Documentation
¶
Overview ¶
Package intel provides a client for the Intel-engine remediation API.
Index ¶
- Constants
- type APIError
- type AffectedPackage
- type AnalyzeCVERequest
- type AnalyzeCVEResponse
- type BatchTriageRequest
- type BatchTriageResponse
- type CheckAffectedRequest
- type CheckAffectedResponse
- type Client
- func (c *Client) AnalyzeCVE(ctx context.Context, req *AnalyzeCVERequest) (*AnalyzeCVEResponse, error)
- func (c *Client) BatchTriage(ctx context.Context, cveIDs []string) (*BatchTriageResponse, error)
- func (c *Client) CheckIfAffected(ctx context.Context, req *CheckAffectedRequest) (*CheckAffectedResponse, error)
- func (c *Client) GetCVEVerdict(ctx context.Context, cveID string) (*VerdictResponse, error)
- func (c *Client) Ping(ctx context.Context) error
- func (c *Client) ReportOutcome(ctx context.Context, req *ReportOutcomeRequest) (*ReportOutcomeResponse, error)
- type ClientOption
- type CommandAlternative
- type FeedbackHint
- type FeedbackPrefill
- type FixInfo
- type RemediationCommand
- type ReportOutcomeRequest
- type ReportOutcomeResponse
- type RiskGlance
- type TriageSummary
- type VerdictResponse
Constants ¶
View Source
const ( // DefaultBaseURL is the default Intel-engine MCP API endpoint. // MCP routes are at mcp.emphere.dev/v1/* (not api.emphere.dev/v1/intel/*) DefaultBaseURL = "https://mcp.emphere.dev" // DefaultTimeout is the default HTTP request timeout. // AI analysis of new CVEs can take 30s-2min, so we use a generous timeout. DefaultTimeout = 180 * time.Second )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type APIError ¶
type APIError struct {
Error string `json:"error"`
Message string `json:"message,omitempty"`
Detail string `json:"detail,omitempty"`
}
APIError represents an error response from the API.
type AffectedPackage ¶
AffectedPackage represents a package affected by the CVE.
type AnalyzeCVERequest ¶
type AnalyzeCVERequest struct {
CVEID string `json:"cve_id"`
PackageName *string `json:"package_name,omitempty"`
CurrentVersion *string `json:"current_version,omitempty"`
Ecosystem *string `json:"ecosystem,omitempty"`
OutputFormat string `json:"output_format,omitempty"` // "summary" or "full"
}
AnalyzeCVERequest is the request for CVE analysis.
type AnalyzeCVEResponse ¶
type AnalyzeCVEResponse struct {
// Action-oriented fields (primary decision)
Action string `json:"action"` // fix_now, fix_later, already_fixed, not_affected, no_fix, needs_review
ActionReason string `json:"action_reason,omitempty"` // Explanation for action
CanAutoFix bool `json:"can_auto_fix"` // True if safe to auto-apply
AutoFixBlockers []string `json:"auto_fix_blockers,omitempty"` // Reasons blocking auto-fix
Fix *FixInfo `json:"fix,omitempty"` // Fix command and details
VerifyCommand *string `json:"verify_command,omitempty"` // Command to verify fix worked
FeedbackHint *FeedbackHint `json:"feedback_hint,omitempty"` // Present when feedback is valuable
// Version status (if current_version was provided)
VersionStatus *string `json:"version_status,omitempty"` // not_affected, vulnerable, fixed
VersionStatusReason *string `json:"version_status_reason,omitempty"` // Explanation
// Risk glance (compact risk summary)
Risk *RiskGlance `json:"risk,omitempty"`
// Core identifiers
CVEID string `json:"cve_id"`
PackageName *string `json:"package_name,omitempty"`
AffectedPackages []AffectedPackage `json:"affected_packages,omitempty"`
Ecosystem *string `json:"ecosystem,omitempty"`
// Verdict (original decision)
Verdict string `json:"verdict,omitempty"` // patch_immediately, patch_with_caution, defer, etc.
TLDR *string `json:"tldr,omitempty"` // One-line summary for quick decision
// Upgrade path
UpgradePath *string `json:"upgrade_path,omitempty"` // e.g., "4.17.15 → 4.17.21"
FixVersion *string `json:"fix_version,omitempty"`
// Exploitability signals
KEVListed *bool `json:"kev_listed,omitempty"` // nil = not analyzed
EPSSScore *float64 `json:"epss_score,omitempty"`
EPSSPercentile *float64 `json:"epss_percentile,omitempty"`
CVSSScore *float64 `json:"cvss_score,omitempty"`
EffectiveRisk *string `json:"effective_risk,omitempty"` // critical, high, medium, low
RecommendedSLA *string `json:"recommended_sla,omitempty"` // immediate, 24h, 7d, 30d
// Safety signals (breaking changes + stability)
HasBreakingChanges bool `json:"has_breaking_changes"`
BreakingChanges []string `json:"breaking_changes,omitempty"` // Descriptions
Stability *string `json:"stability,omitempty"` // "90% stable, 5% regret"
RegretIndex *float64 `json:"regret_index,omitempty"`
RequiresRestart *bool `json:"requires_restart,omitempty"`
RestartType *string `json:"restart_type,omitempty"` // service, reboot
// Transitive impact
TransitiveImpact *string `json:"transitive_impact,omitempty"` // Human-readable
TransitiveNetPositive *bool `json:"transitive_net_positive,omitempty"`
// Remediation commands
RemediationCommands []RemediationCommand `json:"remediation_commands,omitempty"`
ActionItems []string `json:"action_items,omitempty"`
// Environment flags
RemediationType *string `json:"remediation_type,omitempty"`
RequiresGUI *bool `json:"requires_gui,omitempty"`
RequiresReboot *bool `json:"requires_reboot,omitempty"`
AppliesTo *string `json:"applies_to,omitempty"`
// Summaries
ExecutiveSummary *string `json:"executive_summary,omitempty"`
EngineerSummary *string `json:"engineer_summary,omitempty"`
// Decision support
DeferSafe *bool `json:"defer_safe,omitempty"`
Caveats []string `json:"caveats,omitempty"`
// Metadata
Cached bool `json:"cached"`
// Error fields (for error responses)
Error *string `json:"error,omitempty"`
ErrorCode *string `json:"error_code,omitempty"`
}
AnalyzeCVEResponse is the response from CVE analysis. Matches intel-engine _format_summary() output.
type BatchTriageRequest ¶
type BatchTriageRequest struct {
CVEIDs []string `json:"cve_ids"`
}
BatchTriageRequest is the request for batch CVE triage.
type BatchTriageResponse ¶
type BatchTriageResponse struct {
Results []VerdictResponse `json:"results"` // Sorted by risk
Summary TriageSummary `json:"summary"`
Error *string `json:"error,omitempty"`
}
BatchTriageResponse is the batch triage response. Matches intel-engine _batch_triage_impl() output.
type CheckAffectedRequest ¶
type CheckAffectedRequest struct {
CVEID string `json:"cve_id"`
PackageName string `json:"package_name"`
CurrentVersion string `json:"current_version"`
Ecosystem string `json:"ecosystem"`
}
CheckAffectedRequest checks if a specific version is affected.
type CheckAffectedResponse ¶
type CheckAffectedResponse struct {
CVEID string `json:"cve_id"`
PackageName string `json:"package_name"`
CurrentVersion string `json:"current_version"`
Ecosystem string `json:"ecosystem"`
Status string `json:"status"` // not_affected, vulnerable, fixed, unknown, error
Explanation *string `json:"explanation,omitempty"`
FixVersion *string `json:"fix_version,omitempty"`
IntroducedVersion *string `json:"introduced_version,omitempty"`
LastAffectedVersion *string `json:"last_affected_version,omitempty"`
Action string `json:"action,omitempty"` // none_required, upgrade_recommended
Message *string `json:"message,omitempty"`
Cached bool `json:"cached"`
Error *string `json:"error,omitempty"`
ErrorCode *string `json:"error_code,omitempty"`
}
CheckAffectedResponse is the affected check response. Matches intel-engine _check_if_affected_impl() output.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is an HTTP client for the Intel-engine API.
func NewClient ¶
func NewClient(keypair *auth.Keypair, opts ...ClientOption) *Client
NewClient creates a new Intel-engine API client.
func (*Client) AnalyzeCVE ¶
func (c *Client) AnalyzeCVE(ctx context.Context, req *AnalyzeCVERequest) (*AnalyzeCVEResponse, error)
AnalyzeCVE performs full CVE analysis.
func (*Client) BatchTriage ¶
BatchTriage triages multiple CVEs at once.
func (*Client) CheckIfAffected ¶
func (c *Client) CheckIfAffected(ctx context.Context, req *CheckAffectedRequest) (*CheckAffectedResponse, error)
CheckIfAffected checks if a specific version is affected by a CVE.
func (*Client) GetCVEVerdict ¶
GetCVEVerdict performs quick verdict lookup.
func (*Client) ReportOutcome ¶
func (c *Client) ReportOutcome(ctx context.Context, req *ReportOutcomeRequest) (*ReportOutcomeResponse, error)
ReportOutcome reports the outcome of a remediation attempt. Note: The intel-engine MCP endpoint is /v1/feedback (not report-outcome)
type ClientOption ¶
type ClientOption func(*Client)
ClientOption configures a Client.
func WithHTTPClient ¶
func WithHTTPClient(client *http.Client) ClientOption
WithHTTPClient sets a custom HTTP client.
func WithTimeout ¶
func WithTimeout(timeout time.Duration) ClientOption
WithTimeout sets a custom HTTP timeout.
type CommandAlternative ¶
CommandAlternative is an alternative command option.
type FeedbackHint ¶
type FeedbackHint struct {
Tool string `json:"tool"` // "report_remediation_outcome"
When string `json:"when"` // "after attempting remediation"
Prefill FeedbackPrefill `json:"prefill"`
}
FeedbackHint indicates when feedback should be reported.
type FeedbackPrefill ¶
type FeedbackPrefill struct {
CVEID string `json:"cve_id"`
PackageName string `json:"package_name,omitempty"`
Ecosystem string `json:"ecosystem,omitempty"`
FromVersion string `json:"from_version,omitempty"`
ToVersion string `json:"to_version,omitempty"`
}
FeedbackPrefill contains default values for feedback reporting.
type FixInfo ¶
type FixInfo struct {
Command string `json:"command"` // Ready-to-run command
Tool *string `json:"tool,omitempty"` // npm, pip, go, etc.
Package *string `json:"package,omitempty"` // Package name
FromVersion *string `json:"from_version,omitempty"` // Current version
ToVersion *string `json:"to_version,omitempty"` // Target fix version
}
FixInfo contains the fix command and related information.
type RemediationCommand ¶
type RemediationCommand struct {
Order int `json:"order"`
Action string `json:"action"`
Command string `json:"command"`
Category string `json:"category,omitempty"`
Alternatives []CommandAlternative `json:"alternatives,omitempty"`
}
RemediationCommand is a structured command for remediation.
type ReportOutcomeRequest ¶
type ReportOutcomeRequest struct {
CVEID string `json:"cve_id"`
PackageName string `json:"package_name"`
Ecosystem string `json:"ecosystem"`
FromVersion string `json:"from_version"`
ToVersion string `json:"to_version"`
Outcome string `json:"outcome"` // success, failure, partial
FailureReason *string `json:"failure_reason,omitempty"`
ErrorMessage *string `json:"error_message,omitempty"`
BreakingChangeDetails *string `json:"breaking_change_details,omitempty"`
AlternativeVersion *string `json:"alternative_version,omitempty"`
Environment map[string]interface{} `json:"environment,omitempty"`
}
ReportOutcomeRequest reports a remediation outcome. Note: The endpoint is /v1/feedback (not report-outcome).
type ReportOutcomeResponse ¶
type ReportOutcomeResponse struct {
Success bool `json:"success"`
FeedbackID *string `json:"feedback_id,omitempty"`
Message *string `json:"message,omitempty"`
CVEID *string `json:"cve_id,omitempty"`
PackageName *string `json:"package_name,omitempty"`
Outcome *string `json:"outcome,omitempty"`
Error *string `json:"error,omitempty"`
ErrorCode *string `json:"error_code,omitempty"`
}
ReportOutcomeResponse is the outcome report response. Matches intel-engine _report_remediation_outcome_impl() output.
type RiskGlance ¶
type RiskGlance struct {
KEV *bool `json:"kev,omitempty"` // nil = not analyzed
EPSS *float64 `json:"epss,omitempty"` // EPSS score
BreakingCount int `json:"breaking_count"` // Number of breaking changes
Stable *bool `json:"stable,omitempty"` // nil = not analyzed
TransitiveSafe *bool `json:"transitive_safe,omitempty"` // nil = not analyzed
}
RiskGlance is a compact risk summary for quick decision-making.
type TriageSummary ¶
type TriageSummary struct {
Total int `json:"total"`
PatchImmediately int `json:"patch_immediately"`
PatchWithCaution int `json:"patch_with_caution"`
KEVListed int `json:"kev_listed"`
NotAnalyzed int `json:"not_analyzed"`
Errors int `json:"errors"`
}
TriageSummary summarizes the batch triage results.
type VerdictResponse ¶
type VerdictResponse struct {
CVEID string `json:"cve_id"`
Verdict string `json:"verdict"` // patch_immediately, patch_with_caution, defer, not_analyzed, error
Confidence *float64 `json:"confidence,omitempty"`
KEVListed *bool `json:"kev_listed,omitempty"`
EffectiveRisk *string `json:"effective_risk,omitempty"`
PackageName *string `json:"package_name,omitempty"`
FixVersion *string `json:"fix_version,omitempty"`
Cached bool `json:"cached"`
ExpiresAt *string `json:"expires_at,omitempty"`
NeedsRefresh *bool `json:"needs_refresh,omitempty"`
TLDR *string `json:"tldr,omitempty"`
Message *string `json:"message,omitempty"` // For not_analyzed status
Error *string `json:"error,omitempty"`
}
VerdictResponse is the quick verdict response. Matches intel-engine _get_cve_verdict_impl() output.
Source Files
Click to show internal directories.
Click to hide internal directories.