@cyvest/cyvest-js 3.1.0 → 4.0.0

package/src/types.generated.ts

@@ -1,86 +1,48 @@
 // AUTO-GENERATED FROM cyvest.schema.json — DO NOT EDIT
 
 /**
- * Investigation start time (UTC).
+ * Optional human-readable investigation name.
  */
-export type StartedAt = string;
-/**
- * Global investigation score.
- */
-export type Score = number;
+export type InvestigationName = string | null;
 /**
  * Security level classification for checks, observables, and threat intelligence.
  *
  * Levels are ordered from lowest (NONE) to highest (MALICIOUS) severity.
  */
 export type Level = "NONE" | "TRUSTED" | "INFO" | "SAFE" | "NOTABLE" | "SUSPICIOUS" | "MALICIOUS";
-/**
- * Whether the investigation is whitelisted.
- */
-export type Whitelisted = boolean;
-export type Identifier = string;
-export type Name = string;
 export type Justification = string | null;
 /**
  * List of whitelist entries applied to this investigation.
  */
 export type Whitelists = InvestigationWhitelist[];
-export type Type = string;
-export type Value = string;
-export type Internal = boolean;
-export type Whitelisted1 = boolean;
-export type Comment = string;
-export type Score1 = number;
+export type Actor = string | null;
+export type Reason = string | null;
+export type Tool = string | null;
+export type ObjectType = string | null;
+export type ObjectKey = string | null;
+/**
+ * Append-only investigation audit log.
+ */
+export type EventLog = AuditEvent[];
 export type ThreatIntels = string[];
-export type TargetKey = string;
-export type RelationshipType = string;
 /**
  * Direction of a relationship between observables.
  */
 export type RelationshipDirection = "outbound" | "inbound" | "bidirectional";
 export type Relationships = Relationship[];
-export type Key = string;
 /**
- * Checks that generated this observable.
+ * Checks that currently link to this observable (navigation-only).
  */
-export type GeneratedByChecks = string[];
-export type CheckId = string;
-export type Scope = string;
-export type Description = string;
-export type Comment1 = string;
-export type Score2 = number;
-export type Observables1 = string[];
+export type CheckLinks = string[];
 /**
- * Controls how a check reacts to linked observables.
+ * Controls how a Check↔Observable link propagates across merged investigations.
  */
-export type CheckScorePolicy = "auto" | "manual";
-export type Key1 = string;
-export type Source = string;
-export type ObservableKey = string;
-export type Comment2 = string;
-export type Score3 = number;
+export type PropagationMode = "LOCAL_ONLY" | "GLOBAL";
+export type ObservableLinks = ObservableLink[];
 export type Taxonomies = {
   [k: string]: unknown;
 }[];
-export type Key2 = string;
-export type Name1 = string;
-export type Context = string;
-export type Key3 = string;
-export type Path = string;
-export type Description1 = string;
 export type Checks1 = string[];
-export type Key4 = string;
-export type AggregatedScore = number;
-export type TotalObservables = number;
-export type InternalObservables = number;
-export type ExternalObservables = number;
-export type WhitelistedObservables = number;
-export type TotalChecks = number;
-export type AppliedChecks = number;
-export type TotalThreatIntel = number;
-export type TotalContainers = number;
-export type Checks2 = number;
-export type Applied = number;
 /**
  * Root observable type used during data extraction.
  */
@@ -101,11 +63,26 @@ export type ScoreMode = "max" | "sum";
  * schemas matching the actual model_dump() output.
  */
 export interface CyvestInvestigation {
-  started_at: StartedAt;
-  score: Score;
+  /**
+   * Stable investigation identity (ULID).
+   */
+  investigation_id: string;
+  investigation_name?: InvestigationName;
+  /**
+   * Investigation start time (UTC).
+   */
+  started_at: string;
+  /**
+   * Global investigation score.
+   */
+  score: number;
   level: Level;
-  whitelisted: Whitelisted;
+  /**
+   * Whether the investigation is whitelisted.
+   */
+  whitelisted: boolean;
   whitelists: Whitelists;
+  event_log?: EventLog;
   observables: Observables;
   checks: Checks;
   checks_by_level: ChecksByLevel;
@@ -115,16 +92,38 @@ export interface CyvestInvestigation {
   stats: StatisticsSchema;
   stats_checks: StatsChecksSchema;
   data_extraction: DataExtractionSchema;
+  /**
+   * Global investigation score formatted as fixed-point x.xx.
+   */
+  score_display: string;
 }
 /**
  * Represents a whitelist entry on an investigation.
  */
 export interface InvestigationWhitelist {
-  identifier: Identifier;
-  name: Name;
+  identifier: string;
+  name: string;
   justification?: Justification;
   [k: string]: unknown;
 }
+/**
+ * Centralized audit event for investigation-level changes.
+ */
+export interface AuditEvent {
+  event_id: string;
+  timestamp: string;
+  event_type: string;
+  actor?: Actor;
+  reason?: Reason;
+  tool?: Tool;
+  object_type?: ObjectType;
+  object_key?: ObjectKey;
+  details?: Details;
+  [k: string]: unknown;
+}
+export interface Details {
+  [k: string]: unknown;
+}
 /**
  * Observables keyed by their unique key.
  */
@@ -138,18 +137,19 @@ export interface Observables {
  * through relationships.
  */
 export interface Observable {
-  type: Type;
-  value: Value;
-  internal: Internal;
-  whitelisted: Whitelisted1;
-  comment: Comment;
+  type: string;
+  value: string;
+  internal: boolean;
+  whitelisted: boolean;
+  comment: string;
   extra: Extra;
-  score: Score1;
+  score: number;
   level: Level;
   threat_intels: ThreatIntels;
   relationships: Relationships;
-  key: Key;
-  generated_by_checks: GeneratedByChecks;
+  key: string;
+  check_links: CheckLinks;
+  score_display: string;
   [k: string]: unknown;
 }
 export interface Extra {
@@ -159,8 +159,8 @@ export interface Extra {
  * Represents a relationship between observables.
  */
 export interface Relationship {
-  target_key: TargetKey;
-  relationship_type: RelationshipType;
+  target_key: string;
+  relationship_type: string;
   direction: RelationshipDirection;
   [k: string]: unknown;
 }
@@ -177,21 +177,29 @@ export interface Checks {
  * and contributes to the overall investigation score.
  */
 export interface Check {
-  check_id: CheckId;
-  scope: Scope;
-  description: Description;
-  comment: Comment1;
+  check_id: string;
+  scope: string;
+  description: string;
+  comment: string;
   extra: Extra1;
-  score: Score2;
+  score: number;
   level: Level;
-  observables: Observables1;
-  score_policy?: CheckScorePolicy;
-  key: Key1;
+  origin_investigation_id: string;
+  observable_links: ObservableLinks;
+  key: string;
+  score_display: string;
   [k: string]: unknown;
 }
 export interface Extra1 {
   [k: string]: unknown;
 }
+/**
+ * Edge metadata for a Check↔Observable association.
+ */
+export interface ObservableLink {
+  observable_key: string;
+  propagation_mode?: PropagationMode;
+}
 /**
  * Check keys organized by level name.
  */
@@ -211,14 +219,15 @@ export interface ThreatIntels1 {
  * like VirusTotal, URLScan.io, etc.
  */
 export interface ThreatIntel {
-  source: Source;
-  observable_key: ObservableKey;
-  comment: Comment2;
+  source: string;
+  observable_key: string;
+  comment: string;
   extra: Extra2;
-  score: Score3;
+  score: number;
   level: Level;
   taxonomies: Taxonomies;
-  key: Key2;
+  key: string;
+  score_display: string;
   [k: string]: unknown;
 }
 export interface Extra2 {
@@ -237,10 +246,10 @@ export interface Enrichments {
  * context but doesn't directly contribute to scoring.
  */
 export interface Enrichment {
-  name: Name1;
+  name: string;
   data: Data;
-  context: Context;
-  key: Key3;
+  context: string;
+  key: string;
   [k: string]: unknown;
 }
 export interface Data {
@@ -259,12 +268,12 @@ export interface Containers {
  * with aggregated scores and levels.
  */
 export interface Container {
-  path: Path;
-  description?: Description1;
+  path: string;
+  description?: string;
   checks: Checks1;
   sub_containers: SubContainers;
-  key: Key4;
-  aggregated_score: AggregatedScore;
+  key: string;
+  aggregated_score: number;
   aggregated_level: Level;
 }
 export interface SubContainers {
@@ -276,21 +285,21 @@ export interface SubContainers {
  * Mirrors the output of `InvestigationStats.get_summary()`.
  */
 export interface StatisticsSchema {
-  total_observables: TotalObservables;
-  internal_observables: InternalObservables;
-  external_observables: ExternalObservables;
-  whitelisted_observables: WhitelistedObservables;
+  total_observables: number;
+  internal_observables: number;
+  external_observables: number;
+  whitelisted_observables: number;
   observables_by_type?: ObservablesByType;
   observables_by_level?: ObservablesByLevel;
   observables_by_type_and_level?: ObservablesByTypeAndLevel;
-  total_checks: TotalChecks;
-  applied_checks: AppliedChecks;
+  total_checks: number;
+  applied_checks: number;
   checks_by_scope?: ChecksByScope;
   checks_by_level?: ChecksByLevel1;
-  total_threat_intel: TotalThreatIntel;
+  total_threat_intel: number;
   threat_intel_by_source?: ThreatIntelBySource;
   threat_intel_by_level?: ThreatIntelByLevel;
-  total_containers: TotalContainers;
+  total_containers: number;
 }
 export interface ObservablesByType {
   [k: string]: number;
@@ -319,8 +328,8 @@ export interface ThreatIntelByLevel {
  * Schema for check statistics summary.
  */
 export interface StatsChecksSchema {
-  checks: Checks2;
-  applied: Applied;
+  checks: number;
+  applied: number;
 }
 /**
  * Schema for data extraction metadata.

