classifier

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package classifier provides Rego-based classification for Signal Processing. Business Classifier: BR-SP-002, BR-SP-080, BR-SP-081

Package classifier provides Rego-based environment and business classification.

Per IMPLEMENTATION_PLAN_V1.22.md Day 4 specification: 

type EnvironmentClassifier struct {
    regoQuery   *rego.PreparedEvalQuery // Prepared query for performance
    logger      logr.Logger             // DD-005 v2.0: logr.Logger
    policyPath  string                  // Path to mounted ConfigMap file
    fileWatcher *hotreload.FileWatcher  // Per DD-INFRA-001: fsnotify-based
    policyMu    sync.RWMutex            // Thread safety for policy access
}

Environment classification is fully handled by Rego policies (BR-SP-051). Operators define their own defaults using the `default` keyword in Rego. BR-SP-052/BR-SP-053: ConfigMap fallback and Go defaults deprecated 2025-12-20.

Package classifier provides Rego-based environment and business classification.

Per IMPLEMENTATION_PLAN_V1.23.md Day 5 specification: PriorityEngine determines priority using Rego policies with K8s + business context. BR-SP-070: Rego policies with rich context BR-SP-071: Severity-based fallback on timeout/error BR-SP-072: Hot-reload from mounted ConfigMap via fsnotify

Package classifier provides severity determination business logic.

Business Requirements

BR-SP-105: Severity Determination via Rego Policy

Design Decisions

DD-SEVERITY-001 v1.1: Severity Determination Refactoring - Strategy B (Policy-Defined Fallback) See: docs/architecture/decisions/DD-SEVERITY-001-severity-determination-refactoring.md

Strategy B Implementation

Operators MUST define fallback behavior in Rego policy. System does NOT impose "unknown" fallback. Policy must return: "critical", "high", "medium", "low", or "unknown" DD-SEVERITY-001 v1.1: Values aligned with HAPI/workflow catalog

Example Conservative Policy: 

determine_severity := "critical" if {
    input.signal.severity == "Sev1"
} else := "warning" if {
    input.signal.severity == "Sev2"
} else := "critical" if {  # Operator-defined fallback
    true
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BusinessClassifier 

type BusinessClassifier struct {
	// contains filtered or unexported fields
}

BusinessClassifier determines business context using Rego policy. Per IMPLEMENTATION_PLAN_V1.25.md Day 6 specification.

BR-SP-002: Multi-dimensional business categorization BR-SP-080: Confidence scoring (labels 1.0, pattern 0.8, Rego 0.6, default 0.4) BR-SP-081: businessUnit, serviceOwner, criticality, sla validation

func NewBusinessClassifier 

func NewBusinessClassifier(ctx context.Context, policyPath string, logger logr.Logger) (*BusinessClassifier, error)

NewBusinessClassifier creates a new Rego-based business classifier. Per BR-SP-002, BR-SP-080, BR-SP-081 specifications.

DD-005 v2.0: Uses logr.Logger

func (*BusinessClassifier) Classify 

func (b *BusinessClassifier) Classify(ctx context.Context, k8sCtx *signalprocessingv1alpha1.KubernetesContext, envClass *signalprocessingv1alpha1.EnvironmentClassification) (*signalprocessingv1alpha1.BusinessClassification, error)

Classify performs multi-dimensional business categorization. Per BR-SP-002: Classification from namespace/deployment labels OR Rego policies. Per BR-SP-080: 4-tier confidence scoring (1.0 label → 0.8 pattern → 0.6 Rego → 0.4 default) Per BR-SP-081: businessUnit, serviceOwner, criticality, sla dimensions

NOTE: priority is NOT an input - business classification is independent of priority assignment. Per IMPLEMENTATION_PLAN_V1.25.md lines 2229-2266

type EnvironmentClassifier 

type EnvironmentClassifier struct {
	// contains filtered or unexported fields
}

EnvironmentClassifier determines environment using Rego policy. Per IMPLEMENTATION_PLAN_V1.22.md Day 4 specification. BR-SP-072: Hot-reload from mounted ConfigMap via fsnotify.

func NewEnvironmentClassifier 

func NewEnvironmentClassifier(ctx context.Context, policyPath string, logger logr.Logger) (*EnvironmentClassifier, error)

NewEnvironmentClassifier creates a new Rego-based environment classifier. Per plan: query is prepared once at construction time for performance.

