anti
c635478442
Sub-step preceding the rule-pack commits per TTP_TAGGING.md:2967. Adds the per-rule precision suite scaffolding under tests/ttp/rule_precision/: - conftest.py: precision_engine fixture (RuleEngine populated from ./rules/ttp/), corpus_loader (real → seed → empty fallback), precision_for() helper for TP/FP accounting. - _build_corpus.py: extractor for a real prod corpus pull. Mandatory --exclude-ip / DECNET_TTP_CORPUS_EXCLUDE_IPS — operator IPs never end up in the committed exclusion list. Pulls both 'command' and 'unknown_command' event types. - corpus/seed_*.jsonl: synthetic seed rows for each cohort so the harness exercises in clean checkouts. - corpus/*.jsonl (operator-built) is gitignored. - test_corpus_loads.py: sentinel that every seed file parses.
13 lines
539 B
Python
13 lines
539 B
Python
"""Per-rule precision suite for TTP rule pack v0.
|
|
|
|
One test module per rule cohort (command / behavioral / email / canary /
|
|
intel) drives the labelled holdout corpus through a real
|
|
:class:`RuleEngine` bound to ``./rules/ttp/`` and asserts the
|
|
Appendix-C precision target.
|
|
|
|
Live cohort: command (R0001-R0030). Other cohorts ship YAMLs whose
|
|
match specs target downstream lifters (E.3.9-E.3.12); their
|
|
precision tests are :pyfunc:`pytest.xfail`-gated until the lifter
|
|
lands, matching the CDD pattern from ``development/TTP_TAGGING.md``.
|
|
"""
|