package/tests/getters-finders.test.ts

@@ -41,7 +41,11 @@ import {
 // Test fixture
 function createTestInvestigation(): CyvestInvestigation {
   return {
+    investigation_id: "01HXYZTESTINVESTIGATION",
+    investigation_name: "Test Investigation",
+    started_at: "2024-01-01T00:00:00Z",
     score: 7.5,
+    score_display: "7.50",
     level: "MALICIOUS",
     whitelisted: false,
     whitelists: [
@@ -59,8 +63,9 @@ function createTestInvestigation(): CyvestInvestigation {
         internal: true,
         whitelisted: false,
         comment: "",
-        extra: null,
+        extra: {},
         score: 0,
+        score_display: "0.00",
         level: "INFO",
         relationships: [
           {
@@ -70,7 +75,7 @@ function createTestInvestigation(): CyvestInvestigation {
           },
         ],
         threat_intels: [],
-        generated_by_checks: ["chk:ip_check:network"],
+        check_links: ["chk:ip_check:network"],
       },
       "obs:ipv4-addr:8.8.8.8": {
         key: "obs:ipv4-addr:8.8.8.8",
@@ -79,12 +84,13 @@ function createTestInvestigation(): CyvestInvestigation {
         internal: false,
         whitelisted: true,
         comment: "Google DNS",
-        extra: null,
+        extra: {},
         score: -1,
+        score_display: "-1.00",
         level: "TRUSTED",
         relationships: [],
         threat_intels: [],
-        generated_by_checks: [],
+        check_links: [],
       },
       "obs:domain-name:example.com": {
         key: "obs:domain-name:example.com",
@@ -93,12 +99,13 @@ function createTestInvestigation(): CyvestInvestigation {
         internal: false,
         whitelisted: false,
         comment: "",
-        extra: null,
+        extra: {},
         score: 5,
+        score_display: "5.00",
         level: "MALICIOUS",
         relationships: [],
         threat_intels: ["ti:virustotal:obs:domain-name:example.com"],
-        generated_by_checks: ["chk:domain_check:dns"],
+        check_links: ["chk:domain_check:dns"],
       },
       "obs:url:http://malware.com/bad": {
         key: "obs:url:http://malware.com/bad",
@@ -107,12 +114,13 @@ function createTestInvestigation(): CyvestInvestigation {
         internal: false,
         whitelisted: false,
         comment: "",
-        extra: null,
+        extra: {},
         score: 7.5,
+        score_display: "7.50",
         level: "MALICIOUS",
         relationships: [],
         threat_intels: [],
-        generated_by_checks: [],
+        check_links: [],
       },
     },
     checks: {
@@ -123,11 +131,16 @@ function createTestInvestigation(): CyvestInvestigation {
           scope: "network",
           description: "IP address check",
           comment: "",
-          extra: null,
+          extra: {},
           score: 0,
+          score_display: "0.00",
           level: "INFO",
-          score_policy: "auto",
-          observables: ["obs:ipv4-addr:192.168.1.1"],
+          origin_investigation_id: "01HXYZTESTINVESTIGATION",
+          observable_links: [
+            {
+              observable_key: "obs:ipv4-addr:192.168.1.1",
+            },
+          ],
         },
       ],
       dns: [
@@ -137,11 +150,16 @@ function createTestInvestigation(): CyvestInvestigation {
           scope: "dns",
           description: "Domain reputation check",
           comment: "",
-          extra: null,
+          extra: {},
           score: 5,
+          score_display: "5.00",
           level: "MALICIOUS",
-          score_policy: "auto",
-          observables: ["obs:domain-name:example.com"],
+          origin_investigation_id: "01HXYZTESTINVESTIGATION",
+          observable_links: [
+            {
+              observable_key: "obs:domain-name:example.com",
+            },
+          ],
         },
         {
           key: "chk:dns_lookup:dns",
@@ -149,11 +167,12 @@ function createTestInvestigation(): CyvestInvestigation {
           scope: "dns",
           description: "DNS lookup",
           comment: "",
-          extra: null,
+          extra: {},
           score: 0,
+          score_display: "0.00",
           level: "INFO",
-          score_policy: "manual",
-          observables: [],
+          origin_investigation_id: "01HXYZTESTINVESTIGATION",
+          observable_links: [],
         },
       ],
     },
@@ -167,8 +186,9 @@ function createTestInvestigation(): CyvestInvestigation {
         source: "virustotal",
         observable_key: "obs:domain-name:example.com",
         comment: "",
-        extra: null,
+        extra: {},
         score: 5,
+        score_display: "5.00",
         level: "MALICIOUS",
         taxonomies: [{ verdict: "malicious" }],
       },

