Skip to content

Commit eaa57ae

Browse files
committed
docs(review): focus external review surface
1 parent 033e470 commit eaa57ae

2 files changed

Lines changed: 34 additions & 2 deletions

File tree

README.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ Reviewing the project quickly? Start with [`docs/reviewer-path.md`](./docs/revie
3535

3636
For a shorter external review entry point focused on uncertainty handling, read
3737
[How LogLens Treats Parser Uncertainty as Evidence](./docs/case-study-parser-uncertainty-as-evidence.md).
38+
Near-term review boundaries are tracked in the [roadmap](./ROADMAP.md).
3839

3940
## Why This Project Exists
4041

@@ -289,5 +290,8 @@ Tue 2026-03-10 08:31:18 UTC example-host sshd[2245]: Connection closed by authen
289290

290291
## Future Roadmap
291292

292-
- Additional auth patterns and PAM coverage
293-
- Larger sanitized test corpus
293+
- Keep parser uncertainty visible through deterministic warning buckets.
294+
- Add additional auth patterns only with a sanitized sample input, expected
295+
event or warning output, and focused tests.
296+
- Expand the sanitized corpus only when it answers a distinct parser coverage
297+
question.

ROADMAP.md

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
# Roadmap
2+
3+
LogLens is in a narrow reviewer-stable phase. The near-term focus is to
4+
stabilize parser evidence, tests, documentation boundaries, and release
5+
artifacts rather than expand the project surface.
6+
7+
## External Review Surface
8+
9+
Open review issues should stay concrete enough to reproduce from checked-in
10+
fixtures. A good issue names the exact sample input, the expected event or
11+
warning output, and the acceptance criteria for a bounded change or review.
12+
13+
The current public review entry is intentionally small: trace one
14+
`pam_unix_session_closed` line through parser-coverage telemetry and confirm
15+
that unsupported auth evidence remains visible without becoming detector
16+
evidence.
17+
18+
## Parked Directions
19+
20+
- Add parser coverage only when a sanitized fixture line and deterministic
21+
expected event or warning bucket are known up front.
22+
- Keep clean-clone reproduction feedback tied to exact failing commands or
23+
documentation mismatches.
24+
- Grow the noisy auth corpus only when a proposed batch answers a new parser
25+
uncertainty question not already covered by `assets/mixed_auth_corpus.log`.
26+
- Keep additional PAM or SSH variants scoped to defensive Linux authentication
27+
evidence; no live logs, real identifiers, credentials, or platform-coverage
28+
claims.

0 commit comments

Comments
 (0)