BR-SP-051: Primary detection from namespace labels via Rego policy BR-SP-052: DEPRECATED (2025-12-20) - ConfigMap fallback removed BR-SP-053: DEPRECATED (2025-12-20) - Defaults now defined in Rego

DD-005 v2.0: Uses logr.Logger

func (*EnvironmentClassifier) Classify 

func (c *EnvironmentClassifier) Classify(ctx context.Context, k8sCtx *signalprocessingv1alpha1.KubernetesContext, signal *signalprocessingv1alpha1.SignalData) (*signalprocessingv1alpha1.EnvironmentClassification, error)

Classify determines environment using Rego policy and Go fallbacks. Per plan (line 1864): Priority order is namespace labels → ConfigMap → signal labels → default

Classification is fully handled by Rego policy. Operators define their own defaults using the `default` keyword in Rego. Go code has NO hardcoded fallbacks - Rego is the single source of truth.

BR-SP-051: Primary detection from namespace labels - via Rego BR-SP-052: ConfigMap fallback - DEPRECATED, define in Rego if needed BR-SP-053: Default value - DEPRECATED, operators define via Rego `default` keyword

Returns error if Rego evaluation fails (policy is mandatory).

func (*EnvironmentClassifier) GetPolicyHash 

func (c *EnvironmentClassifier) GetPolicyHash() string

GetPolicyHash returns the current policy hash (for monitoring/debugging). Per DD-INFRA-001: SHA256 hash tracking for audit/debugging.

func (*EnvironmentClassifier) StartHotReload 

func (c *EnvironmentClassifier) StartHotReload(ctx context.Context) error

StartHotReload starts watching the policy file for changes. Per BR-SP-072: Hot-reload from mounted ConfigMap via fsnotify. Per DD-INFRA-001: Uses shared FileWatcher component.

func (*EnvironmentClassifier) Stop 

func (c *EnvironmentClassifier) Stop()

Stop gracefully stops the hot-reloader. Per BR-SP-072: Clean shutdown of FileWatcher.

type PriorityEngine 

type PriorityEngine struct {
	// contains filtered or unexported fields
}

PriorityEngine determines priority using Rego policy. Per IMPLEMENTATION_PLAN_V1.23.md Day 5 specification.

BR-SP-070: Rego policies with rich context BR-SP-071: Severity-based fallback on timeout/error BR-SP-072: Hot-reload from mounted ConfigMap via fsnotify

func NewPriorityEngine 

func NewPriorityEngine(ctx context.Context, policyPath string, logger logr.Logger) (*PriorityEngine, error)

NewPriorityEngine creates a new Rego-based priority engine. Per BR-SP-070, BR-SP-071, BR-SP-072 specifications.

DD-005 v2.0: Uses logr.Logger

func (*PriorityEngine) Assign 

func (p *PriorityEngine) Assign(ctx context.Context, k8sCtx *signalprocessingv1alpha1.KubernetesContext, envClass *signalprocessingv1alpha1.EnvironmentClassification, signal *signalprocessingv1alpha1.SignalData) (*signalprocessingv1alpha1.PriorityAssignment, error)

Assign determines priority using Rego policy with K8s + business context.

BR-SP-070: Rego policies with rich context BR-SP-071: Fallback on timeout (>100ms) or error Input schema per BR-SP-070 (no replicas/minReplicas/conditions)

func (*PriorityEngine) GetPolicyHash 

func (p *PriorityEngine) GetPolicyHash() string

GetPolicyHash returns the current policy hash (for monitoring/debugging).

func (*PriorityEngine) StartHotReload 

func (p *PriorityEngine) StartHotReload(ctx context.Context) error

StartHotReload starts the hot-reload mechanism for Rego policies. BR-SP-072: Hot-reload from mounted ConfigMap via fsnotify Per DD-INFRA-001: Uses shared FileWatcher component

func (*PriorityEngine) Stop 

func (p *PriorityEngine) Stop()

Stop gracefully stops the hot-reloader.

type SeverityClassifier 

type SeverityClassifier struct {
	// contains filtered or unexported fields
}

SeverityClassifier determines normalized severity from external severity values. BR-SP-105: Severity Determination via Rego Policy DD-SEVERITY-001: Strategy B - Policy-defined fallback (operator control)

func NewSeverityClassifier 

func NewSeverityClassifier(client client.Client, logger logr.Logger) *SeverityClassifier