package/tests/graph.test.ts

@@ -20,7 +20,11 @@ import {
 // Test fixture with relationships
 function createGraphTestInvestigation(): CyvestInvestigation {
   return {
+    investigation_id: "01HXYZGRAPHINVESTIGATION",
+    investigation_name: "Graph Test Investigation",
+    started_at: "2024-01-01T00:00:00Z",
     score: 5,
+    score_display: "5.00",
     level: "MALICIOUS",
     whitelisted: false,
     whitelists: [],
@@ -32,8 +36,9 @@ function createGraphTestInvestigation(): CyvestInvestigation {
         internal: false,
         whitelisted: false,
         comment: "",
-        extra: null,
+        extra: {},
         score: 0,
+        score_display: "0.00",
         level: "INFO",
         relationships: [
           {
@@ -48,7 +53,7 @@ function createGraphTestInvestigation(): CyvestInvestigation {
           },
         ],
         threat_intels: [],
-        generated_by_checks: [],
+        check_links: [],
       },
       "obs:email-addr:sender@example.com": {
         key: "obs:email-addr:sender@example.com",
@@ -57,8 +62,9 @@ function createGraphTestInvestigation(): CyvestInvestigation {
         internal: false,
         whitelisted: false,
         comment: "",
-        extra: null,
+        extra: {},
         score: 0,
+        score_display: "0.00",
         level: "INFO",
         relationships: [
           {
@@ -68,7 +74,7 @@ function createGraphTestInvestigation(): CyvestInvestigation {
           },
         ],
         threat_intels: [],
-        generated_by_checks: [],
+        check_links: [],
       },
       "obs:ipv4-addr:192.168.1.1": {
         key: "obs:ipv4-addr:192.168.1.1",
@@ -77,12 +83,13 @@ function createGraphTestInvestigation(): CyvestInvestigation {
         internal: true,
         whitelisted: false,
         comment: "",
-        extra: null,
+        extra: {},
         score: 0,
+        score_display: "0.00",
         level: "INFO",
         relationships: [],
         threat_intels: [],
-        generated_by_checks: [],
+        check_links: [],
       },
       "obs:domain-name:example.com": {
         key: "obs:domain-name:example.com",
@@ -91,12 +98,13 @@ function createGraphTestInvestigation(): CyvestInvestigation {
         internal: false,
         whitelisted: false,
         comment: "",
-        extra: null,
+        extra: {},
         score: 5,
+        score_display: "5.00",
         level: "MALICIOUS",
         relationships: [],
         threat_intels: [],
-        generated_by_checks: [],
+        check_links: [],
       },
       "obs:file-hash:abc123": {
         key: "obs:file-hash:abc123",
@@ -105,12 +113,13 @@ function createGraphTestInvestigation(): CyvestInvestigation {
         internal: false,
         whitelisted: false,
         comment: "",
-        extra: null,
+        extra: {},
         score: 3,
+        score_display: "3.00",
         level: "SUSPICIOUS",
         relationships: [],
         threat_intels: [],
-        generated_by_checks: [],
+        check_links: [],
       },
     },
     checks: {},

package/vitest.config.ts

@@ -0,0 +1,8 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    include: ["tests/**/*.{test,spec}.{ts,js,tsx,jsx}"],
+    name: "cyvest-js",
+  },
+});