Documentation
¶
Overview ¶
Package telemetry exposes Prometheus metrics for every CTEM stage so the loop-closure SLOs in have real numbers to alert on.
(invariant O1): one counter-in, one counter-out, one latency histogram per CTEM stage. Labels are tightly restricted to keep cardinality bounded — tenant_id is included because operators need per-tenant drill-down, but priority/severity are NOT labels on the latency histogram (their cardinality is covered by the counters).
This package only DEFINES metrics — instrumentation sites live in the app and handler layers and call the Observe* helpers. That separation keeps the metric contract in one file so a CTEM reviewer can audit the whole maturity surface here.
Index ¶
- Variables
- func ObserveStageIn(stage Stage, tenantID, priority string)
- func ObserveStageLatency(stage Stage, tenantID string, d time.Duration)
- func ObserveStageOut(stage Stage, tenantID string, outcome Outcome)
- func RecordDBError(span trace.Span, err error)
- func SpanFromContext(ctx context.Context) trace.Span
- func StartDBSpan(ctx context.Context, operation string, attrs ...attribute.KeyValue) (context.Context, trace.Span)
- func Tracer(name string) trace.Tracer
- type Config
- type Outcome
- type Stage
- type TracerProvider
Constants ¶
This section is empty.
Variables ¶
var AllStages = []Stage{ StageScoping, StageDiscovery, StagePrioritization, StageValidation, StageMobilization, }
AllStages is the canonical ordered list — useful for dashboard loops and test coverage.
Functions ¶
func ObserveStageIn ¶ added in v0.2.0
ObserveStageIn records that a finding entered a stage. Emit at the earliest point the system learns of the finding in that stage.
func ObserveStageLatency ¶ added in v0.2.0
ObserveStageLatency records wall-clock time spent in a stage. Instrumentation sites typically compute `time.Since(stageEnteredAt)` and call this helper when the finding exits.
func ObserveStageOut ¶ added in v0.2.0
ObserveStageOut records that a finding exited a stage with the given outcome.
func RecordDBError ¶
RecordDBError records an error on the current span.
func SpanFromContext ¶
SpanFromContext returns the current span from context.
Types ¶
type Config ¶
type Config struct {
ServiceName string
ServiceVersion string
Environment string
OTLPEndpoint string // e.g. "localhost:4318" for HTTP
SampleRate float64
Enabled bool
}
Config holds the configuration for the tracer provider.
type Outcome ¶ added in v0.2.0
type Outcome string
Outcome is a low-cardinality enum describing what happened to a finding as it left a stage.
const ( OutcomeAdvanced Outcome = "advanced" // moved to the next stage OutcomeDeferred Outcome = "deferred" // explicitly parked (accepted / compensating control) OutcomeFalsePositive Outcome = "false_positive" // closed as FP OutcomeReopened Outcome = "reopened" // came back to this stage from downstream (feedback loop) OutcomeFailed Outcome = "failed" // stage rejected the item (e.g. validation proved it unexploitable) OutcomeClosed Outcome = "closed" // terminal )
type Stage ¶ added in v0.2.0
type Stage string
Stage is one of the five CTEM stages. The value is used as a metric label; only these constants are allowed so Grafana queries stay stable.
type TracerProvider ¶
type TracerProvider struct {
// contains filtered or unexported fields
}
TracerProvider wraps the OpenTelemetry SDK tracer provider with shutdown support.
func NewTracerProvider ¶
func NewTracerProvider(ctx context.Context, cfg Config) (*TracerProvider, error)
NewTracerProvider creates and configures a new OpenTelemetry tracer provider. If tracing is disabled, returns a no-op provider.
Source Files