update: mkdocs

scc-tw · scc-tw · commit ae814d9bd889 · 2025-05-02T00:11:32.000+08:00
diff --git a/docs/api/models.md b/docs/api/models.md
@@ -1,21 +1,123 @@
 # Models API
 
-This page documents the Pydantic models used for representing events and reports.
+This page documents the Pydantic models used for representing events and reports in the legacy codebase.
 
-::: linux_edr.models.CommandLine
+## Event Models
 
-::: linux_edr.models.ProcessEvents
+### CommandLine
 
-::: linux_edr.models.SummaryReport
+Represents a command line with command name and arguments.
 
-::: linux_edr.models.Cell
+```python
+from linux_edr.models import CommandLine
 
-::: linux_edr.models.Block
+cmd = CommandLine(
+    command="ls",
+    args=["-la", "/home"]
+)
+```
 
-::: linux_edr.models.DailyReport
+### ProcessEvents
 
-::: linux_edr.models.WeeklyReport
+Collection of process execution events.
 
-::: linux_edr.models.MonthlyReport
+```python
+from linux_edr.models import ProcessEvents
 
-::: linux_edr.models.DailySummary 
+events = ProcessEvents(
+    events=[event1, event2, event3]
+)
+```
+
+## Report Models
+
+### SummaryReport
+
+Base class for all summary reports.
+
+```python
+from linux_edr.models import SummaryReport
+
+# Used as a base class for specific report types
+```
+
+### Cell
+
+Represents a 5-minute report cell.
+
+```python
+from linux_edr.models import Cell
+
+cell = Cell(
+    id="cell-2023-05-12-12-00",
+    start_time=datetime.now(),
+    end_time=datetime.now() + timedelta(minutes=5),
+    command_count=42,
+    unique_commands=15,
+    # other fields...
+)
+```
+
+### Block
+
+Represents an hourly report block containing multiple cells.
+
+```python
+from linux_edr.models import Block
+
+block = Block(
+    id="block-2023-05-12-12",
+    start_time=datetime.now(),
+    end_time=datetime.now() + timedelta(hours=1),
+    cells=["cell-1", "cell-2", "cell-3"],
+    # other fields...
+)
+```
+
+### DailyReport
+
+Represents a daily report containing multiple blocks.
+
+```python
+from linux_edr.models import DailyReport
+
+daily = DailyReport(
+    id="daily-2023-05-12",
+    start_time=datetime.now(),
+    end_time=datetime.now() + timedelta(days=1),
+    blocks=["block-1", "block-2", "block-3"],
+    # other fields...
+)
+```
+
+### WeeklyReport
+
+Represents a weekly report containing multiple daily reports.
+
+```python
+from linux_edr.models import WeeklyReport
+
+weekly = WeeklyReport(
+    id="weekly-2023-05-12",
+    start_time=datetime.now(),
+    end_time=datetime.now() + timedelta(weeks=1),
+    dailies=["daily-1", "daily-2", "daily-3"],
+    # other fields...
+)
+```
+
+### MonthlyReport
+
+Represents a monthly report containing multiple weekly reports.
+
+```python
+from linux_edr.models import MonthlyReport
+
+monthly = MonthlyReport(
+    id="monthly-2023-05",
+    start_time=datetime.now(),
+    end_time=datetime.now() + timedelta(days=30),
+    weeklies=["weekly-1", "weekly-2", "weekly-3", "weekly-4"],
+    # other fields...
+)
+``` 
diff --git a/docs/privacy.md b/docs/privacy.md
@@ -1,3 +1,48 @@
 # Privacy Policy
 
-Please refer to the main [Privacy Policy](../PRIVACY.md) document in the repository root. 
+This document outlines the privacy considerations for the Linux EDR system.
+
+## Data Collection
+
+Linux EDR collects process execution events from the Linux kernel through the `ftrace` subsystem. This includes:
+
+- Process IDs (PIDs)
+- Command names and arguments
+- Execution timestamps
+- Parent-child process relationships
+
+## Data Storage
+
+All data collected by Linux EDR is stored locally on the system where it is installed. By default, no data is transmitted to external servers.
+
+## AI Analysis
+
+When the AI analysis feature is enabled:
+
+1. Report summaries (not raw event data) may be sent to OpenAI's API for analysis
+2. The data sent is limited to aggregated statistics and patterns, not detailed command arguments
+3. You can disable this feature in the configuration file
+
+## Data Retention
+
+- Cell reports (5-minute intervals): Retained for 24 hours
+- Block reports (hourly): Retained for 7 days  
+- Daily reports: Retained for 30 days
+- Weekly reports: Retained for 90 days
+- Monthly reports: Retained for 365 days
+
+You can modify these retention periods in the configuration file.
+
+## Security Considerations
+
+- All data is stored in the local filesystem
+- Access to the reports requires filesystem permissions
+- No authentication is built into the tool itself - rely on system-level access controls
+
+## Third-Party Services
+
+The only external service optionally used is the OpenAI API for report analysis. This can be disabled in the configuration.
+
+## Changes to This Policy
+
+This privacy policy may be updated as the tool evolves. Check the repository for the latest version. 
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -41,14 +41,17 @@ nav:
       - Use Cases: api/application/use_cases.md
     - Infrastructure:
       - Repositories: api/infrastructure/repositories.md
+      - Trace Reader: api/trace.md
+      - Aggregator: api/aggregator.md
     - Interfaces:
       - Controllers: api/interfaces/controllers.md
     - Legacy APIs:
       - Report Manager: api/report_manager.md
       - Models: api/models.md
       - Reporter: api/reporter.md
   - Development: development.md
-  - Privacy Policy: privacy.md
+  - Reporting: reporting.md
+  - Privacy: privacy.md
 
 markdown_extensions:
   - pymdownx.highlight:
@@ -81,6 +84,7 @@ plugins:
             docstring_style: google
             show_source: true
             show_signature_annotations: true
+            show_if_no_docstring: true
   - git-revision-date-localized:
       enable_creation_date: true
 
