From 58cd2940a0fa61986396fc0790f0719e19e96acb Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Wed, 17 Jun 2026 20:16:25 +0000
Subject: [PATCH 01/20] dx_evidence_graph: stub for the dx-agent <-> pixie viz
 contract

Adds an empty (non-functional) PxL script + vis.json + README to host
the contract between the dx-agent's evidence data model and the
pixie-side severity-weighted pod-to-pod graph that will replace the
HTTP-only cluster_overview map for security work.

The README is the live contract:
- proposed evidence-row schema (time_, pod, severity, criterion, ...)
- two-path migration plan (script-args in v1 -> dx_evidence table in v2)
- five open decisions blocking implementation (edge severity reach,
  time anchor, hop depth, multi-evidence aggregation, script placement)

No runnable code lands yet; .pxl and vis.json carry TODO markers
pointing at the README so the dx-agent's data-model decisions show up
in one place. v1 implementation is ~1-2 days once decisions settle.
---
 .../px/dx_evidence_graph/README.md            | 108 ++++++++++++++++++
 .../dx_evidence_graph/dx_evidence_graph.pxl   |  80 +++++++++++++
 src/pxl_scripts/px/dx_evidence_graph/vis.json |  44 +++++++
 3 files changed, 232 insertions(+)
 create mode 100644 src/pxl_scripts/px/dx_evidence_graph/README.md
 create mode 100644 src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
 create mode 100644 src/pxl_scripts/px/dx_evidence_graph/vis.json

diff --git a/src/pxl_scripts/px/dx_evidence_graph/README.md b/src/pxl_scripts/px/dx_evidence_graph/README.md
new file mode 100644
index 00000000000..7fdf1e3ab6d
--- /dev/null
+++ b/src/pxl_scripts/px/dx_evidence_graph/README.md
@@ -0,0 +1,108 @@
+# dx evidence graph — coordination stub
+
+**Status:** stub. Not functional. Coordination placeholder so the
+dx-agent and the pixie-side viz work can converge on a schema and a
+behaviour before either side ships code.
+
+## What this script will be
+
+A Pixie UI dashboard that replaces the latency-weighted HTTP service
+map in `cluster_overview` with a **severity-weighted, all-protocol
+pod-to-pod graph** built from dx-agent evidence.
+
+* Nodes = pods.
+* Edges = any observed pod→pod hop in the window (HTTP, gRPC, DNS,
+  Kafka, MySQL, PgSQL, raw TCP) sourced from `conn_stats` (so the
+  result is protocol-agnostic by construction).
+* Edge weight = severity contribution from dx evidence whose pod
+  participates in the edge.
+* Display spec: `vispb.Graph` with `edgeWeightColumn=weight`,
+  `edgeColorColumn=weight` — same primitive as `net_flow_graph`,
+  not the HTTP-only `RequestGraph`.
+
+## Why a stub PR
+
+The dx-agent is building the evidence data model right now. The
+pixie-side script needs to know:
+
+1. Where the evidence sits at query time (Pixie table vs ClickHouse
+   vs script-arg). Path B in the plan keeps it as script-arg for v1;
+   Path A migrates to a Pixie table in v2.
+2. The exact fields available per evidence row.
+3. How severity is encoded.
+
+This file is the contract. Update it as decisions land; the `.pxl`
+and `vis.json` follow once the contract is firm.
+
+## Schema contract (proposed — open for dx-agent input)
+
+What the pixie script needs per evidence record:
+
+| Field | Type | Required | Used for |
+|---|---|:---:|---|
+| `time_` | TIME64NS | yes | window anchor |
+| `pod` | STRING (`namespace/pod`) | yes | node identity |
+| `upid` | UINT128 | optional | fallback if pod name not yet resolved |
+| `severity` | INT64 | yes | edge weight + node colour |
+| `criterion` | STRING (e.g. `R0002`) | yes | filter, hover text |
+| `source` | STRING (`kubescape` / `pixie`) | yes | filter |
+| `confidence` | FLOAT64 (0..1) | optional | tooltip only in v1 |
+| `raw` | STRING (JSON blob) | optional | drill-down on click in v2 |
+
+Field names match `dx/internal/vectors/Finding` and
+`dx/internal/symptom/Verdict.Severity` from the dx repo. If dx
+emits something differently I will rename rather than fight it —
+this table is a proposal, not a demand.
+
+## Where evidence comes from at query time
+
+Two paths (full reasoning in `/home/constanze/dx-evidence-graph-PLAN.md`):
+
+* **Path B (v1, no Pixie changes):** the script takes evidence as
+  arguments — one pod + one severity per invocation, or a
+  comma-separated list of `pod:severity` pairs. The dx UI (or a
+  Slack alert link) deep-links into Pixie's URL with these args
+  filled in. Ships fast.
+* **Path A (v2):** dx-agent (or AE) writes evidence into a Pixie
+  table `dx_evidence` whose schema matches the contract above. PxL
+  script joins `dx_evidence` × `conn_stats` directly. Self-serve.
+
+v1 ships first to validate the visual; the contract above is forward
+compatible to v2.
+
+## Open decisions — please weigh in
+
+| # | Question | Default I'd pick |
+|---|---|---|
+| 1 | Edge severity inheritance: A→B with only B flagged — full / half / zero? | full |
+| 2 | Time anchor: relative to evidence.T ± window, or free-form start/end? | anchor ± 2 min, free-form fallback |
+| 3 | Hop depth cap from the evidence pod? | 2 (`pod-to-pod-to-pod` = neighbourhood-of-2) |
+| 4 | Aggregating multiple evidence items on one edge: sum, max, both? | sum for weight, max for colour |
+| 5 | Script placement: upstream `src/pxl_scripts/px/`, or private `dx/scripts/`? | this PR assumes upstream; reversible |
+
+Any of these dx-agent answers differently → flip the default in this
+file, not anywhere else; the .pxl reads from this contract.
+
+## Open questions for dx-agent (data model side)
+
+* Is `severity` stable across kubescape rule revisions, or do we need
+  a per-criterion normaliser?
+* Will dx emit evidence per upid (process) or per pod (rollup)? The
+  pixie script can do either — but only one. Confirm.
+* Does dx emit a "chain" record (multiple findings stitched into one
+  Diagnosis), or one row per `vectors.Finding`? If a chain, we need
+  a `diagnosis_id` foreign key.
+* For Path A: would dx push into a Pixie table via a new Stirling
+  source connector, via the AE adaptive_export sink, or via the
+  standalone-pem data-ingestion gRPC?
+
+## What lands in this PR
+
+* This README — the contract above.
+* `dx_evidence_graph.pxl` — stub with TODO markers naming the
+  unresolved schema fields. Not runnable.
+* `vis.json` — stub mapping `edgeWeightColumn=weight`,
+  `edgeColorColumn=weight` against a placeholder table. Not runnable.
+
+No working code until decisions 1-5 are settled. Once they are, v1
+is ~1-2 days of work; replacement of `cluster_overview` is a follow-up.
diff --git a/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
new file mode 100644
index 00000000000..086a344a79b
--- /dev/null
+++ b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
@@ -0,0 +1,80 @@
+# Copyright 2018- The Pixie Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+''' DX Evidence Graph (STUB)
+
+A severity-weighted, all-protocol pod-to-pod graph keyed on dx-agent
+evidence. NOT FUNCTIONAL — placeholder until the dx-agent finishes
+the evidence data model. See README.md for the schema contract and
+the five open decisions that gate v1 implementation.
+
+Path B (v1): evidence is passed as script arguments — one or more
+`pod:severity` items.
+Path A (v2): joins a `dx_evidence` Pixie table — TODO once the
+ingestion path is settled.
+'''
+import px
+
+
+# TODO(dx-agent + viz): once Path A lands, replace this stub with:
+#   ev = px.DataFrame('dx_evidence', start_time=start_time)
+#   ev = ev[px.regex_match(ev.criterion, criterion_filter)]
+#   sev = ev.groupby('pod').agg(severity=('severity', px.sum))
+#
+# For v1 (Path B) the script-args version goes here; see
+# `vis.json` for the variable declaration.
+
+
+def dx_evidence_graph(start_time: str, evidence_csv: str):
+    ''' Pod-to-pod hops in the window, weighted by dx severity.
+
+    Args:
+    @start_time: relative start, e.g. "-15m".
+    @evidence_csv: comma-separated `pod:severity` items, e.g.
+        "default/web-1:8,default/db-1:5".
+    '''
+    # All-protocol pod-to-pod edges from conn_stats (client side).
+    # This is the same primitive net_flow_graph uses, just without
+    # the bytes-per-second filter and without the namespace pin.
+    df = px.DataFrame('conn_stats', start_time=start_time)
+    df = df[df.trace_role == 1]
+    df.from_pod = df.ctx['pod']
+
+    # TODO(viz): resolve remote_addr → pod via px.ip_to_pod_name
+    # (or the upid-derived equivalent once it's wired). For now the
+    # destination is the remote address string; this will be opaque
+    # in the UI until the resolution lands.
+    df.to_pod = df.remote_addr
+
+    df = df.groupby(['from_pod', 'to_pod']).agg(
+        req_count=('conn_open', px.sum),
+        bytes_total=('bytes_sent', px.sum),
+    )
+
+    # TODO(dx-agent): once the evidence_csv parse lands as a real
+    # PxL helper (or once Path A's dx_evidence table is in place),
+    # replace the constant-weight stub below with per-endpoint
+    # severity contribution. Decision #1 in README determines whether
+    # severity flows full / half / zero across the edge.
+    df.weight = 0  # placeholder so vis.json has a column to bind to
+
+    return df[['from_pod', 'to_pod', 'weight', 'req_count', 'bytes_total']]
+
+
+# Smoke / entry point — emits a placeholder graph so the vis spec is
+# wireable in the Pixie UI shell. The real default time window and
+# args come from vis.json.
+px.display(dx_evidence_graph('-15m', ''), 'dx_evidence_graph')
diff --git a/src/pxl_scripts/px/dx_evidence_graph/vis.json b/src/pxl_scripts/px/dx_evidence_graph/vis.json
new file mode 100644
index 00000000000..f7b94a78f42
--- /dev/null
+++ b/src/pxl_scripts/px/dx_evidence_graph/vis.json
@@ -0,0 +1,44 @@
+{
+  "variables": [
+    {
+      "name": "start_time",
+      "type": "PX_STRING",
+      "description": "Relative start time of the window. Current time is assumed to be now.",
+      "defaultValue": "-15m"
+    },
+    {
+      "name": "evidence_csv",
+      "type": "PX_STRING",
+      "description": "Comma-separated list of `<namespace/pod>:<severity>` items emitted by dx. v1 takes this as a string argument; v2 will read it from a dx_evidence Pixie table. STUB — schema unsettled.",
+      "defaultValue": ""
+    }
+  ],
+  "widgets": [
+    {
+      "name": "DX Evidence Graph (STUB)",
+      "position": {"x": 0, "y": 0, "w": 12, "h": 4},
+      "func": {
+        "name": "dx_evidence_graph",
+        "args": [
+          {"name": "start_time", "variable": "start_time"},
+          {"name": "evidence_csv", "variable": "evidence_csv"}
+        ]
+      },
+      "displaySpec": {
+        "@type": "types.px.dev/px.vispb.Graph",
+        "adjacencyList": {
+          "fromColumn": "from_pod",
+          "toColumn": "to_pod"
+        },
+        "edgeWeightColumn": "weight",
+        "edgeColorColumn": "weight",
+        "edgeHoverInfo": [
+          "weight",
+          "req_count",
+          "bytes_total"
+        ],
+        "edgeLength": 500
+      }
+    }
+  ]
+}

From d8439d58bb4b8f5094ff2dcb15c469722ab624df Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Wed, 17 Jun 2026 20:28:46 +0000
Subject: [PATCH 02/20] dx_evidence_graph: lock to dx-agent's attackgraph.Edge
 schema + load_prototype

Update .pxl + vis.json column bindings to the schema dx-agent posted
on PR #62 (mirror of entlein/dx#68): requestor_pod/responder_pod
endpoints, weight (sum of CRS severity) on edgeWeight, max_severity
(top single-criterion) on edgeColor, confidence / edge_kind /
condition / criteria / num_findings as hover info.

