feat: add config-change-investigation-demo#24
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a987b47826
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if str(denial["target_system"]) == target_system | ||
| and change_time <= denial["timestamp"] <= window_end | ||
| ] |
There was a problem hiding this comment.
build_investigations currently attaches any policy_denials record that matches target_system and time window, but it never checks that the record was actually denied. When the input contains mixed policy outcomes, allowed decisions will be counted and reported as denial evidence, which corrupts evidence_counts and investigation conclusions. Add a decision == "denied" guard here (or enforce it during normalization) so only true denials are correlated.
Useful? React with 👍 / 👎.
|
|
||
|
|
||
| def parse_timestamp(raw_value: str) -> datetime: | ||
| return datetime.fromisoformat(raw_value.replace("Z", "+00:00")).astimezone(UTC) |
There was a problem hiding this comment.
parse_timestamp accepts timezone-naive ISO strings and immediately calls .astimezone(UTC), which makes Python interpret naive times in the host's local timezone. This means the same input timestamp can normalize differently across environments and shift events across the correlation boundary, breaking reproducibility for the demo artifacts. Require explicit timezone information (or explicitly treat naive values as UTC) before converting.
Useful? React with 👍 / 👎.
1 participant
Summary
config-change-investigation-demoas a fourth deterministic, file-based demotelemetry-labreads as a four-demo repository and config-change investigation is no longer future workValidation
python -m telemetry_window_demo.cli run-config-change-demopython -m pytest