NewSeverityClassifier creates a new severity classifier. BR-SP-105: Severity determination via operator-defined Rego policy.

func (*SeverityClassifier) ClassifySeverity 

func (c *SeverityClassifier) ClassifySeverity(ctx context.Context, sp *signalprocessingv1alpha1.SignalProcessing) (*SeverityResult, error)

ClassifySeverity determines normalized severity using Rego policy. DD-SEVERITY-001 Strategy B: Policy MUST return severity (no system fallback to "unknown").

func (*SeverityClassifier) GetPolicyHash 

func (c *SeverityClassifier) GetPolicyHash() string

GetPolicyHash returns the current policy hash (for audit/debugging).

func (*SeverityClassifier) LoadRegoPolicy 

func (c *SeverityClassifier) LoadRegoPolicy(policyContent string) error

LoadRegoPolicy loads and validates a Rego policy for severity determination. DD-SEVERITY-001 Strategy B: Policy must define fallback behavior (no system default).

func (*SeverityClassifier) SetPolicyPath 

func (c *SeverityClassifier) SetPolicyPath(path string)

SetPolicyPath sets the path to the policy file for hot-reload. Must be called before StartHotReload().

func (*SeverityClassifier) StartHotReload 

func (c *SeverityClassifier) StartHotReload(ctx context.Context) error

StartHotReload starts watching the policy file for changes. BR-SP-072: Hot-reload from mounted ConfigMap via fsnotify. Pattern follows existing environment/priority/customlabels classifiers.

func (*SeverityClassifier) Stop 

func (c *SeverityClassifier) Stop()

Stop gracefully stops the hot-reloader.

type SeverityResult 

type SeverityResult struct {
	// Severity is the normalized value: "critical", "high", "medium", "low", or "unknown"
	// DD-SEVERITY-001 v1.1: Aligned with HAPI/workflow catalog
	Severity string
	// Source indicates how severity was determined: "rego-policy"
	Source string
	// PolicyHash is the SHA256 hash of the Rego policy used (for audit trail)
	PolicyHash string
}

SeverityResult contains the determined severity and source attribution.

type SignalModeClassifier 

type SignalModeClassifier struct {
	// contains filtered or unexported fields
}

SignalModeClassifier classifies signals as reactive or proactive using a YAML-based lookup table.

Design Decision: YAML config (not Rego) because signal mode classification is a simple key-value lookup, unlike severity/environment/priority which evaluate complex multi-input policies via Rego.

BR-SP-106: Proactive Signal Mode Classification ADR-054: Proactive Signal Mode Classification and Prompt Strategy

func NewSignalModeClassifier 

func NewSignalModeClassifier(logger logr.Logger) *SignalModeClassifier

NewSignalModeClassifier creates a new signal mode classifier. The classifier starts with empty mappings (all signals default to reactive) until LoadConfig is called.

func (*SignalModeClassifier) Classify 

func (c *SignalModeClassifier) Classify(signalName string) SignalModeResult

Classify determines the signal mode and normalized name for a given signal name.

  • If the signal name is in the proactive mappings, it returns mode "proactive" with the normalized (base) name and preserves the original for audit.
  • Otherwise, it returns mode "reactive" with the name unchanged.

This is a pure function (no I/O) after config is loaded. Safe for concurrent use.

func (*SignalModeClassifier) LoadConfig 

func (c *SignalModeClassifier) LoadConfig(configPath string) error

LoadConfig loads proactive signal mappings from a YAML config file. This method is safe for concurrent use and supports hot-reload (BR-SP-072 pattern): call it again to update mappings at runtime.

type SignalModeResult 

type SignalModeResult struct {
	// SignalMode is "reactive" (default) or "proactive"
	SignalMode string
	// SignalName is the base signal name for workflow catalog matching.
	// For proactive signals, this is the mapped base name (e.g., "OOMKilled").
	// For reactive signals, this is the original name unchanged.
	SignalName string
	// SourceSignalName is preserved for audit trail (SOC2 CC7.4).
	// Only populated for proactive signals; empty for reactive.
	SourceSignalName string
}

SignalModeResult contains the classification outcome for a signal name. BR-SP-106: Proactive Signal Mode Classification ADR-054: Proactive Signal Mode Classification and Prompt Strategy

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.