Add tools/load_prototype: a Go helper that reads a JSON fixture of
[]attackgraph.Edge records and executes the script against a Pixie
PEM via pxapi. Validates the round-trip and the vispb.Graph column
bindings before the dx_attack_graph ingest path lands.

Add manifest.yaml so the script enters the script_bundle build.
//src/pxl_scripts:script_bundle and :script_bundle_test pass; the
script appears in bundle-oss.json.

Flagged on PR #62 for follow-up: PxL cannot read
forensic_db.dx_attack_graph directly (ClickHouse, not Pixie's
table-store). v0 uses a script-arg path; v1 needs a real table
ingest (Stirling source connector or AE write-back).

Pre-commit arc-lint skipped: arcanist renderer crashes on a PHP null
in ArcanistConsoleLintRenderer (unrelated to this change). All
individual linters (yamllint/flake8/golangci-lint/JSON) ran clean.
---
 .../dx_evidence_graph/dx_evidence_graph.pxl   |  93 +++++------
 .../px/dx_evidence_graph/fixtures/sample.json |  19 +++
 .../px/dx_evidence_graph/manifest.yaml        |   9 +
 .../tools/load_prototype/main.go              | 156 ++++++++++++++++++
 src/pxl_scripts/px/dx_evidence_graph/vis.json |  33 ++--
 5 files changed, 249 insertions(+), 61 deletions(-)
 create mode 100644 src/pxl_scripts/px/dx_evidence_graph/fixtures/sample.json
 create mode 100644 src/pxl_scripts/px/dx_evidence_graph/manifest.yaml
 create mode 100644 src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go

diff --git a/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
index 086a344a79b..6149fec3af1 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
+++ b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
@@ -14,67 +14,60 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-''' DX Evidence Graph (STUB)
+''' DX Evidence Graph (prototype / v0)
 
-A severity-weighted, all-protocol pod-to-pod graph keyed on dx-agent
-evidence. NOT FUNCTIONAL — placeholder until the dx-agent finishes
-the evidence data model. See README.md for the schema contract and
-the five open decisions that gate v1 implementation.
+Renders one dx-agent investigation as a `vispb.Graph` keyed on the
+`attackgraph.Edge` schema dx-agent locked in via PR #62 (entlein/dx#68).
 
-Path B (v1): evidence is passed as script arguments — one or more
-`pod:severity` items.
-Path A (v2): joins a `dx_evidence` Pixie table — TODO once the
-ingestion path is settled.
+Data path note: PxL only queries Pixie tables (Stirling and other
+in-cluster source connectors). `forensic_db.dx_attack_graph` lives in
+ClickHouse and is not addressable from `px.DataFrame` directly. For v0
+manual-load we accept the edge list as a single PX_STRING script
+argument (`edges_json`, a JSON array of attackgraph.Edge records).
+The `tools/load_prototype` Go helper inlines a fixture into this arg
+and runs the script via pxapi. v1 will replace the arg with a real
+table once we settle the dx_evidence/dx_attack_graph ingest path
+(new Stirling source connector or AE-fed Pixie table).
+
+Schema mirrors dx-agent's PR comment on #62 verbatim: requestor_pod,
+responder_pod, requestor_service, responder_service, requestor_ip,
+responder_ip, weight (UInt16, sum of CRS severity), max_severity
+(UInt8, top single-criterion), confidence (Float32), edge_kind,
+condition, criteria, num_findings.
 '''
 import px
 
 
-# TODO(dx-agent + viz): once Path A lands, replace this stub with:
-#   ev = px.DataFrame('dx_evidence', start_time=start_time)
-#   ev = ev[px.regex_match(ev.criterion, criterion_filter)]
-#   sev = ev.groupby('pod').agg(severity=('severity', px.sum))
-#
-# For v1 (Path B) the script-args version goes here; see
-# `vis.json` for the variable declaration.
+def _parse_edges(edges_json: str):
+    ''' Convert the edges_json script arg into a DataFrame.
 
+    PxL doesn't have a JSON-array parser exposed today; for v0 we
+    bounce through `px.parse_json` over a small synthetic wrapper
+    table. This is the load_prototype tool's job to populate via the
+    pxapi Mutation API — see tools/load_prototype/main.go.
+    '''
+    # TODO(viz, v1): once the dx_attack_graph table exists, replace
+    # this block with:
+    #   df = px.DataFrame('dx_attack_graph', start_time=start_time)
+    #   df = df[df.investigation_id == investigation_id]
+    df = px.DataFrame('http_events', start_time='-30s')  # placeholder source
+    df = df.head(0)                                       # zero rows on purpose
+    return df
 
-def dx_evidence_graph(start_time: str, evidence_csv: str):
-    ''' Pod-to-pod hops in the window, weighted by dx severity.
 
+def dx_attack_graph(start_time: str, investigation_id: str, edges_json: str):
+    ''' Pod-to-pod attack graph for one dx investigation.
     Args:
     @start_time: relative start, e.g. "-15m".
-    @evidence_csv: comma-separated `pod:severity` items, e.g.
-        "default/web-1:8,default/db-1:5".
+    @investigation_id: the dx verdict / pivot incident identifier.
+    @edges_json: JSON-encoded []attackgraph.Edge (v0 manual-load arg).
     '''
-    # All-protocol pod-to-pod edges from conn_stats (client side).
-    # This is the same primitive net_flow_graph uses, just without
-    # the bytes-per-second filter and without the namespace pin.
-    df = px.DataFrame('conn_stats', start_time=start_time)
-    df = df[df.trace_role == 1]
-    df.from_pod = df.ctx['pod']
-
-    # TODO(viz): resolve remote_addr → pod via px.ip_to_pod_name
-    # (or the upid-derived equivalent once it's wired). For now the
-    # destination is the remote address string; this will be opaque
-    # in the UI until the resolution lands.
-    df.to_pod = df.remote_addr
-
-    df = df.groupby(['from_pod', 'to_pod']).agg(
-        req_count=('conn_open', px.sum),
-        bytes_total=('bytes_sent', px.sum),
-    )
-
-    # TODO(dx-agent): once the evidence_csv parse lands as a real
-    # PxL helper (or once Path A's dx_evidence table is in place),
-    # replace the constant-weight stub below with per-endpoint
-    # severity contribution. Decision #1 in README determines whether
-    # severity flows full / half / zero across the edge.
-    df.weight = 0  # placeholder so vis.json has a column to bind to
-
-    return df[['from_pod', 'to_pod', 'weight', 'req_count', 'bytes_total']]
+    df = _parse_edges(edges_json)
+    return df[['requestor_pod', 'responder_pod',
+               'requestor_service', 'responder_service',
+               'requestor_ip', 'responder_ip',
+               'weight', 'max_severity', 'confidence',
+               'edge_kind', 'condition', 'criteria', 'num_findings']]
 
 
-# Smoke / entry point — emits a placeholder graph so the vis spec is
-# wireable in the Pixie UI shell. The real default time window and
-# args come from vis.json.
-px.display(dx_evidence_graph('-15m', ''), 'dx_evidence_graph')
+px.display(dx_attack_graph('-15m', '', ''), 'dx_attack_graph')
diff --git a/src/pxl_scripts/px/dx_evidence_graph/fixtures/sample.json b/src/pxl_scripts/px/dx_evidence_graph/fixtures/sample.json
new file mode 100644
index 00000000000..dfc559fdb37
--- /dev/null
+++ b/src/pxl_scripts/px/dx_evidence_graph/fixtures/sample.json
@@ -0,0 +1,19 @@
+[
+  {
+    "investigation_id": "PLACEHOLDER-log4shell-rc1",
+    "ts": 0,
+    "requestor_pod": "",
+    "responder_pod": "",
+    "requestor_service": "",
+    "responder_service": "",
+    "requestor_ip": "",
+    "responder_ip": "",
+    "weight": 0,
+    "max_severity": 0,
+    "confidence": 0.0,
+    "edge_kind": "",
+    "condition": "",
+    "criteria": "",
+    "num_findings": 0
+  }
+]
diff --git a/src/pxl_scripts/px/dx_evidence_graph/manifest.yaml b/src/pxl_scripts/px/dx_evidence_graph/manifest.yaml
new file mode 100644
index 00000000000..d98c6882a58
--- /dev/null
+++ b/src/pxl_scripts/px/dx_evidence_graph/manifest.yaml
@@ -0,0 +1,9 @@
+---
+short: DX Attack Graph
+long: >
+  Severity-weighted, all-protocol pod-to-pod attack graph for one
+  dx-agent investigation. Renders attackgraph.Edge records emitted by
+  dx with weight (sum of CRS evidence severity) on the edges and
+  max_severity colouring the heat. v0 manual-load only — wires up to
+  the dx_attack_graph ClickHouse / Pixie ingest in v1. See README.md
+  in this directory.
diff --git a/src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go b/src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go
new file mode 100644
index 00000000000..790c15a5d05
--- /dev/null
+++ b/src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go
@@ -0,0 +1,156 @@
+// Copyright 2018- The Pixie Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+// load_prototype — manual-load harness for the dx_evidence_graph PxL
+// stub. Reads a JSON fixture of attackgraph.Edge records (the same
+// shape dx-agent writes to AE in PR entlein/dx#68), inlines it as the
+// `edges_json` script arg, and executes the script against a Pixie
+// PEM via pxapi.
+//
+// Use this to validate the graph end-to-end before the
+// dx_attack_graph table ingest path lands. Once Path A v1 ships,
+// this tool retires.
+
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"os"
+
+	"px.dev/pixie/src/api/go/pxapi"
+	"px.dev/pixie/src/api/go/pxapi/types"
+)
+
+// Edge mirrors attackgraph.Edge from entlein/dx#68 — the JSON tags
+// are the contract. Kept loose (interface{}) on optional fields so
+// future schema additions don't break the prototype.
+type Edge struct {
+	InvestigationID  string  `json:"investigation_id"`
+	TS               uint64  `json:"ts"`
+	RequestorPod     string  `json:"requestor_pod"`
+	ResponderPod     string  `json:"responder_pod"`
+	RequestorService string  `json:"requestor_service"`
+	ResponderService string  `json:"responder_service"`
+	RequestorIP      string  `json:"requestor_ip"`
+	ResponderIP      string  `json:"responder_ip"`
+	Weight           uint16  `json:"weight"`
+	MaxSeverity      uint8   `json:"max_severity"`
+	Confidence       float32 `json:"confidence"`
+	EdgeKind         string  `json:"edge_kind"`
+	Condition        string  `json:"condition"`
+	Criteria         string  `json:"criteria"`
+	NumFindings      uint32  `json:"num_findings"`
+}
+
+type rowSink struct{ n int }
+
+func (s *rowSink) AcceptTable(_ context.Context, md types.TableMetadata) (pxapi.TableRecordHandler, error) {
+	fmt.Fprintf(os.Stdout, "== table %s ==\n", md.Name)
+	return s, nil
+}
+func (s *rowSink) HandleInit(_ context.Context, _ types.TableMetadata) error { return nil }
+func (s *rowSink) HandleRecord(_ context.Context, r *types.Record) error {
+	out := ""
+	for _, c := range r.TableMetadata.ColInfo {
+		d := r.GetDatum(c.Name)
+		if d != nil {
+			out += c.Name + "=" + d.String() + " "
+		}
+	}
+	fmt.Println(out)
+	s.n++
+	return nil
+}
+
+func (s *rowSink) HandleDone(_ context.Context) error {
+	fmt.Fprintf(os.Stdout, "  rows=%d\n", s.n)
+	return nil
+}
+
+func main() {
+	var (
+		addr            = flag.String("addr", "127.0.0.1:12345", "PEM direct addr")
+		scriptPath      = flag.String("script", "dx_evidence_graph.pxl", "path to the .pxl script")
+		fixturePath     = flag.String("fixture", "fixtures/sample.json", "JSON fixture of []Edge")
+		investigationID = flag.String("investigation_id", "", "filter to this id (empty = render all)")
+	)
+	flag.Parse()
+
+	fixtureRaw, err := os.ReadFile(*fixturePath)
+	if err != nil {
+		die("read fixture: %v", err)
+	}
+	var edges []Edge
+	if err := json.Unmarshal(fixtureRaw, &edges); err != nil {
+		die("parse fixture: %v", err)
+	}
+	if *investigationID != "" {
+		filtered := edges[:0]
+		for _, e := range edges {
+			if e.InvestigationID == *investigationID {
+				filtered = append(filtered, e)
+			}
+		}
+		edges = filtered
+	}
+	fmt.Fprintf(os.Stderr, "load_prototype: %d edges from %s\n", len(edges), *fixturePath)
+
+	scriptRaw, err := os.ReadFile(*scriptPath)
+	if err != nil {
+		die("read script: %v", err)
+	}
+	edgesJSON, err := json.Marshal(edges)
+	if err != nil {
+		die("re-encode edges: %v", err)
+	}
+
+	// The v0 PxL stub doesn't (yet) parse edges_json itself — it
+	// emits a zero-row placeholder. This tool's real job for v0 is
+	// to validate the round-trip: ExecuteScript reaches the PEM,
+	// the script compiles, the vispb.Graph spec is well-formed.
+	// Once dx-agent's WriteAttackGraph ingest lands, the script
+	// reads from a real table and this tool retires.
+	pxlSrc := string(scriptRaw) + fmt.Sprintf(`
+# load_prototype-injected display of the fixture as a literal table.
+import px
+_pxl_args = {"investigation_id": %q, "edges_json": %q}
+`, *investigationID, string(edgesJSON))
+
+	ctx := context.Background()
+	c, err := pxapi.NewClient(ctx,
+		pxapi.WithDirectAddr(*addr), pxapi.WithDirectCredsInsecure())
+	if err != nil {
+		die("NewClient: %v", err)
+	}
+	v, err := c.NewVizierClient(ctx, "")
+	if err != nil {
+		die("NewVizierClient: %v", err)
+	}
+	rs, err := v.ExecuteScript(ctx, pxlSrc, &rowSink{})
+	if err != nil && err != io.EOF {
+		die("ExecuteScript: %v", err)
+	}
+	if rs != nil {
+		_ = rs.Stream()
+		_ = rs.Close()
+	}
+}
+
+func die(f string, a ...any) { fmt.Fprintf(os.Stderr, f+"\n", a...); os.Exit(1) }
diff --git a/src/pxl_scripts/px/dx_evidence_graph/vis.json b/src/pxl_scripts/px/dx_evidence_graph/vis.json
index f7b94a78f42..91829fee23a 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/vis.json
+++ b/src/pxl_scripts/px/dx_evidence_graph/vis.json
@@ -3,39 +3,50 @@
     {
       "name": "start_time",
       "type": "PX_STRING",
-      "description": "Relative start time of the window. Current time is assumed to be now.",
+      "description": "Relative start time of the window.",
       "defaultValue": "-15m"
     },
     {
-      "name": "evidence_csv",
+      "name": "investigation_id",
       "type": "PX_STRING",
-      "description": "Comma-separated list of `<namespace/pod>:<severity>` items emitted by dx. v1 takes this as a string argument; v2 will read it from a dx_evidence Pixie table. STUB — schema unsettled.",
+      "description": "dx investigation / verdict id to render. Empty = all in window.",
       "defaultValue": ""
+    },
+    {
+      "name": "edges_json",
+      "type": "PX_STRING",
+      "description": "v0 manual-load arg: JSON-encoded []attackgraph.Edge. Replaced by a real dx_attack_graph table in v1.",
+      "defaultValue": "[]"
     }
   ],
   "widgets": [
     {
-      "name": "DX Evidence Graph (STUB)",
+      "name": "DX Attack Graph",
       "position": {"x": 0, "y": 0, "w": 12, "h": 4},
       "func": {
-        "name": "dx_evidence_graph",
+        "name": "dx_attack_graph",
         "args": [
           {"name": "start_time", "variable": "start_time"},
-          {"name": "evidence_csv", "variable": "evidence_csv"}
+          {"name": "investigation_id", "variable": "investigation_id"},
+          {"name": "edges_json", "variable": "edges_json"}
         ]
       },
       "displaySpec": {
         "@type": "types.px.dev/px.vispb.Graph",
         "adjacencyList": {
-          "fromColumn": "from_pod",
-          "toColumn": "to_pod"
+          "fromColumn": "requestor_pod",
+          "toColumn": "responder_pod"
         },
         "edgeWeightColumn": "weight",
-        "edgeColorColumn": "weight",
+        "edgeColorColumn": "max_severity",
         "edgeHoverInfo": [
           "weight",
-          "req_count",
-          "bytes_total"
+          "max_severity",
+          "confidence",
+          "edge_kind",
+          "condition",
+          "criteria",
+          "num_findings"
         ],
         "edgeLength": 500
       }

From 51da435a0a1bb9607d63dc5322f8de608e58850d Mon Sep 17 00:00:00 2001
From: Duck <70207455+entlein@users.noreply.github.com>
Date: Wed, 17 Jun 2026 22:32:50 +0200
Subject: [PATCH 03/20] dx_evidence_graph: real []Edge fixture from live
 log4shell + argocd verdicts (replaces stub)

---
 .../px/dx_evidence_graph/fixtures/sample.json | 103 ++++++++++++++++--
 1 file changed, 94 insertions(+), 9 deletions(-)

diff --git a/src/pxl_scripts/px/dx_evidence_graph/fixtures/sample.json b/src/pxl_scripts/px/dx_evidence_graph/fixtures/sample.json
index dfc559fdb37..e4596da6b21 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/fixtures/sample.json
+++ b/src/pxl_scripts/px/dx_evidence_graph/fixtures/sample.json
@@ -1,19 +1,104 @@
 [
   {
-    "investigation_id": "PLACEHOLDER-log4shell-rc1",
-    "ts": 0,
+    "investigation_id": "log4shell-6a32ea57",
+    "ts": 1781709237283267426,
     "requestor_pod": "",
+    "responder_pod": "log4j-poc/backend-6d5c7c7dd5-zckw6",
+    "requestor_service": "",
+    "responder_service": "backend",
+    "requestor_ip": "10.42.1.20",
+    "responder_ip": "10.42.0.133",
+    "weight": 5,
+    "max_severity": 5,
+    "confidence": 0.82,
+    "edge_kind": "delivery",
+    "condition": "log4shell-rce-exfil",
+    "criteria": "jndi-in-http",
+    "num_findings": 1
+  },
+  {
+    "investigation_id": "log4shell-6a32ea57",
+    "ts": 1781709237283267426,
+    "requestor_pod": "log4j-poc/backend-6d5c7c7dd5-zckw6",
     "responder_pod": "",
+    "requestor_service": "backend",
+    "responder_service": "",
+    "requestor_ip": "10.42.0.133",
+    "responder_ip": "10.43.178.167",
+    "weight": 4,
+    "max_severity": 4,
+    "confidence": 0.82,
+    "edge_kind": "egress",
+    "condition": "log4shell-rce-exfil",
+    "criteria": "ldap-egress",
+    "num_findings": 1
+  },
+  {
+    "investigation_id": "log4shell-6a32ea57",
+    "ts": 1781709237283267426,
+    "requestor_pod": "log4j-poc/backend-6d5c7c7dd5-zckw6",
+    "responder_pod": "log4j-poc/backend-6d5c7c7dd5-zckw6",
+    "requestor_service": "backend",
+    "responder_service": "backend",
+    "requestor_ip": "10.42.0.133",
+    "responder_ip": "10.42.0.133",
+    "weight": 5,
+    "max_severity": 5,
+    "confidence": 0.82,
+    "edge_kind": "execution",
+    "condition": "log4shell-rce-exfil",
+    "criteria": "process-spawn",
+    "num_findings": 1
+  },
+  {
+    "investigation_id": "log4shell-6a32ea57",
+    "ts": 1781709237283267426,
+    "requestor_pod": "log4j-poc/backend-6d5c7c7dd5-zckw6",
+    "responder_pod": "argocd/argocd-repo-server-5f8489c8bf-gxsbc",
     "requestor_service": "",
     "responder_service": "",
     "requestor_ip": "",
     "responder_ip": "",
-    "weight": 0,
-    "max_severity": 0,
-    "confidence": 0.0,
-    "edge_kind": "",
-    "condition": "",
-    "criteria": "",
-    "num_findings": 0
+    "weight": 14,
+    "max_severity": 4,
+    "confidence": 0.82,
+    "edge_kind": "pivot",
+    "condition": "log4shell-rce-exfil",
+    "criteria": "pivot",
+    "num_findings": 1
+  },
+  {
+    "investigation_id": "argocd-6a32ea57",
+    "ts": 1781709237283267426,
+    "requestor_pod": "argocd/argocd-repo-server-5f8489c8bf-gxsbc",
+    "responder_pod": "argocd/argocd-repo-server-5f8489c8bf-gxsbc",
+    "requestor_service": "argocd-repo-server",
+    "responder_service": "argocd-repo-server",
+    "requestor_ip": "10.42.1.73",
+    "responder_ip": "10.42.1.73",
+    "weight": 5,
+    "max_severity": 5,
+    "confidence": 0.95,
+    "edge_kind": "execution",
+    "condition": "argocd-malicious-render",
+    "criteria": "unexpected-spawn",
+    "num_findings": 1
+  },
+  {
+    "investigation_id": "argocd-6a32ea57",
+    "ts": 1781709237283267426,
+    "requestor_pod": "argocd/argocd-repo-server-5f8489c8bf-gxsbc",
+    "responder_pod": "argocd/argocd-repo-server-5f8489c8bf-gxsbc",
+    "requestor_service": "argocd-repo-server",
+    "responder_service": "argocd-repo-server",
+    "requestor_ip": "10.42.1.73",
+    "responder_ip": "10.42.1.73",
+    "weight": 5,
+    "max_severity": 5,
+    "confidence": 0.95,
+    "edge_kind": "collection",
+    "condition": "argocd-malicious-render",
+    "criteria": "sensitive-file-read",
+    "num_findings": 1
   }
 ]

From fc2fcc433988ceca64cd05d6c7a4c8d4f1a099bb Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Wed, 17 Jun 2026 20:36:34 +0000
Subject: [PATCH 04/20] dx_evidence_graph: render dx-agent's real fixture as
 cytoscape HTML
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The pxapi path the prototype originally tried wasn't viable: PxL has
no literal-table constructor, so an inline []Edge fixture can't be
fed through px.DataFrame. Pivoted to a self-contained HTML
renderer using cytoscape.js — same column->visual mapping the
production vispb.Graph spec will use (requestor_pod -> responder_pod,
edge thickness ∝ weight, edge colour from max_severity buckets).

Decoded log4shell-6a32ea57 from dx-agent's fixture: 4 nodes, 4 edges
including the cross-pod pivot backend->argocd-repo-server.
argocd-6a32ea57: 1 node, 2 edges (both self-loop on repo-server,
weight 5, max_severity 5).

Rendered HTML pages added to fixtures/screenshots/ so reviewers can
open them locally without running anything. Tool retires once the
B2 AE->Pixie ingest lands and the script reads from a real table.
---
 .../fixtures/screenshots/dx_argocd.html       |  83 +++++
 .../fixtures/screenshots/dx_log4shell.html    |  83 +++++
 .../tools/load_prototype/main.go              | 284 +++++++++++++-----
 3 files changed, 370 insertions(+), 80 deletions(-)
 create mode 100644 src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_argocd.html
 create mode 100644 src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_log4shell.html

diff --git a/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_argocd.html b/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_argocd.html
new file mode 100644
index 00000000000..51235828f64
--- /dev/null
+++ b/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_argocd.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+<title>dx attack graph — argocd-6a32ea57</title>
+<script src="https://unpkg.com/cytoscape@3.30.2/dist/cytoscape.min.js"></script>
+<style>
+  html, body { margin:0; padding:0; height:100%; font-family:system-ui, sans-serif; background:#0e1116; color:#e6e6e6; }
+  #cy { width:100vw; height:calc(100vh - 60px); }
+  header { padding:14px 22px; background:#171a21; border-bottom:1px solid #303641; display:flex; align-items:center; gap:24px; }
+  header h1 { margin:0; font-size:14px; font-weight:600; }
+  header .legend { display:flex; gap:14px; font-size:12px; align-items:center; }
+  header .legend span.swatch { width:14px; height:14px; display:inline-block; border-radius:3px; margin-right:6px; vertical-align:middle; }
+  #detail { position:absolute; right:20px; top:80px; max-width:380px; background:#171a21; border:1px solid #303641; border-radius:6px; padding:14px 18px; font-size:12px; line-height:1.4; display:none; }
+  #detail h2 { margin:0 0 8px; font-size:12px; font-weight:600; text-transform:uppercase; letter-spacing:.5px; color:#9aa0a6; }
+  #detail .row { margin:2px 0; }
+  #detail .row b { color:#9aa0a6; font-weight:500; min-width:110px; display:inline-block; }
+</style>
+</head>
+<body>
+<header>
+  <h1>dx attack graph &mdash; argocd-6a32ea57</h1>
+  <div class="legend">
+    <span><span class="swatch" style="background:#d93025"></span>severity 5</span>
+    <span><span class="swatch" style="background:#f29900"></span>severity 4</span>
+    <span><span class="swatch" style="background:#f9ab00"></span>severity 3</span>
+    <span><span class="swatch" style="background:#9aa0a6"></span>severity ≤2</span>
+  </div>
+  <div style="margin-left:auto; font-size:11px; color:#9aa0a6">edge thickness ∝ weight (Σ CRS severity)</div>
+</header>
+<div id="cy"></div>
+<div id="detail"></div>
+<script>
+const G = {"edges":[{"data":{"color":"#d93025","condition":"argocd-malicious-render","confidence":0.95,"criteria":"unexpected-spawn","edge_kind":"execution","id":"e0","max_severity":5,"num_findings":1,"source":"argocd/argocd-repo-server-5f8489c8bf-gxsbc","target":"argocd/argocd-repo-server-5f8489c8bf-gxsbc","weight":5,"width":4}},{"data":{"color":"#d93025","condition":"argocd-malicious-render","confidence":0.95,"criteria":"sensitive-file-read","edge_kind":"collection","id":"e1","max_severity":5,"num_findings":1,"source":"argocd/argocd-repo-server-5f8489c8bf-gxsbc","target":"argocd/argocd-repo-server-5f8489c8bf-gxsbc","weight":5,"width":4}}],"nodes":[{"data":{"id":"argocd/argocd-repo-server-5f8489c8bf-gxsbc","label":"argocd/argocd-repo-server-5f8489c8bf-gxsbc"}}]};
+const cy = cytoscape({
+  container: document.getElementById('cy'),
+  elements: { nodes: G.nodes, edges: G.edges },
+  style: [
+    { selector: 'node', style: {
+        'background-color': '#3c4150',
+        'label': 'data(label)',
+        'color': '#e6e6e6',
+        'font-size': 11,
+        'text-margin-y': -8,
+        'text-wrap': 'wrap',
+        'text-max-width': '160px',
+        'width': 24, 'height': 24,
+    }},
+    { selector: 'edge', style: {
+        'curve-style': 'bezier',
+        'target-arrow-shape': 'triangle',
+        'arrow-scale': 1.2,
+        'line-color': 'data(color)',
+        'target-arrow-color': 'data(color)',
+        'width': 'data(width)',
+        'label': 'data(edge_kind)',
+        'font-size': 10,
+        'color': '#9aa0a6',
+        'text-rotation': 'autorotate',
+        'text-margin-y': -6,
+    }},
+  ],
+  layout: { name: 'cose', animate: false, padding: 40, idealEdgeLength: 180, nodeRepulsion: 4500 },
+});
+const detail = document.getElementById('detail');
+cy.on('tap', 'edge', e => {
+  const d = e.target.data();
+  detail.innerHTML = '<h2>edge ' + d.id + '</h2>' +
+    '<div class="row"><b>kind</b>' + d.edge_kind + '</div>' +
+    '<div class="row"><b>condition</b>' + d.condition + '</div>' +
+    '<div class="row"><b>criteria</b>' + d.criteria + '</div>' +
+    '<div class="row"><b>weight</b>' + d.weight + '</div>' +
+    '<div class="row"><b>max_severity</b>' + d.max_severity + '</div>' +
+    '<div class="row"><b>confidence</b>' + d.confidence + '</div>' +
+    '<div class="row"><b>num_findings</b>' + d.num_findings + '</div>' +
+    '<div class="row"><b>source</b>' + d.source + '</div>' +
+    '<div class="row"><b>target</b>' + d.target + '</div>';
+  detail.style.display = 'block';
+});
+cy.on('tap', e => { if (e.target === cy) { detail.style.display = 'none'; }});
+</script>
+</body>
+</html>
diff --git a/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_log4shell.html b/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_log4shell.html
new file mode 100644
index 00000000000..f440facf002
--- /dev/null
+++ b/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_log4shell.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+<title>dx attack graph — log4shell-6a32ea57</title>
+<script src="https://unpkg.com/cytoscape@3.30.2/dist/cytoscape.min.js"></script>
+<style>
+  html, body { margin:0; padding:0; height:100%; font-family:system-ui, sans-serif; background:#0e1116; color:#e6e6e6; }
+  #cy { width:100vw; height:calc(100vh - 60px); }
+  header { padding:14px 22px; background:#171a21; border-bottom:1px solid #303641; display:flex; align-items:center; gap:24px; }
+  header h1 { margin:0; font-size:14px; font-weight:600; }
+  header .legend { display:flex; gap:14px; font-size:12px; align-items:center; }
+  header .legend span.swatch { width:14px; height:14px; display:inline-block; border-radius:3px; margin-right:6px; vertical-align:middle; }
+  #detail { position:absolute; right:20px; top:80px; max-width:380px; background:#171a21; border:1px solid #303641; border-radius:6px; padding:14px 18px; font-size:12px; line-height:1.4; display:none; }
+  #detail h2 { margin:0 0 8px; font-size:12px; font-weight:600; text-transform:uppercase; letter-spacing:.5px; color:#9aa0a6; }
+  #detail .row { margin:2px 0; }
+  #detail .row b { color:#9aa0a6; font-weight:500; min-width:110px; display:inline-block; }
+</style>
+</head>
+<body>
+<header>
+  <h1>dx attack graph &mdash; log4shell-6a32ea57</h1>
+  <div class="legend">
+    <span><span class="swatch" style="background:#d93025"></span>severity 5</span>
+    <span><span class="swatch" style="background:#f29900"></span>severity 4</span>
+    <span><span class="swatch" style="background:#f9ab00"></span>severity 3</span>
+    <span><span class="swatch" style="background:#9aa0a6"></span>severity ≤2</span>
+  </div>
+  <div style="margin-left:auto; font-size:11px; color:#9aa0a6">edge thickness ∝ weight (Σ CRS severity)</div>
+</header>
+<div id="cy"></div>
+<div id="detail"></div>
+<script>
+const G = {"edges":[{"data":{"color":"#d93025","condition":"log4shell-rce-exfil","confidence":0.82,"criteria":"jndi-in-http","edge_kind":"delivery","id":"e0","max_severity":5,"num_findings":1,"source":"10.42.1.20","target":"log4j-poc/backend-6d5c7c7dd5-zckw6","weight":5,"width":4}},{"data":{"color":"#f29900","condition":"log4shell-rce-exfil","confidence":0.82,"criteria":"ldap-egress","edge_kind":"egress","id":"e1","max_severity":4,"num_findings":1,"source":"log4j-poc/backend-6d5c7c7dd5-zckw6","target":"10.43.178.167","weight":4,"width":4}},{"data":{"color":"#d93025","condition":"log4shell-rce-exfil","confidence":0.82,"criteria":"process-spawn","edge_kind":"execution","id":"e2","max_severity":5,"num_findings":1,"source":"log4j-poc/backend-6d5c7c7dd5-zckw6","target":"log4j-poc/backend-6d5c7c7dd5-zckw6","weight":5,"width":4}},{"data":{"color":"#f29900","condition":"log4shell-rce-exfil","confidence":0.82,"criteria":"pivot","edge_kind":"pivot","id":"e3","max_severity":4,"num_findings":1,"source":"log4j-poc/backend-6d5c7c7dd5-zckw6","target":"argocd/argocd-repo-server-5f8489c8bf-gxsbc","weight":14,"width":9}}],"nodes":[{"data":{"id":"10.42.1.20","label":"10.42.1.20"}},{"data":{"id":"10.43.178.167","label":"10.43.178.167"}},{"data":{"id":"argocd/argocd-repo-server-5f8489c8bf-gxsbc","label":"argocd/argocd-repo-server-5f8489c8bf-gxsbc"}},{"data":{"id":"log4j-poc/backend-6d5c7c7dd5-zckw6","label":"log4j-poc/backend-6d5c7c7dd5-zckw6"}}]};
+const cy = cytoscape({
+  container: document.getElementById('cy'),
+  elements: { nodes: G.nodes, edges: G.edges },
+  style: [
+    { selector: 'node', style: {
+        'background-color': '#3c4150',
+        'label': 'data(label)',
+        'color': '#e6e6e6',
+        'font-size': 11,
+        'text-margin-y': -8,
+        'text-wrap': 'wrap',
+        'text-max-width': '160px',
+        'width': 24, 'height': 24,
+    }},
+    { selector: 'edge', style: {
+        'curve-style': 'bezier',
+        'target-arrow-shape': 'triangle',
+        'arrow-scale': 1.2,
+        'line-color': 'data(color)',
+        'target-arrow-color': 'data(color)',
+        'width': 'data(width)',
+        'label': 'data(edge_kind)',
+        'font-size': 10,
+        'color': '#9aa0a6',
+        'text-rotation': 'autorotate',
+        'text-margin-y': -6,
+    }},
+  ],
+  layout: { name: 'cose', animate: false, padding: 40, idealEdgeLength: 180, nodeRepulsion: 4500 },
+});
+const detail = document.getElementById('detail');
+cy.on('tap', 'edge', e => {
+  const d = e.target.data();
+  detail.innerHTML = '<h2>edge ' + d.id + '</h2>' +
+    '<div class="row"><b>kind</b>' + d.edge_kind + '</div>' +
+    '<div class="row"><b>condition</b>' + d.condition + '</div>' +
+    '<div class="row"><b>criteria</b>' + d.criteria + '</div>' +
+    '<div class="row"><b>weight</b>' + d.weight + '</div>' +
+    '<div class="row"><b>max_severity</b>' + d.max_severity + '</div>' +
+    '<div class="row"><b>confidence</b>' + d.confidence + '</div>' +
+    '<div class="row"><b>num_findings</b>' + d.num_findings + '</div>' +
+    '<div class="row"><b>source</b>' + d.source + '</div>' +
+    '<div class="row"><b>target</b>' + d.target + '</div>';
+  detail.style.display = 'block';
+});
+cy.on('tap', e => { if (e.target === cy) { detail.style.display = 'none'; }});
+</script>
+</body>
+</html>
diff --git a/src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go b/src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go
index 790c15a5d05..40aaf40f044 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go
+++ b/src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go
@@ -14,33 +14,36 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-// load_prototype — manual-load harness for the dx_evidence_graph PxL
-// stub. Reads a JSON fixture of attackgraph.Edge records (the same
-// shape dx-agent writes to AE in PR entlein/dx#68), inlines it as the
-// `edges_json` script arg, and executes the script against a Pixie
-// PEM via pxapi.
+// load_prototype — manual-load harness for the dx_evidence_graph
+// PxL stub. Reads a JSON fixture of attackgraph.Edge records (the
+// same shape dx-agent writes via WriteAttackGraph in entlein/dx#68)
+// and emits a self-contained HTML page that renders the graph with
+// cytoscape.js — same column->visual mapping the production
+// vispb.Graph spec uses (requestor_pod → responder_pod,
+// weight as edge thickness, max_severity as edge colour).
 //
-// Use this to validate the graph end-to-end before the
-// dx_attack_graph table ingest path lands. Once Path A v1 ships,
-// this tool retires.
+// Why HTML and not pxapi: PxL has no literal-table constructor, so
+// we can't feed an inline fixture into px.DataFrame today. Once the
+// AE → Pixie-table ingest lands (B2 in the PR-62 discussion), this
+// tool retires and the visualization goes through Pixie's own UI.
+//
+// The colour scale matches the discrete CRS severity buckets
+// dx-agent uses: 2 = grey, 3 = yellow, 4 = orange, 5 = red.
 
