alert

package
v0.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 31, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultAlertTitle       = "(no title)"
	DefaultAlertDescription = "(no description)"
)

Variables

This section is empty.

Functions

func CosineSimilarity 

func CosineSimilarity(a, b []float32) float64

Types

type Alert 

type Alert struct {
	ID       types.AlertID     `json:"id"`
	TicketID types.TicketID    `json:"ticket_id"`
	Schema   types.AlertSchema `json:"schema"`
	Data     any               `json:"data"`
	Status   AlertStatus       `json:"status"`

	// Topic is the namespace for domain knowledge (defaults to Schema if not set by policy)
	Topic types.KnowledgeTopic `json:"topic"`

	Metadata

	CreatedAt      time.Time          `json:"created_at"`
	SlackThread    *slack.Thread      `json:"slack_thread"`
	SlackMessageID string             `json:"slack_message_id"`
	Embedding      firestore.Vector32 `json:"-"`
	TagIDs         map[string]bool    `json:"tag_ids"`
}

Alert represents an event of a potential security incident. This model is designed to be immutable. An Alert can be linked to at most one ticket.

func New 

func New(ctx context.Context, schema types.AlertSchema, data any, metadata Metadata) Alert

func (*Alert) CosineSimilarity 

func (x *Alert) CosineSimilarity(other []float32) float64

func (*Alert) FillMetadata 

func (x *Alert) FillMetadata(ctx context.Context, llmClient gollem.LLMClient) error

func (*Alert) GetTagNames added in v0.2.0 

func (a *Alert) GetTagNames(ctx context.Context, tagGetter func(context.Context, []string) ([]*tag.Tag, error)) ([]string, error)

GetTagNames returns tag names for external API compatibility

func (*Alert) HasSlackThread added in v0.1.0 

func (a *Alert) HasSlackThread() bool

HasSlackThread returns true if the alert has a valid Slack thread

func (*Alert) Normalize added in v0.10.0 

func (a *Alert) Normalize()

Normalize fills in default values for backward compatibility. Empty or legacy "unbound" Status (from pre-v0.10.0 Firestore data) is treated as AlertStatusActive.

type AlertListRepository 

type AlertListRepository interface {
	BatchGetAlerts(ctx context.Context, alertIDs []types.AlertID) (Alerts, error)
}

type AlertStatus added in v0.10.0 

type AlertStatus string

AlertStatus represents the processing status of an alert 

const (
	AlertStatusActive   AlertStatus = "active"
	AlertStatusDeclined AlertStatus = "declined"
)

func (AlertStatus) MarshalGQL added in v0.10.0 

func (s AlertStatus) MarshalGQL(w io.Writer)

MarshalGQL implements the graphql.Marshaler interface for GraphQL enum serialization.

func (*AlertStatus) UnmarshalGQL added in v0.10.0 

func (s *AlertStatus) UnmarshalGQL(v any) error

UnmarshalGQL implements the graphql.Unmarshaler interface for GraphQL enum deserialization.

type AlertThrottle added in v0.14.0 

type AlertThrottle struct {
	// Buckets maps time bucket keys (e.g. "2026-03-24T14:05") to the count of alerts processed in that bucket.
	Buckets    map[string]int `json:"buckets"`
	NotifiedAt time.Time      `json:"notified_at"`
}

AlertThrottle holds the sliding window state for alert rate limiting. Stored as a singleton document in Firestore at throttle/alert.

type Alerts 

type Alerts []*Alert

type Attribute 

type Attribute struct {
	Key   string `json:"key"`
	Value string `json:"value"`
	Link  string `json:"link"`
	Auto  bool   `json:"auto"`
}

func (*Attribute) UnmarshalJSON added in v0.5.0 

func (a *Attribute) UnmarshalJSON(data []byte) error

UnmarshalJSON implements custom unmarshaling to handle both string and numeric values

type Finding 

type Finding struct {
	Severity       types.AlertSeverity `json:"severity"`
	Summary        string              `json:"summary"`
	Reason         string              `json:"reason"`
	Recommendation string              `json:"recommendation"`
}

Finding is the conclusion of the alert. This is set by the AI.

func (*Finding) Validate 

func (x *Finding) Validate() error

type GenAIConfig added in v0.4.0 

type GenAIConfig struct {
	Prompt string                   `json:"prompt"` // Prompt template file name
	Format types.GenAIContentFormat `json:"format"` // Response format: "text" | "json" (default: "text")
}

GenAIConfig configures LLM processing for alerts

type GenAIResponse added in v0.4.0 

type GenAIResponse struct {
	Data   any                      `json:"data"`   // Raw response data
	Format types.GenAIContentFormat `json:"format"` // Response format for formatting
}

GenAIResponse represents the LLM response for display purposes

type List 

type List struct {
	ID             types.AlertListID `json:"id"`
	AlertIDs       []types.AlertID   `json:"alert_ids"`
	SlackThread    *slack.Thread     `json:"slack_thread"`
	SlackMessageID string            `json:"slack_message_id"`
	Status         ListStatus        `json:"status"`
	CreatedAt      time.Time         `json:"created_at"`
	CreatedBy      *slack.User       `json:"created_by"`

	Metadata
	Embedding firestore.Vector32 `json:"-"`
	// contains filtered or unexported fields
}

func NewList 

func NewList(ctx context.Context, thread slack.Thread, createdBy *slack.User, alerts Alerts) *List

func (*List) Alerts 

func (x *List) Alerts() (Alerts, error)

func (*List) FillMetadata 

func (x *List) FillMetadata(ctx context.Context, llmClient gollem.LLMClient) error

func (*List) GetAlerts 

func (x *List) GetAlerts(ctx context.Context, repo AlertListRepository) (Alerts, error)

type ListStatus 

type ListStatus string
const (
	ListStatusUnbound ListStatus = "unbound"
	ListStatusBound   ListStatus = "bound"
)

func (ListStatus) DisplayName 

func (s ListStatus) DisplayName() string

func (ListStatus) Icon 

func (s ListStatus) Icon() string

func (ListStatus) String 

func (s ListStatus) String() string

type Metadata 

type Metadata struct {
	Title             string       `json:"title"`
	Description       string       `json:"description"`
	Attributes        []Attribute  `json:"attributes"`
	TitleSource       types.Source `json:"title_source"`
	DescriptionSource types.Source `json:"description_source"`
	// Tags field is used temporarily during policy processing to pass tag names
	// These are converted to TagIDs and not persisted in this field
	Tags []string `json:"tags,omitempty"`
	// Channel field specifies target Slack channel for alert notification
	// Set by action policy evaluation
	Channel string `json:"channel,omitempty"`
}

type QueryOutput 

type QueryOutput struct {
	Alerts []Metadata `json:"alerts"`
}

type QueuedAlert added in v0.14.0 

type QueuedAlert struct {
	ID        types.QueuedAlertID `json:"id"`
	Schema    types.AlertSchema   `json:"schema"`
	Data      any                 `json:"data"`
	Title     string              `json:"title"`
	CreatedAt time.Time           `json:"created_at"`
	Channel   string              `json:"channel"`
}

QueuedAlert represents an alert that has been queued due to circuit breaker throttling. It exists in the queue until it is either reprocessed or discarded (then deleted).

type ReprocessBatchJob added in v0.14.0 

type ReprocessBatchJob struct {
	ID             types.ReprocessBatchJobID `json:"id"`
	Status         types.ReprocessJobStatus  `json:"status"`
	TotalCount     int                       `json:"total_count"`
	CompletedCount int                       `json:"completed_count"`
	FailedCount    int                       `json:"failed_count"`
	CreatedAt      time.Time                 `json:"created_at"`
	UpdatedAt      time.Time                 `json:"updated_at"`
}

ReprocessBatchJob represents a background job for batch reprocessing of queued alerts. It tracks progress of reprocessing multiple alerts at once.

type ReprocessJob added in v0.14.0 

type ReprocessJob struct {
	ID            types.ReprocessJobID     `json:"id"`
	QueuedAlertID types.QueuedAlertID      `json:"queued_alert_id"`
	Status        types.ReprocessJobStatus `json:"status"`
	Error         string                   `json:"error,omitempty"`
	CreatedAt     time.Time                `json:"created_at"`
	UpdatedAt     time.Time                `json:"updated_at"`
}

ReprocessJob represents a background job for reprocessing a queued alert.

type ThrottleResult added in v0.14.0 

type ThrottleResult struct {
	Allowed      bool // true if the alert can be processed
	ShouldNotify bool // true if a Slack @channel notification should be sent
}

ThrottleResult represents the result of a throttle slot acquisition attempt.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.