Add risk-score-v2 command

.gitignore

@@ -1,6 +1,7 @@
 # Output and Data
 output/
 reports/
+tmp/risk-score-v2/exports/
 
 # Data directory exceptions
 data/*

src/commands/entity_store/README.md

@@ -58,3 +58,61 @@ Clean Entity Store data and related generated artifacts.
 ```bash
 yarn start clean-entity-store
 ```
+
+## `risk-score-v2`
+
+End-to-end Entity Store V2 risk scoring test flow with optional interactive follow-on actions.
+
+### Usage
+
+```bash
+yarn start risk-score-v2 [options]
+```
+
+### Common options
+
+- `--entity-kinds <kinds>`: `host,idp_user,local_user,service`
+- `--users <n>`, `--hosts <n>`, `--local-users <n>`, `--services <n>`
+- `--alerts-per-entity <n>`
+- `--seed-source <source>`: `basic|org`
+- `--perf`: high-volume preset
+- `--no-setup`, `--no-criticality`, `--no-watchlists`, `--no-alerts`
+- `--follow-on` / `--no-follow-on`: enable or skip interactive post-run action menu
+- phase2 relationships are enabled by default
+- `--no-phase2`: disable relationship + entity-resolution flows throughout the command
+- `--no-resolution`: disable resolution linking when `--phase2` is enabled
+- propagation ownership links are enabled by default when phase2 is on
+- `--no-propagation`: disable ownership relationship writes when `--phase2` is enabled
+- `--resolution-group-rate <n>`: default `0.2`
+- `--avg-aliases-per-target <n>`: default `2`
+- `--ownership-edge-rate <n>`: default `0.3`
+- `--table-page-size <n>`: rows per page in summary tables
+- `--dangerous-clean`: clear alerts, entity docs, risk-score docs, and risk lookup docs in target space before run
+- `--debug-resolution`: enable verbose resolution diagnostics (relationship sync/read traces)
+
+### Follow-on actions
+
+After the initial summary (TTY mode), you can choose:
+
+- reset to zero (delete seeded alerts, rerun maintainer)
+- post more alerts (same seeded entities, rerun maintainer)
+- remove modifiers (clear watchlists and criticality, rerun maintainer)
+- re-apply modifiers (new watchlists and criticality, rerun maintainer)
+- refresh table (no data mutations; re-read latest risk/entity docs)
+- run maintainer and refresh table (no data mutations beyond maintainer recalculation)
+- graph summary (prints resolution groups, ownership edges, sampled resolution group sizes)
+- explain resolution score for a single target (prints synthetic resolution key + contributors)
+- link aliases / unlink entities in resolution groups
+- mutate ownership links, clear all relationships, reapply default relationship topology
+
+Each action prints a compact before/after comparison table with score, level, modifier, and relationship deltas.
+The command also prints a dedicated **resolution scorecard** (with synthetic `resolution_key`) so parent-anchored resolution scores are visible and referenceable.
+
+### Phase 2 sensible defaults
+
+When phase2 is enabled (default) and no topology overrides are provided:
+
+- resolution targets are generated with `resolution-group-rate=0.2`
+- aliases are assigned with `avg-aliases-per-target=2`
+- ownership links use `ownership-edge-rate=0.3` (only with `--propagation`)
+- summary table page size defaults to `30` rows

src/commands/entity_store/index.ts

@@ -17,6 +17,7 @@ import {
   promptForTextInput,
 } from '../utils/interactive_prompts.ts';
 import { ensureSpace } from '../../utils/index.ts';
+import { riskScoreV2Command } from './risk_score_v2.ts';
 
 export const entityStoreCommands: CommandModule = {
   register(program: Command) {
@@ -206,5 +207,77 @@ export const entityStoreCommands: CommandModule = {
           });
         }),
       );
+
+    program
+      .command('risk-score-v2')
+      .description('End-to-end Entity Store V2 risk score test command')
+      .option(
+        '--entity-kinds <kinds>',
+        'comma-separated kinds: host,idp_user,local_user,service (default: host,idp_user,local_user,service)',
+      )
+      .option('--users <n>', 'number of user entities (default 10)')
+      .option('--hosts <n>', 'number of host entities (default 10)')
+      .option('--local-users <n>', 'number of local user entities when local_user kind is enabled')
+      .option('--services <n>', 'number of service entities when service kind is enabled')
+      .option('--alerts-per-entity <n>', 'number of alerts per entity (default 5)')
+      .option('--space <space>', 'space to use', 'default')
+      .option('--event-index <index>', 'event index to ingest source documents into')
+      .option('--seed-source <source>', 'entity seed source: basic|org (default basic)')
+      .option(
+        '--org-size <size>',
+        'org size when --seed-source org: john_doe|small|medium|enterprise (default small)',
+      )
+      .option(
+        '--org-productivity-suite <suite>',
+        'productivity suite when --seed-source org: microsoft|google (default microsoft)',
+      )
+      .option('--offset-hours <n>', 'event timestamp offset in hours (default 1)')
+      .option('--perf', 'scale preset: 1000 users, 1000 hosts, 50 alerts each', false)
+      .option('--no-setup', 'skip entity store V2 setup')
+      .option('--no-criticality', 'skip asset criticality assignment')
+      .option('--no-watchlists', 'skip watchlist creation and assignment')
+      .option('--no-alerts', 'skip alert generation')
+      .option('--follow-on', 'enable interactive follow-on actions after initial summary')
+      .option('--no-follow-on', 'disable interactive follow-on actions')
+      .option('--no-phase2', 'disable phase 2 relationship/resolution flows')
+      .option(
+        '--no-resolution',
+        'disable resolution relationship generation when --phase2 is enabled',
+      )
+      .option(
+        '--no-propagation',
+        'disable ownership/propagation relationship generation when --phase2 is enabled',
+      )
+      .option(
+        '--resolution-group-rate <n>',
+        'ratio of entities used as resolution targets when --phase2 is enabled (default 0.2)',
+      )
+      .option(
+        '--avg-aliases-per-target <n>',
+        'average aliases per resolution target when --phase2 is enabled (default 2)',
+      )
+      .option(
+        '--ownership-edge-rate <n>',
+        'ratio of host/service entities with ownership links when --phase2 + --propagation are enabled (default 0.3)',
+      )
+      .option(
+        '--table-page-size <n>',
+        'rows per summary table page (default 20, or 30 with --phase2)',
+      )
+      .option(
+        '--dangerous-clean',
+        'DANGEROUS: clear alerts, entity docs, and risk score docs in the selected space before running',
+        false,
+      )
+      .option(
+        '--debug-resolution',
+        'enable verbose resolution diagnostics (relationship sync + debug read traces)',
+        false,
+      )
+      .action(
+        wrapAction(async (options) => {
+          await riskScoreV2Command(options);
+        }),
+      );
   },
 };