实现分层实体漏洞知识库与实体级完整度监控

scripts/intel/validators.py

@@ -3,7 +3,7 @@ from __future__ import annotations
 from pathlib import Path
 from typing import Any, Dict, List
 
-from intel.config import FRAMEWORK_ROOT, GENERATED_DIR, REGISTRY_ROOT, REPRO_MAP_PATH, ROOT, SECURE_CODE_ROOT, SOURCE_MAP_PATH, SYSTEMS_DIR
+from intel.config import ENTITIES_DIR, FRAMEWORK_ROOT, GENERATED_DIR, REGISTRY_ROOT, REPRO_MAP_PATH, ROOT, SECURE_CODE_ROOT, SOURCE_MAP_PATH, SYSTEMS_DIR
 from intel.render import LANGUAGES, TOPIC_DESCRIPTIONS
 from intel.utils import load_all_json
 
@@ -18,6 +18,24 @@ REQUIRED_REGISTRY_FIELDS = {
     "verification_status",
     "verification_mode",
     "repro_profile_id",
+    "entity_refs",
+    "affected_components",
+    "affected_version_ranges",
+    "fixed_version_ranges",
+    "version_confidence",
+    "workflow",
+}
+
+REQUIRED_ENTITY_FIELDS = {
+    "entity_id",
+    "entity_type",
+    "display_name",
+    "root_system_id",
+    "category",
+    "status",
+    "history_policy",
+    "latest_sync_status",
+    "official_source_covered",
 }
 
 REQUIRED_SYSTEM_FIELDS = {
@@ -101,6 +119,19 @@ def validate(source_map: Dict[str, Any]) -> List[str]:
         missing = REQUIRED_REGISTRY_FIELDS - set(item.keys())
         if missing:
             errors.append(f"registry advisory missing fields: {item.get('canonical_id', 'unknown')} -> {sorted(missing)}")
+        workflow = item.get("workflow") or {}
+        if not workflow.get("workflow_id"):
+            errors.append(f"registry advisory workflow missing workflow_id: {item.get('canonical_id', 'unknown')}")
+        if not workflow.get("vuln_family"):
+            errors.append(f"registry advisory workflow missing vuln_family: {item.get('canonical_id', 'unknown')}")
+
+    entity_items = load_all_json(ENTITIES_DIR)
+    if not entity_items:
+        errors.append(f"entity registry missing: {ENTITIES_DIR}")
+    for item in entity_items:
+        missing = REQUIRED_ENTITY_FIELDS - set(item.keys())
+        if missing:
+            errors.append(f"entity registry missing fields: {item.get('entity_id', 'unknown')} -> {sorted(missing)}")
 
     for path in [
         GENERATED_DIR / "coverage-matrix.md",
@@ -112,6 +143,11 @@ def validate(source_map: Dict[str, Any]) -> List[str]:
         GENERATED_DIR / "source-catalog-audit.json",
         GENERATED_DIR / "source-catalog-audit.md",
         GENERATED_DIR / "retired-sources.json",
+        GENERATED_DIR / "entity-completeness.json",
+        GENERATED_DIR / "entity-discovery-backlog.json",
+        GENERATED_DIR / "entity-queues.json",
+        GENERATED_DIR / "entity-catalog-report.md",
+        GENERATED_DIR / "entity-discovery-backlog.md",
         GENERATED_DIR / "dashboard" / "index.html",
         GENERATED_DIR / "dashboard" / "overview" / "index.html",
         GENERATED_DIR / "dashboard" / "runs" / "index.html",
@@ -140,6 +176,8 @@ def validate(source_map: Dict[str, Any]) -> List[str]:
         GENERATED_DIR / "dashboard" / "docs" / "source-map.html",
         GENERATED_DIR / "dashboard" / "docs" / "source-catalog-audit.html",
         GENERATED_DIR / "dashboard" / "docs" / "retired-sources.html",
+        GENERATED_DIR / "dashboard" / "docs" / "entity-catalog-report.html",
+        GENERATED_DIR / "dashboard" / "docs" / "entity-discovery-backlog.html",
         GENERATED_DIR / "dashboard" / "docs" / "repro-map.html",
         GENERATED_DIR / "dashboard" / "docs" / "coverage-matrix.html",
         GENERATED_DIR / "dashboard" / "docs" / "design-source.html",
@@ -149,6 +187,9 @@ def validate(source_map: Dict[str, Any]) -> List[str]:
         GENERATED_DIR / "dashboard" / "data" / "alerts.json",
         GENERATED_DIR / "dashboard" / "data" / "monitor-summary.json",
         GENERATED_DIR / "dashboard" / "data" / "source-catalog-audit.json",
+        GENERATED_DIR / "dashboard" / "data" / "entity-completeness.json",
+        GENERATED_DIR / "dashboard" / "data" / "entity-discovery-backlog.json",
+        GENERATED_DIR / "dashboard" / "data" / "entity-queues.json",
         ROOT / "docs" / "testing-completeness-report.md",
         ROOT / "08-threat-intel" / "registry" / "source-confidence.md",
     ]: