feat/configuration2.0: identifiers for variables and events#114
Merged
ipmach merged 1 commit intodevelopmentfrom Mar 31, 2026
Merged
feat/configuration2.0: identifiers for variables and events#114ipmach merged 1 commit intodevelopmentfrom
ipmach merged 1 commit intodevelopmentfrom
Conversation
… matcher Users can now write <label> instead of <*> in template files to give wildcards meaningful names, and use an EventId column in CSV template files to assign stable string identifiers to events. Both formats are compiled to the existing positional representation at load time, so all runtime code (ParserSchema, get_configured_variables) is unchanged. - _compile_templates(): converts <label> → <*> and records label order and per-template event ID labels (from CSV EventId column) - TemplatesManager / TemplateMatcher: accept metadata; expose compile_detector_config() to resolve string pos labels and string event keys to positional ints before pipeline startup - Variable.pos: str | int (string = named label, compiled to int) - Variable.name: optional (defaults to empty; label serves as name) - load_templates(): returns (templates, event_id_labels); CSV files support an optional EventId column for named event IDs (.txt files remain positional-only) - Tests and test fixtures for all new paths; roundtrip tests confirm string pos and string event keys survive YAML → Pydantic → YAML Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
viktorbeck98
changed the title
This was referenced Mar 31, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
<pid>instead of<*>so variables have meaningful names rather than requiring positional counting. All named templates are compiled to the existing<*>format at load time — zero runtime changes.EventIdcolumn in.csvtemplate files lets users assign stable string identifiers (e.g.login_failure) to events instead of counting row positions.TemplateMatcher.compile_detector_config(events_config)resolves stringposlabels and string event keys to their positional int equivalents before the pipeline starts, keepingget_configured_variables()andParserSchemaunchanged.<*>templates and integer event/variable keys continue to work without modification.Test plan
uv run pytest -q— 301 passed, 6 skippeduv run prek run -a— all hooks passTestCompileTemplates— named wildcard compilation, mixing validationTestNamedWildcardsTxt—.txtnamed wildcards,compile_detector_configresolution, unknown label errorTestNamedEventIdCsv—.csvEventIdcolumn, named event key resolution, positional int keys still workTestNamedVariablesRoundtrip— YAML → Pydantic → YAML → Pydantic identity for named pos and named event ID configsRelated Issues
Fixes #83 and #82