Skip to content

feat(detector): emit time-separated detection episodes#90

Merged
stacknil merged 1 commit into
mainfrom
stacknil/v0.6-detection-episodes
Jul 4, 2026
Merged

feat(detector): emit time-separated detection episodes#90
stacknil merged 1 commit into
mainfrom
stacknil/v0.6-detection-episodes

Conversation

@stacknil

@stacknil stacknil commented Jul 4, 2026

Copy link
Copy Markdown
Owner

Summary

  • add detector episode semantics so the same rule subject can emit multiple time-separated findings
  • keep the existing best-window selection inside each episode candidate
  • document that rule_id + subject is no longer unique within a report and that consumers should use window fields plus evidence IDs

Notes

  • No new detection rules are added.
  • The JSON report remains loglens.report.v2 / schema_version: 2.
  • Existing golden report contracts remain stable; new detector tests cover repeated episodes directly.

Validation

  • cmake -S . -B build
  • cmake --build build
  • ctest --test-dir build -C Debug --output-on-failure
  • git diff --check
  • local Markdown link check for touched docs
  • added-line privacy / secret scan

@stacknil stacknil merged commit 9d0bbe2 into main Jul 4, 2026
9 checks passed
@stacknil stacknil deleted the stacknil/v0.6-detection-episodes branch July 4, 2026 11:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant