sys-scan-agent 5.0.3__py3-none-any.whl → 5.0.3.dev0__py3-none-any.whl

sys_scan_agent/models/__init__.py

@@ -1 +1,162 @@
-# Model data files package
+from __future__ import annotations
+from typing import List, Dict, Optional, Any, Union
+from pydantic import BaseModel, Field
+import hashlib
+
+# -----------------
+# Core Report Schema (subset + extensions)
+# -----------------
+
+class Finding(BaseModel):
+    id: str
+    title: str
+    severity: str
+    # Legacy field name expected throughout enrichment pipeline. The C++ layer now emits
+    # base_severity_score instead; ingestion normalizes by copying that value into risk_score
+    # (and risk_total) if risk_score is absent. We retain risk_score as required so downstream
+    # code need not handle Optional[int].
+    risk_score: int
+    # Transitional visibility: surface base_severity_score if present in raw report (or if
+    # synthesized during normalization) for transparency / future migration to holistic risk.
+    base_severity_score: Optional[int] = None
+    description: Optional[str] = ""
+    metadata: Dict[str, Any] = Field(default_factory=dict)
+    operational_error: bool = False  # if true, represents scanner operational issue, not security signal
+    # Extensions
+    category: Optional[str] = None
+    tags: List[str] = Field(default_factory=list)
+    risk_subscores: Optional[Dict[str, float]] = None  # impact/exposure/anomaly/confidence
+    correlation_refs: List[str] = Field(default_factory=list)
+    baseline_status: Optional[str] = None  # new|existing|unknown
+    severity_source: Optional[str] = None  # raw|bumped|rule_engine
+    allowlist_reason: Optional[str] = None
+    probability_actionable: Optional[float] = None  # calibrated probability (0-1)
+    graph_degree: Optional[int] = None  # number of correlations referencing this finding
+    cluster_id: Optional[int] = None  # correlation graph connected component id
+    rationale: Optional[list[str]] = None  # explanations for risk
+    risk_total: Optional[int] = None  # duplicate of risk_score as stable name for external consumption
+    host_role: Optional[str] = None  # inferred host role classification (workstation|dev_workstation|bastion|lightweight_router|container_host)
+    host_role_rationale: Optional[List[str]] = None  # signals used for role classification
+    metric_drift: Optional[dict] = None  # when synthetic metric drift finding, carry metrics metadata
+
+    def identity_hash(self) -> str:
+        h = hashlib.sha256()
+        # Use stable core identity (scanner + id + title) stored externally
+        core = f"{self.id}\n{self.title}\n{self.severity}\n"
+        h.update(core.encode())
+        return h.hexdigest()
+
+class ScannerResult(BaseModel):
+    scanner: str
+    finding_count: int
+    findings: List[Finding]
+
+class Meta(BaseModel):
+    hostname: Optional[str] = None
+    tool_version: Optional[str] = None
+    json_schema_version: Optional[str] = None
+    # Extensions
+    host_id: Optional[str] = None
+    scan_id: Optional[str] = None
+
+class Summary(BaseModel):
+    finding_count_total: Optional[int] = None
+    finding_count_emitted: Optional[int] = None
+    severity_counts: Dict[str, int] = Field(default_factory=dict)
+
+class SummaryExtension(BaseModel):
+    total_risk_score: int
+    emitted_risk_score: Optional[int] = None
+
+class Report(BaseModel):
+    meta: Meta
+    summary: Summary
+    results: List[ScannerResult]
+    collection_warnings: List[dict] = Field(default_factory=list)
+    scanner_errors: List[dict] = Field(default_factory=list)
+    summary_extension: SummaryExtension
+
+# -----------------
+# Correlation / Enrichment Models
+# -----------------
+
+class Correlation(BaseModel):
+    id: str
+    title: str
+    rationale: str
+    related_finding_ids: List[str]
+    risk_score_delta: int = 0
+    tags: List[str] = Field(default_factory=list)
+    severity: Optional[str] = None
+    predicate_hits: Optional[dict[str, list[str]]] = None  # finding_id -> list of condition descriptors satisfied
+
+class Reductions(BaseModel):
+    module_summary: Optional[dict] = None
+    suid_summary: Optional[dict] = None
+    network_summary: Optional[dict] = None
+    top_findings: List[dict] = Field(default_factory=list)
+    # Alias list for evaluation metrics (same content as top_findings) to express "top_risks" semantics
+    top_risks: Optional[List[dict]] = None
+
+class MultiHostCorrelation(BaseModel):
+    type: str  # e.g., module_propagation
+    key: str   # module name
+    host_ids: List[str]
+    first_seen_recent: bool = True
+    rationale: Optional[str] = None
+
+class Summaries(BaseModel):
+    executive_summary: Optional[str] = None
+    analyst: Optional[dict] = None
+    consistency_findings: Optional[list] = None  # output of Prompt A
+    triage_summary: Optional[dict] = None        # structured triage output (Prompt B)
+    action_narrative: Optional[str] = None       # human narrative of actions (Prompt C)
+    metrics: Optional[dict] = None               # token/latency metrics & alerts
+    causal_hypotheses: Optional[list[dict]] = None  # experimental speculative root cause hypotheses
+    attack_coverage: Optional[dict] = None       # ATT&CK technique coverage summary
+
+class ActionItem(BaseModel):
+    priority: int
+    action: str
+    correlation_refs: List[str] = Field(default_factory=list)
+
+class AgentWarning(BaseModel):
+    module: str
+    stage: str
+    error_type: str
+    message: str
+    severity: str = "warning"  # warning|error|info
+    hint: Optional[str] = None
+
+class FollowupResult(BaseModel):
+    finding_id: str
+    plan: List[str] = Field(default_factory=list)
+    results: dict = Field(default_factory=dict)
+    status: str = "executed"  # executed|skipped|error
+    notes: Optional[str] = None
+
+class EnrichedOutput(BaseModel):
+    version: str = "agent_mvp_1"
+    correlations: List[Correlation]
+    reductions: dict
+    summaries: Summaries
+    actions: List[ActionItem]
+    raw_reference: Optional[str] = None  # sha256 of original report file
+    enriched_findings: Optional[List[Finding]] = None  # flattened findings with subscores
+    correlation_graph: Optional[dict] = None  # clusters & metrics
+    followups: Optional[List[FollowupResult]] = None
+    enrichment_results: Optional[dict] = None  # aggregated follow-up verification outcomes
+    multi_host_correlation: Optional[List[MultiHostCorrelation]] = None
+    integrity: Optional[dict] = None  # sha256 + signature verification status
+
+class AgentState(BaseModel):
+    raw_report: Optional[dict] = None
+    report: Optional[Report] = None
+    correlations: List[Correlation] = Field(default_factory=list)
+    reductions: dict = Field(default_factory=dict)
+    summaries: Summaries = Field(default_factory=Summaries)
+    actions: List[ActionItem] = Field(default_factory=list)
+    followups: List[FollowupResult] = Field(default_factory=list)
+    enrichment_results: dict = Field(default_factory=dict)
+    multi_host_correlation: List[MultiHostCorrelation] = Field(default_factory=list)
+    agent_warnings: List[dict] = Field(default_factory=list)

{sys_scan_agent-5.0.3.dist-info → sys_scan_agent-5.0.3.dev0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sys-scan-agent
-Version: 5.0.3
+Version: 5.0.3.dev0
 Summary: AI-powered intelligence layer for the sys-scan-graph security scanner.
 Home-page: https://github.com/J-mazz/sys-scan-graph
 Author: Joseph Mazzini

{sys_scan_agent-5.0.3.dist-info → sys_scan_agent-5.0.3.dev0.dist-info}/RECORD

@@ -37,7 +37,6 @@ sys_scan_agent/metrics.py,sha256=G8h8G3Kgrcee0kgQ37ihtu8iHkasXbXyywY5YQOIF54,409
 sys_scan_agent/metrics_exporter.py,sha256=MBfpuxn077lEgIiKPJEzhz5qsZ21weEKPHXQCwIXJKU,8661
 sys_scan_agent/metrics_node.py,sha256=F7OQ3yU06Lftjmm_pbzfDu6ybrRrAqN4gfyAy0xBIFQ,6752
 sys_scan_agent/migration_v3.py,sha256=LTmzRtjQUwHfNtr-gpBdyCLQdiu_HjdU73oYqFVCIJQ,2190
-sys_scan_agent/models.py,sha256=e_bD4sJ31lpNt8jgfFSNNznVwB8ZO4m9qVMNmofbitM,6890
 sys_scan_agent/performance_baseline.py,sha256=btFtN943S2GahaHcTEJFrDJCnA-78XG0H6Gqf_q1I50,7520
 sys_scan_agent/pipeline.py,sha256=c3xdk5-gPK-UKq3ahYZDsjGZ3IEBU8EtDAFtDOo1w2M,14395
 sys_scan_agent/rarity_generate.py,sha256=BM2bgyUmNM_PhVIsCG7jFXTf3D8d5QQkohdnFbbl9t4,1851
@@ -68,10 +67,10 @@ sys_scan_agent/graph/routing.py,sha256=Tqs-F1QMAdCf9HecUvAQwZeD1X11HsvxB8uXZ_ZBf
 sys_scan_agent/graph/rules.py,sha256=SIh4lxVaBAkYNkRLB4KFvk7jL4rkD3MrL0IverfzAzc,9641
 sys_scan_agent/graph/summarization.py,sha256=cXc5Lh8-mBLy4PK_BHOchOAyT2OqdL52X2pBNoexuRc,14140
 sys_scan_agent/graph/utils.py,sha256=oM5-USXt9oIplvhb_5l0eJdq4MEtORs6mzF4RTzUu3Y,13891
-sys_scan_agent/models/__init__.py,sha256=E1y6UpMTykSzmlpCkoajfR-PzjUyhyVsFSBVKHaA8h4,26
+sys_scan_agent/models/__init__.py,sha256=wgylTYY2kP1k03CFg5s9Q2DS2slpHfhvP0kf_w6xU3E,6888
 sys_scan_agent/models/mistral-security-scanner/adapter_config.json,sha256=MOx5bdifYA3m-aWPdxAIYnfluOJWJcMg3GYtSySPGkg,945
 sys_scan_agent/models/mistral-security-scanner/tokenizer.json,sha256=PFz0QCNxT7ObBeceQl-Ne5KAX_c_eYiwg7jIfwv4c5M,17209961
-sys_scan_agent-5.0.3.dist-info/licenses/LICENSE,sha256=VXRfqQBS6tVMaaDjs09EmMmLbC5Hb5yzhxdUgL0GHow,12135
+sys_scan_agent-5.0.3.dev0.dist-info/licenses/LICENSE,sha256=VXRfqQBS6tVMaaDjs09EmMmLbC5Hb5yzhxdUgL0GHow,12135
 tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tests/conftest.py,sha256=YzOXysZy-Sw1WCGdeHeINiE1jrSNMA_4AwLw-0sFFys,512
 tests/test_advanced_router.py,sha256=GbE3PPDkgiKswr-VNTH9b3qhRG53ea2cVmFBCZQxYFY,1297
@@ -99,7 +98,7 @@ tests/test_fleet_report_schema.py,sha256=P3fH_BxVQoBfW9lDPLxLaf3EFTK9BvbJPsqOTaT
 tests/test_graph.py,sha256=iU1JMf4OWCcwh1cWjaN-L3rM0DXocq03E1SBPpNXwYM,86256
 tests/test_graph_analysis.py,sha256=D24NossWc1vi4HPiCKYjyf67TbSicIyvqZu3LwGGJP8,14107
 tests/test_graph_cycle.py,sha256=vRktx0h2SX0PxirWC9L68nSLvCSt_YmhdjS-g-w9FJs,2617
-tests/test_graph_main.py,sha256=XcT51eSaezsO330BKXNOAdMXNQCBklbY_KE6m8-exa4,44024
+tests/test_graph_main.py,sha256=WTrXih5WiJcUYf3G82g7wn5E_GK-dw0QRR8sbFl1KPU,44062
 tests/test_graph_scaffold_workflow.py,sha256=fD8_6K3qZO8wO60bfAp_a5_Z02bg3Q1H5GqDOhXR_ho,3597
 tests/test_graph_utils.py,sha256=b4jnOiBGMb6GXFF2qerFOlHw7Z83b0PvnsCurCsX4Nw,25783
 tests/test_graph_with_toolnode.py,sha256=UXwTA_YNOs8npGR9InX8p_NHmpWQPmXrE1iwDQ7VBsQ,14870
@@ -141,8 +140,8 @@ tests/test_tools_enhanced.py,sha256=rJK6Hczu2mp24gdqubI7fy_m6VfPpm6dwbaTHTMHW6M,
 tests/test_utils.py,sha256=-iUT5p_a1R90QJndAJazYgO2xHZBjfErQnSKRIkHj54,7534
 tests/test_workflow_equivalence.py,sha256=OyGkCHeYLaVs47FG1098o6fyn0TAtuwh12b7oM5uWwI,25127
 tests/test_yaml_corruption.py,sha256=_5FLGIv7jppCDZncR_gwxDYTHjlxlErLjQD3vVO37AQ,2107
-sys_scan_agent-5.0.3.dist-info/METADATA,sha256=J1Gd4k0nhSJCEVYcmwRGx7RluxS8F4AEXYoCT0HLYIw,8537
-sys_scan_agent-5.0.3.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-sys_scan_agent-5.0.3.dist-info/entry_points.txt,sha256=7rmYGTp4NvfbpxCqWu7wrHCKd-2BEZfnlPJoxSDKokg,105
-sys_scan_agent-5.0.3.dist-info/top_level.txt,sha256=3uTXqS-hAr46En_EzXhUkyBEZ6TrlSvUT_toOPE4Ero,48
-sys_scan_agent-5.0.3.dist-info/RECORD,,
+sys_scan_agent-5.0.3.dev0.dist-info/METADATA,sha256=CTD8JqrwdShPlGEtInUZb5UTOuQT62MWYvT0bUpHIzE,8542
+sys_scan_agent-5.0.3.dev0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+sys_scan_agent-5.0.3.dev0.dist-info/entry_points.txt,sha256=7rmYGTp4NvfbpxCqWu7wrHCKd-2BEZfnlPJoxSDKokg,105
+sys_scan_agent-5.0.3.dev0.dist-info/top_level.txt,sha256=3uTXqS-hAr46En_EzXhUkyBEZ6TrlSvUT_toOPE4Ero,48
+sys_scan_agent-5.0.3.dev0.dist-info/RECORD,,

tests/test_graph_main.py

@@ -12,7 +12,8 @@ import os
 import importlib.util
 
 # Load the main graph.py module directly
-graph_spec = importlib.util.spec_from_file_location("graph_main", "/home/joseph-mazzini/sys-scan-graph/agent/sys_scan_agent/graph.py")
+graph_py_path = os.path.join(os.path.dirname(__file__), '..', 'sys_scan_agent', 'graph.py')
+graph_spec = importlib.util.spec_from_file_location("graph_main", graph_py_path)
 if graph_spec is None or graph_spec.loader is None:
     raise ImportError("Could not load graph.py module")
 graph_main = importlib.util.module_from_spec(graph_spec)

sys_scan_agent/models.py

@@ -1,163 +0,0 @@
-from __future__ import annotations
-from typing import List, Dict, Optional, Any, Union
-from pydantic import BaseModel, Field
-import hashlib
-
-# -----------------
-# Core Report Schema (subset + extensions)
-# -----------------
-
-class Finding(BaseModel):
-    id: str
-    title: str
-    severity: str
-    # Legacy field name expected throughout enrichment pipeline. The C++ layer now emits
-    # base_severity_score instead; ingestion normalizes by copying that value into risk_score
-    # (and risk_total) if risk_score is absent. We retain risk_score as required so downstream
-    # code need not handle Optional[int].
-    risk_score: int
-    # Transitional visibility: surface base_severity_score if present in raw report (or if
-    # synthesized during normalization) for transparency / future migration to holistic risk.
-    base_severity_score: Optional[int] = None
-    description: Optional[str] = ""
-    metadata: Dict[str, Any] = Field(default_factory=dict)
-    operational_error: bool = False  # if true, represents scanner operational issue, not security signal
-    # Extensions
-    category: Optional[str] = None
-    tags: List[str] = Field(default_factory=list)
-    risk_subscores: Optional[Dict[str, float]] = None  # impact/exposure/anomaly/confidence
-    correlation_refs: List[str] = Field(default_factory=list)
-    baseline_status: Optional[str] = None  # new|existing|unknown
-    severity_source: Optional[str] = None  # raw|bumped|rule_engine
-    allowlist_reason: Optional[str] = None
-    probability_actionable: Optional[float] = None  # calibrated probability (0-1)
-    graph_degree: Optional[int] = None  # number of correlations referencing this finding
-    cluster_id: Optional[int] = None  # correlation graph connected component id
-    rationale: Optional[list[str]] = None  # explanations for risk
-    risk_total: Optional[int] = None  # duplicate of risk_score as stable name for external consumption
-    host_role: Optional[str] = None  # inferred host role classification (workstation|dev_workstation|bastion|lightweight_router|container_host)
-    host_role_rationale: Optional[List[str]] = None  # signals used for role classification
-    metric_drift: Optional[dict] = None  # when synthetic metric drift finding, carry metrics metadata
-
-    def identity_hash(self) -> str:
-        h = hashlib.sha256()
-        # Use stable core identity (scanner + id + title) stored externally
-        core = f"{self.id}\n{self.title}\n{self.severity}\n"
-        h.update(core.encode())
-        return h.hexdigest()
-
-class ScannerResult(BaseModel):
-    scanner: str
-    finding_count: int
-    findings: List[Finding]
-
-class Meta(BaseModel):
-    hostname: Optional[str] = None
-    tool_version: Optional[str] = None
-    json_schema_version: Optional[str] = None
-    # Extensions
-    host_id: Optional[str] = None
-    scan_id: Optional[str] = None
-
-class Summary(BaseModel):
-    finding_count_total: Optional[int] = None
-    finding_count_emitted: Optional[int] = None
-    severity_counts: Dict[str, int] = Field(default_factory=dict)
-
-class SummaryExtension(BaseModel):
-    total_risk_score: int
-    emitted_risk_score: Optional[int] = None
