

FixInfo contains the fix command and related information.

type RemediationCommand 

type RemediationCommand struct {
	Order        int                  `json:"order"`
	Action       string               `json:"action"`
	Command      string               `json:"command"`
	Category     string               `json:"category,omitempty"`
	Alternatives []CommandAlternative `json:"alternatives,omitempty"`
}

RemediationCommand is a structured command for remediation.

type ReportOutcomeRequest 

type ReportOutcomeRequest struct {
	CVEID                 string                 `json:"cve_id"`
	PackageName           string                 `json:"package_name"`
	Ecosystem             string                 `json:"ecosystem"`
	FromVersion           string                 `json:"from_version"`
	ToVersion             string                 `json:"to_version"`
	Outcome               string                 `json:"outcome"` // success, failure, partial
	FailureReason         *string                `json:"failure_reason,omitempty"`
	ErrorMessage          *string                `json:"error_message,omitempty"`
	BreakingChangeDetails *string                `json:"breaking_change_details,omitempty"`
	AlternativeVersion    *string                `json:"alternative_version,omitempty"`
	Environment           map[string]interface{} `json:"environment,omitempty"`
}

ReportOutcomeRequest reports a remediation outcome. Note: The endpoint is /v1/feedback (not report-outcome).

type ReportOutcomeResponse 

type ReportOutcomeResponse struct {
	Success     bool    `json:"success"`
	FeedbackID  *string `json:"feedback_id,omitempty"`
	Message     *string `json:"message,omitempty"`
	CVEID       *string `json:"cve_id,omitempty"`
	PackageName *string `json:"package_name,omitempty"`
	Outcome     *string `json:"outcome,omitempty"`
	Error       *string `json:"error,omitempty"`
	ErrorCode   *string `json:"error_code,omitempty"`
}

ReportOutcomeResponse is the outcome report response. Matches intel-engine _report_remediation_outcome_impl() output.

type RiskGlance 

type RiskGlance struct {
	KEV            *bool    `json:"kev,omitempty"`             // nil = not analyzed
	EPSS           *float64 `json:"epss,omitempty"`            // EPSS score
	BreakingCount  int      `json:"breaking_count"`            // Number of breaking changes
	Stable         *bool    `json:"stable,omitempty"`          // nil = not analyzed
	TransitiveSafe *bool    `json:"transitive_safe,omitempty"` // nil = not analyzed
}

RiskGlance is a compact risk summary for quick decision-making.

type TriageSummary 

type TriageSummary struct {
	Total            int `json:"total"`
	PatchImmediately int `json:"patch_immediately"`
	PatchWithCaution int `json:"patch_with_caution"`
	KEVListed        int `json:"kev_listed"`
	NotAnalyzed      int `json:"not_analyzed"`
	Errors           int `json:"errors"`
}

TriageSummary summarizes the batch triage results.

type VerdictResponse 

type VerdictResponse struct {
	CVEID         string   `json:"cve_id"`
	Verdict       string   `json:"verdict"` // patch_immediately, patch_with_caution, defer, not_analyzed, error
	Confidence    *float64 `json:"confidence,omitempty"`
	KEVListed     *bool    `json:"kev_listed,omitempty"`
	EffectiveRisk *string  `json:"effective_risk,omitempty"`
	PackageName   *string  `json:"package_name,omitempty"`
	FixVersion    *string  `json:"fix_version,omitempty"`
	Cached        bool     `json:"cached"`
	ExpiresAt     *string  `json:"expires_at,omitempty"`
	NeedsRefresh  *bool    `json:"needs_refresh,omitempty"`
	TLDR          *string  `json:"tldr,omitempty"`
	Message       *string  `json:"message,omitempty"` // For not_analyzed status
	Error         *string  `json:"error,omitempty"`
}

VerdictResponse is the quick verdict response. Matches intel-engine _get_cve_verdict_impl() output.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.