Skip to content

feat(ae): /dx/evidence_manifest ingest → forensic_db.dx_evidence_manifest#78

Open
ConstanzeTU wants to merge 1 commit into
refactor/ae-evidence-graph-renamefrom
feat/ae-evidence-manifest
Open

feat(ae): /dx/evidence_manifest ingest → forensic_db.dx_evidence_manifest#78
ConstanzeTU wants to merge 1 commit into
refactor/ae-evidence-graph-renamefrom
feat/ae-evidence-manifest

Conversation

@ConstanzeTU

Copy link
Copy Markdown

Stacked on #77 (dx graph rename) → #73#68. Closes the AE-side wire gap for dx's §9 completeness contract. Full 'what's included' + TTL test image posted as a comment below once the image is pushed.

…manifest

Closes the AE-side wire gap for dx's §9 completeness contract (stacked on
the dx_evidence_graph rename). dx already POSTs manifests via
aeclient.WriteEvidenceManifest → /dx/evidence_manifest; aeprod26 404s that
path, so manifest_rows_exported=0 / graph_write_failures{kind=manifest}>0.

Adds, mirroring the evidence_graph path:
- control: manifestWriter iface + SetManifestWriter + POST /dx/evidence_manifest
  handler. Accepts one manifest.Manifest per verdict; scalars map to typed
  columns, nested collections (case_window/findings/orders/seeds/chain) are
  rendered as JSON text so the JSONEachRow insert is CH-version independent.
- clickhouse: forensic_db.dx_evidence_manifest table (columns = manifest.Manifest
  JSON tags; event_time nanos + hostname read-path like dx_evidence_graph),
  WriteEvidenceManifest sink, KnownTables + OperatorOwnedTables (created on boot).
- main: wire SetManifestWriter(applier).
- tests: endpoint 501/202/502 + nested-as-text flattening; table-set guard.
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 988c93ed-c43d-47c2-a5d9-37dd3cf2ce62

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/ae-evidence-manifest

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@ConstanzeTU

Copy link
Copy Markdown
Author

🧪 TTL test image for the dx-agent

ttl.sh/px-51d5e18d5/vizier-adaptive_export_image:1d

digest sha256:e3bc91aa75d3ad8a4921fbd6a4dc12db29606f8c6a5a55220528a8731d89732c · AE image only, built from 51d5e18d5 (this branch), TTL 24h. Patch just the AE deployment:

kubectl set image ds/<ae-daemonset> adaptive_export=ttl.sh/px-51d5e18d5/vizier-adaptive_export_image:1d

Exactly what's in this AE

New endpointPOST /dx/evidence_manifest (mirrors /dx/evidence_graph):

  • accepts one manifest.Manifest per call (the object aeclient.WriteEvidenceManifest already sends),
  • 202 on success · 501 if the sink is unwired · 400 bad JSON · 502 on CH write failure,
  • behind the same bearer-JWT auth as the rest of the control surface.

New tableforensic_db.dx_evidence_manifest, created on boot (it's in OperatorOwnedTables, so no manual DDL). Columns are the manifest.Manifest JSON tags:

column type notes
investigation_id String
event_time UInt64 unix nanoseconds (same read-path convention as dx_evidence_graph)
hostname String
condition String
verdict String ruled_in | metastasis
confidence Float64
posterior Float64
catalog_version String
case_window String JSON text ([2]float64)
findings String JSON text ([]FindingRef)
orders String JSON text ([]Order)
seeds String JSON text ([]Seed)
chain String JSON text (*Chain, "" when absent)
evidence_hash String

Nested-as-text: the handler pre-renders case_window/findings/orders/seeds/chain to JSON strings before the INSERT … FORMAT JSONEachRow, so the write is ClickHouse-version independent (no reliance on input_format_json_read_objects_as_strings). Scalars stay typed; event_time round-trips as an integer literal (no sci-notation).

Engine: MergeTree ORDER BY (event_time, hostname), monthly partitions via fromUnixTimestamp64Nano, 30-day TTL — px-readable, same as dx_evidence_graph.

Quick verify

  1. POST /dx/evidence_manifest → expect 202 (was 404 on aeprod26).
  2. SELECT investigation_id, verdict, findings FROM forensic_db.dx_evidence_manifest → your consulted rows land; manifest_rows_exported_total should climb and graph_write_failures{kind=manifest} stop.

A full vizier_release (aeprod27) with this is being cut too; I'll post that tag here when it lands.

@ConstanzeTU

Copy link
Copy Markdown
Author

✅ Full release: aeprod27

The complete vizier image set (with the /dx/evidence_manifest change) is now in GHCR under 0.14.19-aeprod27:

release/vizier/v0.14.19-aeprod27
ghcr.io/k8sstormcenter/vizier-adaptive_export_image:0.14.19-aeprod27
  digest sha256:8b78d60ba06e650627e25a3ff857a02a16ac8d51cd7d98f0a944058c2814de67

query_broker, pem, and the rest of the set are published at the same tag — use this for a full roll (vs. the ttl.sh image which patches only AE). Built from 51d5e18d5 (this branch tip).

Same behavior as the TTL image: POST /dx/evidence_manifest → 202, rows land in forensic_db.dx_evidence_manifest.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant