Include calibration verdict

cochaviz · cochaviz · commit e41b0111bb34 · 2026-01-29T06:34:24.000-05:00
diff --git a/cmd/cli.go b/cmd/cli.go
@@ -240,7 +240,26 @@ func executeAnalysis(cmd *cobra.Command, args []string) error {
 	}
 
 	if calibrate {
+		summary := config.CalibrationSummary()
 		cmd.Println("Calibration complete. Alerts suppressed; see logs for per-window metrics.")
+		if summary.Windows == 0 {
+			cmd.Println("Calibration summary: no complete windows were processed.")
+			return nil
+		}
+		cmd.Printf("Calibration summary: %d window(s) analyzed\n", summary.Windows)
+		cmd.Printf(
+			"Recommended thresholds (based on max observed rates): packet-threshold >= %.4f, destination-threshold >= %.4f\n",
+			summary.RecommendedPacketThreshold,
+			summary.RecommendedDestinationThreshold,
+		)
+		if summary.MaxDestinationRate > 0 && summary.MaxDestination.IP != "" {
+			cmd.Printf(
+				"Top destination: %s (rate %.4f packets/s, %d packets)\n",
+				summary.MaxDestination.String(),
+				summary.MaxDestinationRate,
+				summary.MaxDestinationPackets,
+			)
+		}
 		return nil
 	}
 
diff --git a/internal/analysis_batch.go b/internal/analysis_batch.go
@@ -122,14 +122,23 @@ type AnalysisContext struct {
 }
 
 type calibrationStats struct {
-	windows       int
-	packetRateSum float64
-	packetRateMax float64
-	hostRateSum   float64
-	hostRateMax   float64
+	windows                 int
+	packetRateSum           float64
+	packetRateMax           float64
+	hostRateSum             float64
+	hostRateMax             float64
+	topDestinationRateMax   float64
+	topDestinationCountMax  int
+	topDestinationCandidate Destination
 }
 
-func (s *calibrationStats) update(packetRate float64, hostRate float64) {
+func (s *calibrationStats) update(
+	packetRate float64,
+	hostRate float64,
+	topDestination Destination,
+	topCount int,
+	topRate float64,
+) {
 	if s == nil {
 		return
 	}
@@ -142,6 +151,20 @@ func (s *calibrationStats) update(packetRate float64, hostRate float64) {
 	if hostRate > s.hostRateMax {
 		s.hostRateMax = hostRate
 	}
+	if topRate > s.topDestinationRateMax {
+		s.topDestinationRateMax = topRate
+		s.topDestinationCountMax = topCount
+		s.topDestinationCandidate = topDestination
+		return
+	}
+	if topRate == s.topDestinationRateMax && topRate > 0 {
+		currentLabel := s.topDestinationCandidate.String()
+		candidateLabel := topDestination.String()
+		if currentLabel == "" || candidateLabel < currentLabel {
+			s.topDestinationCountMax = topCount
+			s.topDestinationCandidate = topDestination
+		}
+	}
 }
 
 func (s *calibrationStats) packetRateAvg() float64 {
@@ -158,6 +181,19 @@ func (s *calibrationStats) hostRateAvg() float64 {
 	return s.hostRateSum / float64(s.windows)
 }
 
+type CalibrationSummary struct {
+	Windows                         int
+	PacketRateAvg                   float64
+	PacketRateMax                   float64
+	HostRateAvg                     float64
+	HostRateMax                     float64
+	RecommendedPacketThreshold      float64
+	RecommendedDestinationThreshold float64
+	MaxDestination                  Destination
+	MaxDestinationRate              float64
+	MaxDestinationPackets           int
+}
+
 func NewAnalysisConfiguration(
 	srcIP string,
 	c2IP string,
@@ -637,7 +673,7 @@ func (config *AnalysisConfiguration) logCalibration(windowEnd time.Time, duratio
 		topLabel = topDestination.String()
 	}
 
-	config.calibration.update(globalPacketRate, scanRate)
+	config.calibration.update(globalPacketRate, scanRate, topDestination, topCount, topRate)
 
 	nullTestActivity := "idle"
 	if config.result.globalPacketCount > 0 {
@@ -1015,6 +1051,26 @@ func (config *AnalysisConfiguration) Summary() AnalysisSummary {
 	return config.summary
 }
 
+func (config *AnalysisConfiguration) CalibrationSummary() CalibrationSummary {
+	if config == nil {
+		return CalibrationSummary{}
+	}
+
+	stats := config.calibration
+	return CalibrationSummary{
+		Windows:                         stats.windows,
+		PacketRateAvg:                   stats.packetRateAvg(),
+		PacketRateMax:                   stats.packetRateMax,
+		HostRateAvg:                     stats.hostRateAvg(),
+		HostRateMax:                     stats.hostRateMax,
+		RecommendedPacketThreshold:      stats.topDestinationRateMax,
+		RecommendedDestinationThreshold: stats.hostRateMax,
+		MaxDestination:                  stats.topDestinationCandidate,
+		MaxDestinationRate:              stats.topDestinationRateMax,
+		MaxDestinationPackets:           stats.topDestinationCountMax,
+	}
+}
+
 func defaultCaptureBehavior(config *AnalysisConfiguration, behavior *Behavior) (bool, error) {
 	if config == nil {
 		return false, errors.New("config is nil")