-
-class Report(BaseModel):
-    meta: Meta
-    summary: Summary
-    results: List[ScannerResult]
-    collection_warnings: List[dict] = Field(default_factory=list)
-    scanner_errors: List[dict] = Field(default_factory=list)
-    summary_extension: SummaryExtension
-
-# -----------------
-# Correlation / Enrichment Models
-# -----------------
-
-class Correlation(BaseModel):
-    id: str
-    title: str
-    rationale: str
-    related_finding_ids: List[str]
-    risk_score_delta: int = 0
-    tags: List[str] = Field(default_factory=list)
-    severity: Optional[str] = None
-    predicate_hits: Optional[dict[str, list[str]]] = None  # finding_id -> list of condition descriptors satisfied
-
-class Reductions(BaseModel):
-    module_summary: Optional[dict] = None
-    suid_summary: Optional[dict] = None
-    network_summary: Optional[dict] = None
-    top_findings: List[dict] = Field(default_factory=list)
-    # Alias list for evaluation metrics (same content as top_findings) to express "top_risks" semantics
-    top_risks: Optional[List[dict]] = None
-
-class MultiHostCorrelation(BaseModel):
-    type: str  # e.g., module_propagation
-    key: str   # module name
-    host_ids: List[str]
-    first_seen_recent: bool = True
-    rationale: Optional[str] = None
-
-class Summaries(BaseModel):
-    executive_summary: Optional[str] = None
-    analyst: Optional[dict] = None
-    consistency_findings: Optional[list] = None  # output of Prompt A
-    triage_summary: Optional[dict] = None        # structured triage output (Prompt B)
-    action_narrative: Optional[str] = None       # human narrative of actions (Prompt C)
-    metrics: Optional[dict] = None               # token/latency metrics & alerts
-    causal_hypotheses: Optional[list[dict]] = None  # experimental speculative root cause hypotheses
-    attack_coverage: Optional[dict] = None       # ATT&CK technique coverage summary
-
-class ActionItem(BaseModel):
-    priority: int
-    action: str
-    correlation_refs: List[str] = Field(default_factory=list)
-
-class AgentWarning(BaseModel):
-    module: str
-    stage: str
-    error_type: str
-    message: str
-    severity: str = "warning"  # warning|error|info
-    hint: Optional[str] = None
-
-class FollowupResult(BaseModel):
-    finding_id: str
-    plan: List[str] = Field(default_factory=list)
-    results: dict = Field(default_factory=dict)
-    status: str = "executed"  # executed|skipped|error
-    notes: Optional[str] = None
-
-class EnrichedOutput(BaseModel):
-    version: str = "agent_mvp_1"
-    correlations: List[Correlation]
-    reductions: dict
-    summaries: Summaries
-    actions: List[ActionItem]
-    raw_reference: Optional[str] = None  # sha256 of original report file
-    enriched_findings: Optional[List[Finding]] = None  # flattened findings with subscores
-    correlation_graph: Optional[dict] = None  # clusters & metrics
-    followups: Optional[List[FollowupResult]] = None
-    enrichment_results: Optional[dict] = None  # aggregated follow-up verification outcomes
-    multi_host_correlation: Optional[List[MultiHostCorrelation]] = None
-    integrity: Optional[dict] = None  # sha256 + signature verification status
-
-class AgentState(BaseModel):
-    raw_report: Optional[dict] = None
-    report: Optional[Report] = None
-    correlations: List[Correlation] = Field(default_factory=list)
-    reductions: dict = Field(default_factory=dict)
-    summaries: Summaries = Field(default_factory=Summaries)
-    actions: List[ActionItem] = Field(default_factory=list)
-    followups: List[FollowupResult] = Field(default_factory=list)
-    enrichment_results: dict = Field(default_factory=dict)
-    multi_host_correlation: List[MultiHostCorrelation] = Field(default_factory=list)
-    agent_warnings: List[dict] = Field(default_factory=list)
-