[codex] add machine-readable run summaries

README.md

@@ -32,6 +32,7 @@ python -m telemetry_window_demo.cli run --config configs/richer_sample.yaml
 
 That scenario pack reads `data/raw/richer_sample_events.jsonl` and writes outputs to `data/processed/richer_sample/`.
 It currently produces `28` normalized events, `24` windows, and `8` alerts.
+Both sample paths also emit a compact `summary.json` alongside the CSV and PNG outputs.
 
 ## Current behavior
 
@@ -64,13 +65,16 @@ The richer scenario pack uses a longer `120` second cooldown so the output stays
 
 ## Outputs
 
-Running the default command regenerates:
-
-- `data/processed/features.csv`
-- `data/processed/alerts.csv`
-- `data/processed/event_count_timeline.png`
-- `data/processed/error_rate_timeline.png`
-- `data/processed/alerts_timeline.png`
+Running the default command regenerates:
+
+- `data/processed/features.csv`
+- `data/processed/alerts.csv`
+- `data/processed/summary.json`
+- `data/processed/event_count_timeline.png`
+- `data/processed/error_rate_timeline.png`
+- `data/processed/alerts_timeline.png`
+
+The summary artifact includes the input path, output directory, normalized event count, window count, feature row count, alert count, triggered rule names and counts, cooldown setting, and generated artifact paths.
 
 ## Scope
 

data/processed/richer_sample/summary.json

@@ -0,0 +1,33 @@
+{
+  "input_path": "data/raw/richer_sample_events.jsonl",
+  "output_dir": "data/processed/richer_sample",
+  "normalized_event_count": 28,
+  "window_count": 24,
+  "feature_row_count": 24,
+  "alert_count": 8,
+  "triggered_rule_names": [
+    "high_error_rate",
+    "high_severity_spike",
+    "login_fail_burst",
+    "persistent_high_error",
+    "rare_event_repeat_malware_alert",
+    "rare_event_repeat_policy_denied"
+  ],
+  "triggered_rule_counts": {
+    "high_error_rate": 2,
+    "high_severity_spike": 1,
+    "login_fail_burst": 1,
+    "persistent_high_error": 2,
+    "rare_event_repeat_malware_alert": 1,
+    "rare_event_repeat_policy_denied": 1
+  },
+  "cooldown_seconds": 120,
+  "generated_artifacts": [
+    "data/processed/richer_sample/features.csv",
+    "data/processed/richer_sample/alerts.csv",
+    "data/processed/richer_sample/summary.json",
+    "data/processed/richer_sample/event_count_timeline.png",
+    "data/processed/richer_sample/error_rate_timeline.png",
+    "data/processed/richer_sample/alerts_timeline.png"
+  ]
+}

data/processed/summary.json

@@ -0,0 +1,33 @@
+{
+  "input_path": "data/raw/sample_events.jsonl",
+  "output_dir": "data/processed",
+  "normalized_event_count": 41,
+  "window_count": 24,
+  "feature_row_count": 24,
+  "alert_count": 12,
+  "triggered_rule_names": [
+    "high_error_rate",
+    "high_severity_spike",
+    "login_fail_burst",
+    "persistent_high_error",
+    "rare_event_repeat_malware_alert",
+    "source_spread_spike"
+  ],
+  "triggered_rule_counts": {
+    "high_error_rate": 3,
+    "high_severity_spike": 2,
+    "login_fail_burst": 2,
+    "persistent_high_error": 3,
+    "rare_event_repeat_malware_alert": 1,
+    "source_spread_spike": 1
+  },
+  "cooldown_seconds": 60,
+  "generated_artifacts": [
+    "data/processed/features.csv",
+    "data/processed/alerts.csv",
+    "data/processed/summary.json",
+    "data/processed/event_count_timeline.png",
+    "data/processed/error_rate_timeline.png",
+    "data/processed/alerts_timeline.png"
+  ]
+}