feat(activity): human-readable titles for compliance/intelligence/audit legs (Phase 0)#616
Merged
Merged
Conversation
…it legs (Phase 0)
system-activity v1.2.0 (C-09, AC-24/25/26). First phase of the activity
readability initiative (docs/engineering/activity_readability_plan.md).
The unified feed built proper sentences for alerts + monitoring but handed
the UI raw machine codes for the other three legs. Now every leg emits a
human title/summary, built in Go after the single UNION (the one-Query
property is preserved):
- Compliance: rule_id -> catalog title via an injected RuleTitleFunc;
summary 'Changed: now Fail' / 'First seen: Pass' (transactions retains
only the new status, so no fake 'X -> Y').
- Intelligence: event_code -> description ('Package updated'); summary
derived generically from the detail JSONB ('curl: 7.64 -> 7.81').
- Audit: '<actor> <predicate>' from actor_label + an action map
('alice@example.com created a host'); the resource UUID is no longer in
the headline.
Unmapped codes humanize structurally (dots -> spaces) so a new code can
never leak as a raw dotted enum. Alert + monitoring legs unchanged.
This makes /activity, the dashboard widget, and host-detail Recent Activity
readable immediately (they already render title/summary).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Phase 0 of the activity readability initiative (
docs/engineering/activity_readability_plan.md).The unified
/api/v1/activityfeed already built proper sentences for thealert + monitoring legs, but handed the UI raw machine codes for the
other three. Now every leg emits a human title/summary, built in Go after
the single UNION (the one-Query property is preserved).
CIS.6.1.1system.package.updatedauth.login.failure+ UUIDRuleTitleFunc(nil-safe; fallsback to the rule id). The transactions table keeps only the new status, so
the summary says "now ", never a fake "X → Y".
<actor> <predicate>fromactor_label+ an action map; theraw resource UUID is no longer in the headline.
(dots → spaces) so a newly-added code can never leak as a raw dotted enum.
This makes
/activity, the dashboard widget, and host-detail Recent Activityreadable immediately (they already render
title/summary) — no frontendchange needed.
Verified live in the browser: every row is a sentence, no codes/UUIDs.
Spec:
system-activityv1.2.0 (C-09, AC-24 unit / AC-25 fallback / AC-26integration). Full activity suite + specter (111) green.
Note: the feed is dominated by
scheduler.tick.dispatched(~7k rows) andsystem.package.installed(~7k) — readable now, but a strong signal forPhase 4 (grouping/dedup) and a taxonomy question (should scheduler ticks
be audit events at all?).