@simbimbo/brainstem 0.0.3 → 0.0.5

package/brainstem/config.py

@@ -0,0 +1,136 @@
+from __future__ import annotations
+
+import os
+from dataclasses import asdict, dataclass
+from pathlib import Path
+from typing import Any, Dict
+
+
+def resolve_default_db_path() -> str:
+    configured_db_path = os.getenv("BRAINSTEM_DB_PATH", "").strip()
+    if configured_db_path:
+        return configured_db_path
+    return str(Path(".brainstem-state") / "brainstem.sqlite3")
+
+
+def _read_env_int(env_name: str, default: int) -> int:
+    value = os.getenv(env_name, "").strip()
+    if not value:
+        return default
+    try:
+        return int(value)
+    except ValueError:
+        return default
+
+
+def _read_env_float(env_name: str, default: float) -> float:
+    value = os.getenv(env_name, "").strip()
+    if not value:
+        return default
+    try:
+        return float(value)
+    except ValueError:
+        return default
+
+
+@dataclass(frozen=True)
+class ListenerConfig:
+    syslog_host: str = "127.0.0.1"
+    syslog_port: int = 5514
+    syslog_source_path: str = "/dev/udp"
+    syslog_socket_timeout: float = 0.5
+    ingest_threshold: int = 2
+
+
+@dataclass(frozen=True)
+class RuntimeDefaults:
+    ingest_threshold: int = 2
+    recurrence_threshold: int = 2
+    batch_threshold: int = 2
+    interesting_limit: int = 5
+    failure_limit: int = 20
+    ingest_recent_limit: int = 20
+    sources_limit: int = 10
+    sources_status_limit: int = 20
+    replay_threshold: int = 2
+
+
+@dataclass(frozen=True)
+class RuntimeLimits:
+    replay_raw_max_ids: int = 32
+    status_filter_limit: int = 20
+    replay_allowed_statuses: tuple[str, ...] = ("received", "parse_failed")
+
+
+@dataclass(frozen=True)
+class CandidateAttentionProfile:
+    recurrence_count_normalizer: int = 10
+    recovery_signal_weight: float = 0.4
+    spread_signal_weight: float = 0.2
+    novelty_signal_weight: float = 0.3
+    impact_high_weight: float = 0.5
+    impact_default_weight: float = 0.2
+    precursor_weight: float = 0.3
+    memory_weight: float = 0.4
+    decision_band_promote: float = 0.85
+    decision_band_urgent_human_review: float = 0.65
+    decision_band_review: float = 0.45
+    decision_band_watch: float = 0.25
+
+
+@dataclass(frozen=True)
+class DBConfig:
+    default_path: str
+
+
+@dataclass(frozen=True)
+class RuntimeConfig:
+    api_token_env_var: str = "BRAINSTEM_API_TOKEN"
+    listener: ListenerConfig = ListenerConfig()
+    defaults: RuntimeDefaults = RuntimeDefaults()
+    candidate_attention: CandidateAttentionProfile = CandidateAttentionProfile()
+    limits: RuntimeLimits = RuntimeLimits()
+    db: DBConfig = DBConfig(default_path=resolve_default_db_path())
+
+    def as_dict(self) -> Dict[str, Any]:
+        return {
+            "api_token_env_var": self.api_token_env_var,
+            "listener": asdict(self.listener),
+            "defaults": asdict(self.defaults),
+            "candidate_attention": asdict(self.candidate_attention),
+            "limits": asdict(self.limits),
+            "db": asdict(self.db),
+        }
+
+
+def get_runtime_config() -> RuntimeConfig:
+    defaults = RuntimeDefaults(
+        ingest_threshold=_read_env_int("BRAINSTEM_INGEST_THRESHOLD", 2),
+        recurrence_threshold=_read_env_int("BRAINSTEM_RECURRENCE_THRESHOLD", 2),
+        batch_threshold=_read_env_int("BRAINSTEM_BATCH_THRESHOLD", 2),
+        interesting_limit=_read_env_int("BRAINSTEM_INTERESTING_LIMIT", 5),
+        failure_limit=_read_env_int("BRAINSTEM_FAILURE_LIMIT", 20),
+        ingest_recent_limit=_read_env_int("BRAINSTEM_INGEST_RECENT_LIMIT", 20),
+        sources_limit=_read_env_int("BRAINSTEM_SOURCES_LIMIT", 10),
+        sources_status_limit=_read_env_int("BRAINSTEM_SOURCES_STATUS_LIMIT", 20),
+        replay_threshold=_read_env_int("BRAINSTEM_REPLAY_THRESHOLD", 2),
+    )
+    candidate_attention = CandidateAttentionProfile(
+        recurrence_count_normalizer=_read_env_int("BRAINSTEM_CANDIDATE_RECURRENCE_NORMALIZER", 10),
+        recovery_signal_weight=_read_env_float("BRAINSTEM_CANDIDATE_RECOVERY", 0.4),
+        spread_signal_weight=_read_env_float("BRAINSTEM_CANDIDATE_SPREAD", 0.2),
+        novelty_signal_weight=_read_env_float("BRAINSTEM_CANDIDATE_NOVELTY", 0.3),
+        impact_high_weight=_read_env_float("BRAINSTEM_CANDIDATE_IMPACT_HIGH", 0.5),
+        impact_default_weight=_read_env_float("BRAINSTEM_CANDIDATE_IMPACT_DEFAULT", 0.2),
+        precursor_weight=_read_env_float("BRAINSTEM_CANDIDATE_PRECURSOR", 0.3),
+        memory_weight=_read_env_float("BRAINSTEM_CANDIDATE_MEMORY_WEIGHT", 0.4),
+        decision_band_promote=_read_env_float("BRAINSTEM_DECISION_BAND_PROMOTE", 0.85),
+        decision_band_urgent_human_review=_read_env_float("BRAINSTEM_DECISION_BAND_URGENT_HUMAN_REVIEW", 0.65),
+        decision_band_review=_read_env_float("BRAINSTEM_DECISION_BAND_REVIEW", 0.45),
+        decision_band_watch=_read_env_float("BRAINSTEM_DECISION_BAND_WATCH", 0.25),
+    )
+    return RuntimeConfig(
+        defaults=defaults,
+        candidate_attention=candidate_attention,
+        db=DBConfig(default_path=resolve_default_db_path()),
+    )

package/brainstem/connectors/logicmonitor.py

@@ -1,8 +1,19 @@
 from __future__ import annotations
 
+import json
+from dataclasses import dataclass
+
+from ..adapters import RawInputAdapter, register_raw_input_adapter
+from ..models import RawInputEnvelope
 from .types import ConnectorEvent
 
 
+def _coerce_mapping(payload: object) -> dict:
+    if not isinstance(payload, dict):
+        raise ValueError("logicmonitor payload must be an object")
+    return payload
+
+
 def map_logicmonitor_event(payload: dict, *, tenant_id: str) -> ConnectorEvent:
     metadata = payload.get("metadata") or {}
     host = payload.get("host") or payload.get("resource_name") or ""
@@ -24,3 +35,49 @@ def map_logicmonitor_event(payload: dict, *, tenant_id: str) -> ConnectorEvent:
             "cleared_at": metadata.get("cleared_at"),
         },
     )
+
+
+def map_logicmonitor_payload_to_raw_envelope(payload: object, *, tenant_id: str, source_path: str = "") -> RawInputEnvelope:
+    event_payload = _coerce_mapping(payload)
+    event = map_logicmonitor_event(event_payload, tenant_id=tenant_id)
+    return RawInputEnvelope(
+        tenant_id=event.tenant_id,
+        source_type=event.source_type,
+        timestamp=event.timestamp,
+        message_raw=event.message_raw,
+        host=event.host,
+        service=event.service,
+        severity=event.severity,
+        source_path=source_path,
+        metadata=dict(event.metadata),
+    )
+
+
+@dataclass(frozen=True)
+class LogicMonitorRawInputAdapter:
+    """Adapter for LogicMonitor-shaped event payload objects."""
+
+    source_type: str = "logicmonitor"
+
+    def parse_raw_input(self, payload, *, tenant_id: str, source_path: str = "") -> RawInputEnvelope:
+        if isinstance(payload, (bytes, bytearray)):
+            payload_text = payload.decode("utf-8", errors="replace")
+            payload_obj = json.loads(payload_text)
+            return map_logicmonitor_payload_to_raw_envelope(payload_obj, tenant_id=tenant_id, source_path=source_path)
+
+        if isinstance(payload, dict):
+            return map_logicmonitor_payload_to_raw_envelope(payload, tenant_id=tenant_id, source_path=source_path)
+
+        if isinstance(payload, str):
+            payload_text = payload.strip()
+            if payload_text.startswith("{") and payload_text.endswith("}"):
+                return map_logicmonitor_payload_to_raw_envelope(
+                    json.loads(payload_text),
+                    tenant_id=tenant_id,
+                    source_path=source_path,
+                )
+
+        raise ValueError("logicmonitor payload must be a mapping or JSON object string")
+
+
+register_raw_input_adapter(LogicMonitorRawInputAdapter())

package/brainstem/demo.py

@@ -10,9 +10,18 @@ from .instrumentation import emit, span
 from .interesting import interesting_items
 from .recurrence import build_recurrence_candidates, digest_items
 from .storage import init_db, store_candidates, store_events, store_signatures
+from .config import get_runtime_config
 
 
-def run_syslog_demo(path: str, tenant_id: str, threshold: int = 2, db_path: str | None = None) -> Dict[str, Any]:
+def run_syslog_demo(
+    path: str,
+    tenant_id: str,
+    threshold: int | None = None,
+    db_path: str | None = None,
+) -> Dict[str, Any]:
+    if threshold is None:
+        threshold = get_runtime_config().defaults.recurrence_threshold
+
     with span("syslog_demo", path=path, tenant_id=tenant_id, threshold=threshold):
         init_db(db_path)
         events = ingest_syslog_file(path, tenant_id=tenant_id)
@@ -52,7 +61,12 @@ def main() -> int:
     parser = argparse.ArgumentParser(description="Run the brAInstem syslog weak-signal demo.")
     parser.add_argument("path", help="Path to a syslog-like input file")
     parser.add_argument("--tenant", default="demo-tenant", help="Tenant/environment identifier")
-    parser.add_argument("--threshold", type=int, default=2, help="Minimum recurrence count for candidate emission")
+    parser.add_argument(
+        "--threshold",
+        type=int,
+        default=get_runtime_config().defaults.recurrence_threshold,
+        help="Minimum recurrence count for candidate emission",
+    )
     parser.add_argument("--db-path", default=None, help="Optional SQLite path for persistent state")
     args = parser.parse_args()
     payload = run_syslog_demo(args.path, tenant_id=args.tenant, threshold=args.threshold, db_path=args.db_path)

package/brainstem/fingerprint.py

@@ -9,6 +9,54 @@ _WHITESPACE_RE = re.compile(r"\s+")
 _IPV4_RE = re.compile(r"\b(?:\d{1,3}\.){3}\d{1,3}\b")
 _NUMBER_RE = re.compile(r"\b\d+\b")
 
+_CONNECTIVITY_SERVICE_HINTS = {
+    "charon",
+    "ipsec",
+    "wireguard",
+    "strongswan",
+    "openvpn",
+    "bgp",
+}
+_CONNECTIVITY_ANCHORS = {
+    "vpn",
+    "tunnel",
+    "rekey",
+    "ipsec",
+    "handshake",
+    "peer",
+}
+_CONNECTIVITY_STATE_HINTS = {
+    "down",
+    "up",
+    "dropped",
+    "recovered",
+    "unreachable",
+    "timeout",
+    "flapped",
+}
+_RESOURCE_HINTS = {
+    "disk",
+    "memory",
+    "cpu",
+    "storage",
+    "inode",
+    "pressure",
+    "filesystem",
+    "out of space",
+    "swap",
+}
+
+
+def _has_any(text: str, values: set[str]) -> bool:
+    return any(value in text for value in values)
+
+
+def _has_connectivity_context(message: str, service: str) -> bool:
+    service_hint = service and _has_any(service, _CONNECTIVITY_SERVICE_HINTS)
+    anchor_hint = _has_any(message, _CONNECTIVITY_ANCHORS)
+    state_hint = _has_any(message, _CONNECTIVITY_STATE_HINTS)
+    return service_hint or (anchor_hint and state_hint)
+
 
 def normalize_message(message: str) -> str:
     text = (message or "").strip().lower()
@@ -21,10 +69,16 @@ def normalize_message(message: str) -> str:
 def event_family_for(event: Event) -> str:
     message_normalized = getattr(event, "message_normalized", None) or normalize_message(event.message_raw)
     base = message_normalized
+    service = (event.service or "").strip().lower()
+
     if "fail" in base or "error" in base:
         return "failure"
     if "restart" in base or "stopped" in base or "started" in base:
         return "service_lifecycle"
+    if _has_connectivity_context(base, service):
+        return "connectivity"
+    if _has_any(base, _RESOURCE_HINTS):
+        return "resource"
     if "auth" in base or "login" in base:
         return "auth"
     return "generic"