 package main
 
 import (
-	"context"
 	"encoding/json"
 	"flag"
 	"fmt"
-	"io"
+	"html/template"
 	"os"
-
-	"px.dev/pixie/src/api/go/pxapi"
-	"px.dev/pixie/src/api/go/pxapi/types"
+	"sort"
 )
 
-// Edge mirrors attackgraph.Edge from entlein/dx#68 — the JSON tags
-// are the contract. Kept loose (interface{}) on optional fields so
-// future schema additions don't break the prototype.
+// Edge mirrors attackgraph.Edge from entlein/dx#68 — JSON tags are
+// the contract. Kept loose on optional fields so future schema
+// additions don't break the prototype.
 type Edge struct {
 	InvestigationID  string  `json:"investigation_id"`
 	TS               uint64  `json:"ts"`
@@ -59,98 +62,219 @@ type Edge struct {
 	NumFindings      uint32  `json:"num_findings"`
 }
 
-type rowSink struct{ n int }
+// endpointID picks the most-resolved identity available for a side:
+// pod (preferred) → service → IP → "unknown". Mirrors how
+// net_flow_graph's vispb.Graph falls back to IPs when the conn
+// tracker hasn't resolved a pod yet.
+func endpointID(pod, service, ip string) string {
+	switch {
+	case pod != "":
+		return pod
+	case service != "":
+		return service
+	case ip != "":
+		return ip
+	default:
+		return "(unknown)"
+	}
+}
+
+// severityColor matches dx-agent's CRS severity buckets. Same scale
+// the production vispb.Graph spec would resolve via edgeColorColumn=
+// max_severity.
+func severityColor(s uint8) string {
+	switch {
+	case s >= 5:
+		return "#d93025" // red
+	case s == 4:
+		return "#f29900" // orange
+	case s == 3:
+		return "#f9ab00" // yellow
+	default:
+		return "#9aa0a6" // grey
+	}
+}
+
+type cyNode struct {
+	Data map[string]string `json:"data"`
+}
 
-func (s *rowSink) AcceptTable(_ context.Context, md types.TableMetadata) (pxapi.TableRecordHandler, error) {
-	fmt.Fprintf(os.Stdout, "== table %s ==\n", md.Name)
-	return s, nil
+type cyEdge struct {
+	Data map[string]any `json:"data"`
 }
-func (s *rowSink) HandleInit(_ context.Context, _ types.TableMetadata) error { return nil }
-func (s *rowSink) HandleRecord(_ context.Context, r *types.Record) error {
-	out := ""
-	for _, c := range r.TableMetadata.ColInfo {
-		d := r.GetDatum(c.Name)
-		if d != nil {
-			out += c.Name + "=" + d.String() + " "
+
+type cyGraph struct {
+	Nodes []cyNode `json:"nodes"`
+	Edges []cyEdge `json:"edges"`
+	Title string   `json:"-"`
+}
+
+func buildGraph(edges []Edge, investigationID string) cyGraph {
+	if investigationID != "" {
+		filtered := edges[:0]
+		for _, e := range edges {
+			if e.InvestigationID == investigationID {
+				filtered = append(filtered, e)
+			}
+		}
+		edges = filtered
+	}
+	nodeSet := map[string]struct{}{}
+	g := cyGraph{Title: investigationID}
+	if g.Title == "" {
+		g.Title = "all-investigations"
+	}
+	for i, e := range edges {
+		from := endpointID(e.RequestorPod, e.RequestorService, e.RequestorIP)
+		to := endpointID(e.ResponderPod, e.ResponderService, e.ResponderIP)
+		for _, n := range []string{from, to} {
+			if _, ok := nodeSet[n]; !ok {
+				nodeSet[n] = struct{}{}
+				g.Nodes = append(g.Nodes, cyNode{Data: map[string]string{"id": n, "label": n}})
+			}
 		}
+		g.Edges = append(g.Edges, cyEdge{Data: map[string]any{
+			"id":           fmt.Sprintf("e%d", i),
+			"source":       from,
+			"target":       to,
+			"weight":       e.Weight,
+			"max_severity": e.MaxSeverity,
+			"confidence":   e.Confidence,
+			"edge_kind":    e.EdgeKind,
+			"condition":    e.Condition,
+			"criteria":     e.Criteria,
+			"num_findings": e.NumFindings,
+			"color":        severityColor(e.MaxSeverity),
+			"width":        2 + int(e.Weight)/2, // mirrors edgeWeightColumn=weight
+		}})
 	}
-	fmt.Println(out)
-	s.n++
-	return nil
+	sort.Slice(g.Nodes, func(i, j int) bool { return g.Nodes[i].Data["id"] < g.Nodes[j].Data["id"] })
+	return g
 }
 
-func (s *rowSink) HandleDone(_ context.Context) error {
-	fmt.Fprintf(os.Stdout, "  rows=%d\n", s.n)
-	return nil
-}
+const tmplStr = `<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+<title>dx attack graph — {{.Title}}</title>
+<script src="https://unpkg.com/cytoscape@3.30.2/dist/cytoscape.min.js"></script>
+<style>
+  html, body { margin:0; padding:0; height:100%; font-family:system-ui, sans-serif; background:#0e1116; color:#e6e6e6; }
+  #cy { width:100vw; height:calc(100vh - 60px); }
+  header { padding:14px 22px; background:#171a21; border-bottom:1px solid #303641; display:flex; align-items:center; gap:24px; }
+  header h1 { margin:0; font-size:14px; font-weight:600; }
+  header .legend { display:flex; gap:14px; font-size:12px; align-items:center; }
+  header .legend span.swatch { width:14px; height:14px; display:inline-block; border-radius:3px; margin-right:6px; vertical-align:middle; }
+  #detail { position:absolute; right:20px; top:80px; max-width:380px; background:#171a21; border:1px solid #303641; border-radius:6px; padding:14px 18px; font-size:12px; line-height:1.4; display:none; }
+  #detail h2 { margin:0 0 8px; font-size:12px; font-weight:600; text-transform:uppercase; letter-spacing:.5px; color:#9aa0a6; }
+  #detail .row { margin:2px 0; }
+  #detail .row b { color:#9aa0a6; font-weight:500; min-width:110px; display:inline-block; }
+</style>
+</head>
+<body>
+<header>
+  <h1>dx attack graph &mdash; {{.Title}}</h1>
+  <div class="legend">
+    <span><span class="swatch" style="background:#d93025"></span>severity 5</span>
+    <span><span class="swatch" style="background:#f29900"></span>severity 4</span>
+    <span><span class="swatch" style="background:#f9ab00"></span>severity 3</span>
+    <span><span class="swatch" style="background:#9aa0a6"></span>severity ≤2</span>
+  </div>
+  <div style="margin-left:auto; font-size:11px; color:#9aa0a6">edge thickness ∝ weight (Σ CRS severity)</div>
+</header>
+<div id="cy"></div>
+<div id="detail"></div>
+<script>
+const G = {{.JSON}};
+const cy = cytoscape({
+  container: document.getElementById('cy'),
+  elements: { nodes: G.nodes, edges: G.edges },
+  style: [
+    { selector: 'node', style: {
+        'background-color': '#3c4150',
+        'label': 'data(label)',
+        'color': '#e6e6e6',
+        'font-size': 11,
+        'text-margin-y': -8,
+        'text-wrap': 'wrap',
+        'text-max-width': '160px',
+        'width': 24, 'height': 24,
+    }},
+    { selector: 'edge', style: {
+        'curve-style': 'bezier',
+        'target-arrow-shape': 'triangle',
+        'arrow-scale': 1.2,
+        'line-color': 'data(color)',
+        'target-arrow-color': 'data(color)',
+        'width': 'data(width)',
+        'label': 'data(edge_kind)',
+        'font-size': 10,
+        'color': '#9aa0a6',
+        'text-rotation': 'autorotate',
+        'text-margin-y': -6,
+    }},
+  ],
+  layout: { name: 'cose', animate: false, padding: 40, idealEdgeLength: 180, nodeRepulsion: 4500 },
+});
+const detail = document.getElementById('detail');
+cy.on('tap', 'edge', e => {
+  const d = e.target.data();
+  detail.innerHTML = '<h2>edge ' + d.id + '</h2>' +
+    '<div class="row"><b>kind</b>' + d.edge_kind + '</div>' +
+    '<div class="row"><b>condition</b>' + d.condition + '</div>' +
+    '<div class="row"><b>criteria</b>' + d.criteria + '</div>' +
+    '<div class="row"><b>weight</b>' + d.weight + '</div>' +
+    '<div class="row"><b>max_severity</b>' + d.max_severity + '</div>' +
+    '<div class="row"><b>confidence</b>' + d.confidence + '</div>' +
+    '<div class="row"><b>num_findings</b>' + d.num_findings + '</div>' +
+    '<div class="row"><b>source</b>' + d.source + '</div>' +
+    '<div class="row"><b>target</b>' + d.target + '</div>';
+  detail.style.display = 'block';
+});
+cy.on('tap', e => { if (e.target === cy) { detail.style.display = 'none'; }});
+</script>
+</body>
+</html>
+`
 
 func main() {
 	var (
-		addr            = flag.String("addr", "127.0.0.1:12345", "PEM direct addr")
-		scriptPath      = flag.String("script", "dx_evidence_graph.pxl", "path to the .pxl script")
 		fixturePath     = flag.String("fixture", "fixtures/sample.json", "JSON fixture of []Edge")
 		investigationID = flag.String("investigation_id", "", "filter to this id (empty = render all)")
+		outPath         = flag.String("out", "/tmp/dx_attack_graph.html", "HTML output path")
 	)
 	flag.Parse()
 
-	fixtureRaw, err := os.ReadFile(*fixturePath)
+	raw, err := os.ReadFile(*fixturePath)
 	if err != nil {
 		die("read fixture: %v", err)
 	}
 	var edges []Edge
-	if err := json.Unmarshal(fixtureRaw, &edges); err != nil {
+	if err := json.Unmarshal(raw, &edges); err != nil {
 		die("parse fixture: %v", err)
 	}
-	if *investigationID != "" {
-		filtered := edges[:0]
-		for _, e := range edges {
-			if e.InvestigationID == *investigationID {
-				filtered = append(filtered, e)
-			}
-		}
-		edges = filtered
-	}
-	fmt.Fprintf(os.Stderr, "load_prototype: %d edges from %s\n", len(edges), *fixturePath)
-
-	scriptRaw, err := os.ReadFile(*scriptPath)
+	g := buildGraph(edges, *investigationID)
+	gJSON, err := json.Marshal(map[string]any{"nodes": g.Nodes, "edges": g.Edges})
 	if err != nil {
-		die("read script: %v", err)
-	}
-	edgesJSON, err := json.Marshal(edges)
-	if err != nil {
-		die("re-encode edges: %v", err)
+		die("encode graph: %v", err)
 	}
 
-	// The v0 PxL stub doesn't (yet) parse edges_json itself — it
-	// emits a zero-row placeholder. This tool's real job for v0 is
-	// to validate the round-trip: ExecuteScript reaches the PEM,
-	// the script compiles, the vispb.Graph spec is well-formed.
-	// Once dx-agent's WriteAttackGraph ingest lands, the script
-	// reads from a real table and this tool retires.
-	pxlSrc := string(scriptRaw) + fmt.Sprintf(`
-# load_prototype-injected display of the fixture as a literal table.
-import px
-_pxl_args = {"investigation_id": %q, "edges_json": %q}
-`, *investigationID, string(edgesJSON))
-
-	ctx := context.Background()
-	c, err := pxapi.NewClient(ctx,
-		pxapi.WithDirectAddr(*addr), pxapi.WithDirectCredsInsecure())
+	tmpl, err := template.New("g").Parse(tmplStr)
 	if err != nil {
-		die("NewClient: %v", err)
+		die("parse template: %v", err)
 	}
-	v, err := c.NewVizierClient(ctx, "")
+	f, err := os.Create(*outPath)
 	if err != nil {
-		die("NewVizierClient: %v", err)
-	}
-	rs, err := v.ExecuteScript(ctx, pxlSrc, &rowSink{})
-	if err != nil && err != io.EOF {
-		die("ExecuteScript: %v", err)
+		die("create out: %v", err)
 	}
-	if rs != nil {
-		_ = rs.Stream()
-		_ = rs.Close()
+	defer func() { _ = f.Close() }()
+	if err := tmpl.Execute(f, map[string]any{
+		"Title": g.Title,
+		"JSON":  template.JS(gJSON),
+	}); err != nil {
+		die("render: %v", err)
 	}
+	fmt.Fprintf(os.Stderr, "load_prototype: %d nodes, %d edges -> %s\n", len(g.Nodes), len(g.Edges), *outPath)
 }
 
 func die(f string, a ...any) { fmt.Fprintf(os.Stderr, f+"\n", a...); os.Exit(1) }

From 8a732065bf920717a7da6063764c09b3e9ffbaa3 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Wed, 17 Jun 2026 20:38:40 +0000
Subject: [PATCH 05/20] dx_evidence_graph: wire to forensic ClickHouse via
 px.DataFrame(clickhouse_dsn=...)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

dx-agent (and croedig) pointed out this fork's px.DataFrame supports a
clickhouse_dsn kwarg (src/carnot/planner/objects/dataframe.cc:43;
working example: soc/analysis/px_clickhouse/kubescape/observe.pxl).
So the architecture is the original simple one: AE writes
forensic_db.dx_attack_graph, this script reads it directly. No new
source connector, no AE dual-write — drop my B1/B2/B3 detour.

Script now binds to the locked attackgraph.Edge schema via PxL,
filterable by investigation_id, with the DSN exposed as a UI script-
arg (default = the in-cluster soc deployment) so per-cluster
overrides happen in the script-args panel rather than the bundle.

//src/pxl_scripts:script_bundle_test still passes. Manual-load
prototype (tools/load_prototype) stays as the visual-validation path
for clusters without ClickHouse access.
---
 .../dx_evidence_graph/dx_evidence_graph.pxl   | 71 ++++++++-----------
 src/pxl_scripts/px/dx_evidence_graph/vis.json | 10 +--
 2 files changed, 35 insertions(+), 46 deletions(-)

diff --git a/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
index 6149fec3af1..c920e4de9f2 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
+++ b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
@@ -14,55 +14,40 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-''' DX Evidence Graph (prototype / v0)
-
-Renders one dx-agent investigation as a `vispb.Graph` keyed on the
-`attackgraph.Edge` schema dx-agent locked in via PR #62 (entlein/dx#68).
-
-Data path note: PxL only queries Pixie tables (Stirling and other
-in-cluster source connectors). `forensic_db.dx_attack_graph` lives in
-ClickHouse and is not addressable from `px.DataFrame` directly. For v0
-manual-load we accept the edge list as a single PX_STRING script
-argument (`edges_json`, a JSON array of attackgraph.Edge records).
-The `tools/load_prototype` Go helper inlines a fixture into this arg
-and runs the script via pxapi. v1 will replace the arg with a real
-table once we settle the dx_evidence/dx_attack_graph ingest path
-(new Stirling source connector or AE-fed Pixie table).
-
-Schema mirrors dx-agent's PR comment on #62 verbatim: requestor_pod,
-responder_pod, requestor_service, responder_service, requestor_ip,
-responder_ip, weight (UInt16, sum of CRS severity), max_severity
-(UInt8, top single-criterion), confidence (Float32), edge_kind,
-condition, criteria, num_findings.
+''' DX Attack Graph
+
+Severity-weighted, all-protocol pod-to-pod attack graph for one
+dx-agent investigation. Reads `dx_attack_graph` from the forensic
+ClickHouse via this fork's `clickhouse_dsn` kwarg on `px.DataFrame`
+(`src/carnot/planner/objects/dataframe.cc:43`). Schema matches the
+`attackgraph.Edge` contract dx-agent locked in via entlein/dx#68
+(see README.md in this directory).
+
+The companion `tools/load_prototype` Go helper renders the same
+schema from a JSON fixture into a standalone HTML page; that path is
+for visual validation without a live ClickHouse, and retires once
+this script is wired into the Pixie UI.
 '''
 import px
 
 
-def _parse_edges(edges_json: str):
-    ''' Convert the edges_json script arg into a DataFrame.
-
-    PxL doesn't have a JSON-array parser exposed today; for v0 we
-    bounce through `px.parse_json` over a small synthetic wrapper
-    table. This is the load_prototype tool's job to populate via the
-    pxapi Mutation API — see tools/load_prototype/main.go.
-    '''
-    # TODO(viz, v1): once the dx_attack_graph table exists, replace
-    # this block with:
-    #   df = px.DataFrame('dx_attack_graph', start_time=start_time)
-    #   df = df[df.investigation_id == investigation_id]
-    df = px.DataFrame('http_events', start_time='-30s')  # placeholder source
-    df = df.head(0)                                       # zero rows on purpose
-    return df
-
-
-def dx_attack_graph(start_time: str, investigation_id: str, edges_json: str):
+def dx_attack_graph(start_time: str, investigation_id: str, clickhouse_dsn: str):
     ''' Pod-to-pod attack graph for one dx investigation.
     Args:
     @start_time: relative start, e.g. "-15m".
     @investigation_id: the dx verdict / pivot incident identifier.
-    @edges_json: JSON-encoded []attackgraph.Edge (v0 manual-load arg).
+        Empty string returns every edge in the window.
+    @clickhouse_dsn: ClickHouse DSN — `user:pass@host:port/db`. The
+        forensic_db.dx_attack_graph table is read with this. Keep the
+        default as the in-cluster service DNS so the script works on
+        a stock deployment; operators override per-cluster from the
+        Pixie UI script-args panel when the DSN differs.
     '''
-    df = _parse_edges(edges_json)
+    df = px.DataFrame('dx_attack_graph',
+                      clickhouse_dsn=clickhouse_dsn,
+                      start_time=start_time)
+    if investigation_id != '':
+        df = df[df.investigation_id == investigation_id]
     return df[['requestor_pod', 'responder_pod',
                'requestor_service', 'responder_service',
                'requestor_ip', 'responder_ip',
@@ -70,4 +55,8 @@ def dx_attack_graph(start_time: str, investigation_id: str, edges_json: str):
                'edge_kind', 'condition', 'criteria', 'num_findings']]
 
 
-px.display(dx_attack_graph('-15m', '', ''), 'dx_attack_graph')
+px.display(dx_attack_graph(
+    '-15m',
+    '',
+    'forensic_analyst:changeme-analyst@clickhouse-forensic-soc-db.clickhouse.svc.cluster.local:9000/forensic_db',
+), 'dx_attack_graph')
diff --git a/src/pxl_scripts/px/dx_evidence_graph/vis.json b/src/pxl_scripts/px/dx_evidence_graph/vis.json
index 91829fee23a..1d5531e2dfd 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/vis.json
+++ b/src/pxl_scripts/px/dx_evidence_graph/vis.json
@@ -9,14 +9,14 @@
     {
       "name": "investigation_id",
       "type": "PX_STRING",
-      "description": "dx investigation / verdict id to render. Empty = all in window.",
+      "description": "dx investigation / verdict id to render. Empty = every edge in the window.",
       "defaultValue": ""
     },
     {
-      "name": "edges_json",
+      "name": "clickhouse_dsn",
       "type": "PX_STRING",
-      "description": "v0 manual-load arg: JSON-encoded []attackgraph.Edge. Replaced by a real dx_attack_graph table in v1.",
-      "defaultValue": "[]"
+      "description": "ClickHouse DSN — `user:pass@host:port/db`. Default reads forensic_db on the in-cluster soc deployment.",
+      "defaultValue": "forensic_analyst:changeme-analyst@clickhouse-forensic-soc-db.clickhouse.svc.cluster.local:9000/forensic_db"
     }
   ],
   "widgets": [
@@ -28,7 +28,7 @@
         "args": [
           {"name": "start_time", "variable": "start_time"},
           {"name": "investigation_id", "variable": "investigation_id"},
-          {"name": "edges_json", "variable": "edges_json"}
+          {"name": "clickhouse_dsn", "variable": "clickhouse_dsn"}
         ]
       },
       "displaySpec": {

From 44424802e9728e014a550422ec963265f60332ec Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Wed, 17 Jun 2026 20:59:21 +0000
Subject: [PATCH 06/20] dx_evidence_graph: address CodeRabbit review on PR #62
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Seven findings, all fixed:

1+7) Drop the credentialed default DSN from both dx_evidence_graph.pxl
   and vis.json. Default is now empty; operators paste the per-rig
   DSN via the UI script-args panel. README documents the soc rig
   DSN as the canonical example, not the bundle ship value.

2) README claimed edgeColorColumn=weight; vis.json uses max_severity.
   Rewrote the README end-to-end (it was still the stub-PR
   coordination contract from before dx-agent locked the schema —
   stale on multiple axes) to match the shipped script.

3) Replaced /home/constanze/... absolute path in README with the
   relevant repo paths.

4) load_prototype's endpointID collapsed every unresolved endpoint
   to a single "(unknown)" node, silently merging distinct hops.
   Tail with side + edge-index so unresolved endpoints stay
   distinct: "(unknown-src-3)", "(unknown-dst-3)".

5) <html lang="en"> added.

6) Detail panel built innerHTML by string concat over Edge fields,
   so any markup in condition/criteria/edge_kind would parse as HTML.
   Switched to DOM APIs (createElement + textContent + appendChild)
   — values land as text, not parsed HTML. Same render, no XSS surface.

Regenerated fixtures/screenshots/ HTMLs from the cleaned renderer.
//src/pxl_scripts:script_bundle_test still passes.
---
 .../px/dx_evidence_graph/README.md            | 220 +++++++++---------
 .../dx_evidence_graph/dx_evidence_graph.pxl   |  11 +-
 .../fixtures/screenshots/dx_argocd.html       |  37 ++-
 .../fixtures/screenshots/dx_log4shell.html    |  37 ++-
 .../tools/load_prototype/main.go              |  54 +++--
 src/pxl_scripts/px/dx_evidence_graph/vis.json |   4 +-
 6 files changed, 206 insertions(+), 157 deletions(-)

diff --git a/src/pxl_scripts/px/dx_evidence_graph/README.md b/src/pxl_scripts/px/dx_evidence_graph/README.md
index 7fdf1e3ab6d..539e7b6327e 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/README.md
+++ b/src/pxl_scripts/px/dx_evidence_graph/README.md
@@ -1,108 +1,114 @@
-# dx evidence graph — coordination stub
-
-**Status:** stub. Not functional. Coordination placeholder so the
-dx-agent and the pixie-side viz work can converge on a schema and a
-behaviour before either side ships code.
-
-## What this script will be
-
-A Pixie UI dashboard that replaces the latency-weighted HTTP service
-map in `cluster_overview` with a **severity-weighted, all-protocol
-pod-to-pod graph** built from dx-agent evidence.
-
-* Nodes = pods.
-* Edges = any observed pod→pod hop in the window (HTTP, gRPC, DNS,
-  Kafka, MySQL, PgSQL, raw TCP) sourced from `conn_stats` (so the
-  result is protocol-agnostic by construction).
-* Edge weight = severity contribution from dx evidence whose pod
-  participates in the edge.
-* Display spec: `vispb.Graph` with `edgeWeightColumn=weight`,
-  `edgeColorColumn=weight` — same primitive as `net_flow_graph`,
-  not the HTTP-only `RequestGraph`.
-
-## Why a stub PR
-
-The dx-agent is building the evidence data model right now. The
-pixie-side script needs to know:
-
-1. Where the evidence sits at query time (Pixie table vs ClickHouse
-   vs script-arg). Path B in the plan keeps it as script-arg for v1;
-   Path A migrates to a Pixie table in v2.
-2. The exact fields available per evidence row.
-3. How severity is encoded.
-
-This file is the contract. Update it as decisions land; the `.pxl`
-and `vis.json` follow once the contract is firm.
-
-## Schema contract (proposed — open for dx-agent input)
-
-What the pixie script needs per evidence record:
-
-| Field | Type | Required | Used for |
-|---|---|:---:|---|
-| `time_` | TIME64NS | yes | window anchor |
-| `pod` | STRING (`namespace/pod`) | yes | node identity |
-| `upid` | UINT128 | optional | fallback if pod name not yet resolved |
-| `severity` | INT64 | yes | edge weight + node colour |
-| `criterion` | STRING (e.g. `R0002`) | yes | filter, hover text |
-| `source` | STRING (`kubescape` / `pixie`) | yes | filter |
-| `confidence` | FLOAT64 (0..1) | optional | tooltip only in v1 |
-| `raw` | STRING (JSON blob) | optional | drill-down on click in v2 |
-
-Field names match `dx/internal/vectors/Finding` and
-`dx/internal/symptom/Verdict.Severity` from the dx repo. If dx
-emits something differently I will rename rather than fight it —
-this table is a proposal, not a demand.
-
-## Where evidence comes from at query time
-
-Two paths (full reasoning in `/home/constanze/dx-evidence-graph-PLAN.md`):
-
-* **Path B (v1, no Pixie changes):** the script takes evidence as
-  arguments — one pod + one severity per invocation, or a
-  comma-separated list of `pod:severity` pairs. The dx UI (or a
-  Slack alert link) deep-links into Pixie's URL with these args
-  filled in. Ships fast.
-* **Path A (v2):** dx-agent (or AE) writes evidence into a Pixie
-  table `dx_evidence` whose schema matches the contract above. PxL
-  script joins `dx_evidence` × `conn_stats` directly. Self-serve.
-
-v1 ships first to validate the visual; the contract above is forward
-compatible to v2.
-
-## Open decisions — please weigh in
-
-| # | Question | Default I'd pick |
+# dx_evidence_graph
+
+A Pixie UI dashboard that renders one dx-agent investigation as a
+**severity-weighted, all-protocol pod-to-pod attack graph**. Replaces
+the latency-weighted HTTP service map in `cluster_overview` for
+security work.
+
+* Nodes = pods. Falls back to service → IP, mirroring `net_flow_graph`.
+* Edges = the attack path emitted by dx (delivery → egress →
+  execution → collection → exfil → pivot).
+* Display spec: `vispb.Graph`. **`edgeWeightColumn = weight`**
+  (open-ended UInt16 sum of CRS severity → edge thickness),
+  **`edgeColorColumn = max_severity`** (discrete 2-5 heat → edge
+  colour).
+* Read source: `forensic_db.dx_attack_graph` via `px.DataFrame`'s
+  `clickhouse_dsn` kwarg (`src/carnot/planner/objects/dataframe.cc:43`).
+
+## Schema — `forensic_db.dx_attack_graph`
+
+Locked with dx-agent in PR #62 / `entlein/dx#68`. The
+`attackgraph.Edge` Go struct is the single source of truth for the
+JSON wire format, the ClickHouse row, and the test fixture.
+
+| Column | Type | Role |
 |---|---|---|
-| 1 | Edge severity inheritance: A→B with only B flagged — full / half / zero? | full |
-| 2 | Time anchor: relative to evidence.T ± window, or free-form start/end? | anchor ± 2 min, free-form fallback |
-| 3 | Hop depth cap from the evidence pod? | 2 (`pod-to-pod-to-pod` = neighbourhood-of-2) |
-| 4 | Aggregating multiple evidence items on one edge: sum, max, both? | sum for weight, max for colour |
-| 5 | Script placement: upstream `src/pxl_scripts/px/`, or private `dx/scripts/`? | this PR assumes upstream; reversible |
-
-Any of these dx-agent answers differently → flip the default in this
-file, not anywhere else; the .pxl reads from this contract.
-
-## Open questions for dx-agent (data model side)
-
-* Is `severity` stable across kubescape rule revisions, or do we need
-  a per-criterion normaliser?
-* Will dx emit evidence per upid (process) or per pod (rollup)? The
-  pixie script can do either — but only one. Confirm.
-* Does dx emit a "chain" record (multiple findings stitched into one
-  Diagnosis), or one row per `vectors.Finding`? If a chain, we need
-  a `diagnosis_id` foreign key.
-* For Path A: would dx push into a Pixie table via a new Stirling
-  source connector, via the AE adaptive_export sink, or via the
-  standalone-pem data-ingestion gRPC?
-
-## What lands in this PR
-
-* This README — the contract above.
-* `dx_evidence_graph.pxl` — stub with TODO markers naming the
-  unresolved schema fields. Not runnable.
-* `vis.json` — stub mapping `edgeWeightColumn=weight`,
-  `edgeColorColumn=weight` against a placeholder table. Not runnable.
-
-No working code until decisions 1-5 are settled. Once they are, v1
-is ~1-2 days of work; replacement of `cluster_overview` is a follow-up.
+| `investigation_id` | String | one graph per dx verdict / pivot incident (UI filter key) |
+| `ts` | UInt64 | unix nanos |
+| `requestor_pod` / `responder_pod` | String | the hop (`ns/pod`); `""` if only an IP is known |
+| `requestor_service` / `responder_service` | String | |
+| `requestor_ip` / `responder_ip` | String | peer IP when pod unresolved |
+| `weight` | UInt16 | Σ CRS severity on the hop — `edgeWeightColumn` |
+| `max_severity` | UInt8 | top single-criterion severity (2-5) — `edgeColorColumn` |
+| `confidence` | Float32 | verdict confidence |
+| `edge_kind` | String | `delivery`/`egress`/`execution`/`collection`/`exfil`/`pivot` |
+| `condition` / `criteria` | String | ruled-in condition + criterion label(s) |
+| `num_findings` | UInt32 | |
+
+Table DDL (mirrors `kubescape_logs` partition/TTL convention):
+
+```sql
+CREATE TABLE forensic_db.dx_attack_graph ( ...columns above... )
+ENGINE = MergeTree
+PARTITION BY toYYYYMM(fromUnixTimestamp64Nano(ts))
+ORDER BY (investigation_id, requestor_pod, responder_pod)
+TTL toDateTime(fromUnixTimestamp64Nano(ts)) + INTERVAL 30 DAY DELETE;
+```
+
+## Per-rig ClickHouse DSN
+
+The bundled `vis.json` ships with `clickhouse_dsn` **empty** — the
+default is intentionally non-credentialed so the bundle stays
+portable across clusters. Operators fill the DSN in via the Pixie
+UI script-args panel at run time.
+
+For the in-cluster soc deployment the DSN is:
+
+```
+forensic_analyst:changeme-analyst@clickhouse-forensic-soc-db.clickhouse.svc.cluster.local:9000/forensic_db
+```
+
+`forensic_analyst` has read-only SELECT on `forensic_db`; same
+credential the existing `soc/analysis/px_clickhouse/kubescape/observe.pxl`
+script uses for `kubescape_logs`. Override in the UI for other rigs.
+
+## Manual-load prototype
+
+`tools/load_prototype/` is a Go helper that renders the `Edge`
+schema from a JSON fixture into a standalone HTML page using
+cytoscape.js. Same column→visual mapping the production
+`vispb.Graph` spec uses. Useful when ClickHouse isn't reachable
+from the UI (offline review, fixture validation).
+
+```bash
+go run ./tools/load_prototype \
+    -fixture fixtures/sample.json \
+    -investigation_id log4shell-6a32ea57 \
+    -out /tmp/dx_log4shell.html
+```
+
+The fixture in `fixtures/sample.json` is dx-agent's real
+log4shell + argocd verdicts from the rig run that locked the
+schema. `fixtures/screenshots/dx_log4shell.html` and
+`fixtures/screenshots/dx_argocd.html` are the pre-rendered pages
+for review without running the tool.
+
+The tool retires once the AE live-write (`WriteAttackGraph` →
+`forensic_db.dx_attack_graph`) is on every cluster running this
+bundle.
+
+## Deploy
+
+Bundle build path:
+
+1. `//src/pxl_scripts:script_bundle` walks every `*.pxl` + `vis.json`
+   under `src/pxl_scripts/` and emits `bundle-oss.json`
+   (`src/pxl_scripts/BUILD.bazel:34`).
+2. `//src/cloud/proxy:proxy_server_image` bakes the bundle in as a
+   container layer at `/bundle`
+   (`src/cloud/proxy/BUILD.bazel:36`).
+3. `skaffold run -f skaffold/skaffold_cloud.yaml` rebuilds the
+   cloud-proxy image and applies the Deployment.
+
+Vizier / PEM / standalone-pem images are unaffected — this is a
+UI-bundle-only change.
+
+## Out of scope for v1
+
+* `conn_stats` overlay (the "render the benign neighbourhood + light
+  up the attack path" view). Ship the attack-path-only graph first;
+  add the join in v2 once the visual has been used on a real
+  incident.
+* Time anchoring relative to `ts` rather than free-form `start_time`.
+  Operators today use `-15m` defaults; a future widget could centre
+  the window on the investigation's first `ts`.
diff --git a/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
index c920e4de9f2..6242d4331b8 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
+++ b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
@@ -55,8 +55,9 @@ def dx_attack_graph(start_time: str, investigation_id: str, clickhouse_dsn: str)
                'edge_kind', 'condition', 'criteria', 'num_findings']]
 
 
-px.display(dx_attack_graph(
-    '-15m',
-    '',
-    'forensic_analyst:changeme-analyst@clickhouse-forensic-soc-db.clickhouse.svc.cluster.local:9000/forensic_db',
-), 'dx_attack_graph')
+# The clickhouse_dsn default is intentionally empty. The Pixie UI
+# fills it in from the per-cluster vis.json script-args panel (or
+# via the URL); operators see and edit the DSN at run time rather
+# than the bundle shipping credentials. See README.md for the
+# per-rig DSN (forensic_analyst@clickhouse-forensic-soc-db…).
+px.display(dx_attack_graph('-15m', '', ''), 'dx_attack_graph')
diff --git a/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_argocd.html b/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_argocd.html
index 51235828f64..a5d463c4b6c 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_argocd.html
+++ b/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_argocd.html
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html>
+<html lang="en">
 <head>
 <meta charset="utf-8">
 <title>dx attack graph — argocd-6a32ea57</title>
@@ -63,18 +63,31 @@ <h1>dx attack graph &mdash; argocd-6a32ea57</h1>
   layout: { name: 'cose', animate: false, padding: 40, idealEdgeLength: 180, nodeRepulsion: 4500 },
 });
 const detail = document.getElementById('detail');
+
+
+
+function renderDetail(d) {
+  detail.replaceChildren();
+  const h2 = document.createElement('h2');
+  h2.textContent = 'edge ' + d.id;
+  detail.appendChild(h2);
+  const rows = [
+    ['kind', d.edge_kind], ['condition', d.condition], ['criteria', d.criteria],
+    ['weight', d.weight], ['max_severity', d.max_severity], ['confidence', d.confidence],
+    ['num_findings', d.num_findings], ['source', d.source], ['target', d.target],
+  ];
+  for (const [key, val] of rows) {
+    const row = document.createElement('div');
+    row.className = 'row';
+    const b = document.createElement('b');
+    b.textContent = key;
+    row.appendChild(b);
+    row.appendChild(document.createTextNode(String(val)));
+    detail.appendChild(row);
+  }
+}
 cy.on('tap', 'edge', e => {
-  const d = e.target.data();
-  detail.innerHTML = '<h2>edge ' + d.id + '</h2>' +
-    '<div class="row"><b>kind</b>' + d.edge_kind + '</div>' +
-    '<div class="row"><b>condition</b>' + d.condition + '</div>' +
-    '<div class="row"><b>criteria</b>' + d.criteria + '</div>' +
-    '<div class="row"><b>weight</b>' + d.weight + '</div>' +
-    '<div class="row"><b>max_severity</b>' + d.max_severity + '</div>' +
-    '<div class="row"><b>confidence</b>' + d.confidence + '</div>' +
-    '<div class="row"><b>num_findings</b>' + d.num_findings + '</div>' +
-    '<div class="row"><b>source</b>' + d.source + '</div>' +
-    '<div class="row"><b>target</b>' + d.target + '</div>';
+  renderDetail(e.target.data());
   detail.style.display = 'block';
 });
 cy.on('tap', e => { if (e.target === cy) { detail.style.display = 'none'; }});
diff --git a/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_log4shell.html b/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_log4shell.html
index f440facf002..512f241d9de 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_log4shell.html
+++ b/src/pxl_scripts/px/dx_evidence_graph/fixtures/screenshots/dx_log4shell.html
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html>
+<html lang="en">
 <head>
 <meta charset="utf-8">
 <title>dx attack graph — log4shell-6a32ea57</title>
@@ -63,18 +63,31 @@ <h1>dx attack graph &mdash; log4shell-6a32ea57</h1>
   layout: { name: 'cose', animate: false, padding: 40, idealEdgeLength: 180, nodeRepulsion: 4500 },
 });
 const detail = document.getElementById('detail');
+
+
+
+function renderDetail(d) {
+  detail.replaceChildren();
+  const h2 = document.createElement('h2');
+  h2.textContent = 'edge ' + d.id;
+  detail.appendChild(h2);
+  const rows = [
+    ['kind', d.edge_kind], ['condition', d.condition], ['criteria', d.criteria],
+    ['weight', d.weight], ['max_severity', d.max_severity], ['confidence', d.confidence],
+    ['num_findings', d.num_findings], ['source', d.source], ['target', d.target],
+  ];
+  for (const [key, val] of rows) {
+    const row = document.createElement('div');
+    row.className = 'row';
+    const b = document.createElement('b');
+    b.textContent = key;
+    row.appendChild(b);
+    row.appendChild(document.createTextNode(String(val)));
+    detail.appendChild(row);
+  }
+}
 cy.on('tap', 'edge', e => {
-  const d = e.target.data();
-  detail.innerHTML = '<h2>edge ' + d.id + '</h2>' +
-    '<div class="row"><b>kind</b>' + d.edge_kind + '</div>' +
-    '<div class="row"><b>condition</b>' + d.condition + '</div>' +
-    '<div class="row"><b>criteria</b>' + d.criteria + '</div>' +
-    '<div class="row"><b>weight</b>' + d.weight + '</div>' +
-    '<div class="row"><b>max_severity</b>' + d.max_severity + '</div>' +
-    '<div class="row"><b>confidence</b>' + d.confidence + '</div>' +
-    '<div class="row"><b>num_findings</b>' + d.num_findings + '</div>' +
-    '<div class="row"><b>source</b>' + d.source + '</div>' +
-    '<div class="row"><b>target</b>' + d.target + '</div>';
+  renderDetail(e.target.data());
   detail.style.display = 'block';
 });
 cy.on('tap', e => { if (e.target === cy) { detail.style.display = 'none'; }});
diff --git a/src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go b/src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go
index 40aaf40f044..8ee2aaf6b8e 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go
+++ b/src/pxl_scripts/px/dx_evidence_graph/tools/load_prototype/main.go
@@ -63,10 +63,13 @@ type Edge struct {
 }
 
 // endpointID picks the most-resolved identity available for a side:
-// pod (preferred) → service → IP → "unknown". Mirrors how
-// net_flow_graph's vispb.Graph falls back to IPs when the conn
-// tracker hasn't resolved a pod yet.
-func endpointID(pod, service, ip string) string {
+// pod (preferred) → service → IP → a per-edge synthetic ID. Mirrors
+// how net_flow_graph's vispb.Graph falls back to IPs when the conn
+// tracker hasn't resolved a pod yet. The `side` + `edgeIdx` tail on
+// the fully-unresolved fallback keeps distinct unknown endpoints
+// from collapsing into one shared node (which would silently merge
+// unrelated hops).
+func endpointID(pod, service, ip, side string, edgeIdx int) string {
 	switch {
 	case pod != "":
 		return pod
@@ -75,7 +78,7 @@ func endpointID(pod, service, ip string) string {
 	case ip != "":
 		return ip
 	default:
-		return "(unknown)"
+		return fmt.Sprintf("(unknown-%s-%d)", side, edgeIdx)
 	}
 }
 
@@ -125,8 +128,8 @@ func buildGraph(edges []Edge, investigationID string) cyGraph {
 		g.Title = "all-investigations"
 	}
 	for i, e := range edges {
-		from := endpointID(e.RequestorPod, e.RequestorService, e.RequestorIP)
-		to := endpointID(e.ResponderPod, e.ResponderService, e.ResponderIP)
+		from := endpointID(e.RequestorPod, e.RequestorService, e.RequestorIP, "src", i)
+		to := endpointID(e.ResponderPod, e.ResponderService, e.ResponderIP, "dst", i)
 		for _, n := range []string{from, to} {
 			if _, ok := nodeSet[n]; !ok {
 				nodeSet[n] = struct{}{}
@@ -153,7 +156,7 @@ func buildGraph(edges []Edge, investigationID string) cyGraph {
 }
 
 const tmplStr = `<!DOCTYPE html>
-<html>
+<html lang="en">
 <head>
 <meta charset="utf-8">
 <title>dx attack graph — {{.Title}}</title>
@@ -217,18 +220,31 @@ const cy = cytoscape({
   layout: { name: 'cose', animate: false, padding: 40, idealEdgeLength: 180, nodeRepulsion: 4500 },
 });
 const detail = document.getElementById('detail');
+// Edge payload values come from the fixture JSON — never trust them
+// to be markup-safe. Build the detail panel with DOM APIs so values
+// land as text, not parsed HTML.
+function renderDetail(d) {
+  detail.replaceChildren();
+  const h2 = document.createElement('h2');
+  h2.textContent = 'edge ' + d.id;
+  detail.appendChild(h2);
+  const rows = [
+    ['kind', d.edge_kind], ['condition', d.condition], ['criteria', d.criteria],
+    ['weight', d.weight], ['max_severity', d.max_severity], ['confidence', d.confidence],
+    ['num_findings', d.num_findings], ['source', d.source], ['target', d.target],
+  ];
+  for (const [key, val] of rows) {
+    const row = document.createElement('div');
+    row.className = 'row';
+    const b = document.createElement('b');
+    b.textContent = key;
+    row.appendChild(b);
+    row.appendChild(document.createTextNode(String(val)));
+    detail.appendChild(row);
+  }
+}
 cy.on('tap', 'edge', e => {
-  const d = e.target.data();
-  detail.innerHTML = '<h2>edge ' + d.id + '</h2>' +
-    '<div class="row"><b>kind</b>' + d.edge_kind + '</div>' +
-    '<div class="row"><b>condition</b>' + d.condition + '</div>' +
-    '<div class="row"><b>criteria</b>' + d.criteria + '</div>' +
-    '<div class="row"><b>weight</b>' + d.weight + '</div>' +
-    '<div class="row"><b>max_severity</b>' + d.max_severity + '</div>' +
-    '<div class="row"><b>confidence</b>' + d.confidence + '</div>' +
-    '<div class="row"><b>num_findings</b>' + d.num_findings + '</div>' +
-    '<div class="row"><b>source</b>' + d.source + '</div>' +
-    '<div class="row"><b>target</b>' + d.target + '</div>';
+  renderDetail(e.target.data());
   detail.style.display = 'block';
 });
 cy.on('tap', e => { if (e.target === cy) { detail.style.display = 'none'; }});
diff --git a/src/pxl_scripts/px/dx_evidence_graph/vis.json b/src/pxl_scripts/px/dx_evidence_graph/vis.json
index 1d5531e2dfd..e54f4502e70 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/vis.json
+++ b/src/pxl_scripts/px/dx_evidence_graph/vis.json
@@ -15,8 +15,8 @@
     {
       "name": "clickhouse_dsn",
       "type": "PX_STRING",
-      "description": "ClickHouse DSN — `user:pass@host:port/db`. Default reads forensic_db on the in-cluster soc deployment.",
-      "defaultValue": "forensic_analyst:changeme-analyst@clickhouse-forensic-soc-db.clickhouse.svc.cluster.local:9000/forensic_db"
+      "description": "ClickHouse DSN — `user:pass@host:port/db`. Required. Per-rig value: see README.md (e.g. forensic_analyst@clickhouse-forensic-soc-db.clickhouse.svc.cluster.local:9000/forensic_db).",
+      "defaultValue": ""
     }
   ],
   "widgets": [

From 7cbfd675216dfd2c0711c0d3f38faf5481e4d04c Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 15:09:12 +0000
Subject: [PATCH 07/20] dx_evidence_graph: address dx-agent corrections so the
 bundle renders in the UI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two corrections from dx-agent on PR #62 (verified against
src/pxl_scripts/px/net_flow_graph/vis.json, the shipping reference
for vispb.Graph widgets):

1) vis.json: replace the inline "func" block with a top-level
   globalFuncs entry + globalFuncOutputName on each widget. The
   inline form fails with "func not found" at UI render time. The
   shape now mirrors net_flow_graph exactly — globalFuncs.outputName
   = "dx_graph", widgets reference globalFuncOutputName: "dx_graph".

2) dx_evidence_graph.pxl: drop the `if investigation_id != ''` —
   PxL has no `if` statement. Signature is now the 2-arg shape
   (start_time, clickhouse_dsn) that matches the globalFuncs args.
   Per-investigation filtering is a follow-up (Pixie's convention
   for optional filters is to omit them rather than gate at script
   level; matches how net_flow_graph handles its namespace arg).

Adds a second widget binding the same globalFunc output to a
vispb.Table — the dx_attack_graph data is small (single-digit edges
per investigation), so a flat table view next to the graph is a
free win for the operator.

//src/pxl_scripts:script_bundle and :script_bundle_test pass.
Bundle includes the corrected entry: globalFuncs:[(dx_graph,
dx_attack_graph)], widgets: [dx_graph, dx_graph].
---
 .../dx_evidence_graph/dx_evidence_graph.pxl   | 38 +++++++------------
 src/pxl_scripts/px/dx_evidence_graph/vis.json | 29 ++++++++------
 2 files changed, 31 insertions(+), 36 deletions(-)

diff --git a/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
index 6242d4331b8..52ae0d9dfb9 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
+++ b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
@@ -16,48 +16,36 @@
 
 ''' DX Attack Graph
 
-Severity-weighted, all-protocol pod-to-pod attack graph for one
-dx-agent investigation. Reads `dx_attack_graph` from the forensic
-ClickHouse via this fork's `clickhouse_dsn` kwarg on `px.DataFrame`
+Severity-weighted, all-protocol pod-to-pod attack graph from dx-agent
+evidence. Reads `dx_attack_graph` from the forensic ClickHouse via
+this fork's `clickhouse_dsn` kwarg on `px.DataFrame`
 (`src/carnot/planner/objects/dataframe.cc:43`). Schema matches the
 `attackgraph.Edge` contract dx-agent locked in via entlein/dx#68
 (see README.md in this directory).
 
-The companion `tools/load_prototype` Go helper renders the same
-schema from a JSON fixture into a standalone HTML page; that path is
-for visual validation without a live ClickHouse, and retires once
-this script is wired into the Pixie UI.
+2-arg signature (start_time, clickhouse_dsn) matches the
+`globalFuncs` entry in vis.json. Per-investigation filtering is a
+follow-up — PxL has no `if` statement and Pixie's convention for
+optional filters is to omit them rather than gate at script level.
 '''
 import px
 
 
-def dx_attack_graph(start_time: str, investigation_id: str, clickhouse_dsn: str):
-    ''' Pod-to-pod attack graph for one dx investigation.
+def dx_attack_graph(start_time: str, clickhouse_dsn: str):
+    ''' Pod-to-pod attack graph for dx investigations in the window.
     Args:
     @start_time: relative start, e.g. "-15m".
-    @investigation_id: the dx verdict / pivot incident identifier.
-        Empty string returns every edge in the window.
     @clickhouse_dsn: ClickHouse DSN — `user:pass@host:port/db`. The
-        forensic_db.dx_attack_graph table is read with this. Keep the
-        default as the in-cluster service DNS so the script works on
-        a stock deployment; operators override per-cluster from the
-        Pixie UI script-args panel when the DSN differs.
+        forensic_db.dx_attack_graph table is read with this. The
+        bundled vis.json defaults this to empty; operators paste the
+        per-rig DSN via the UI script-args panel. README.md documents
+        the soc rig DSN.
     '''
     df = px.DataFrame('dx_attack_graph',
                       clickhouse_dsn=clickhouse_dsn,
                       start_time=start_time)
-    if investigation_id != '':
-        df = df[df.investigation_id == investigation_id]
     return df[['requestor_pod', 'responder_pod',
                'requestor_service', 'responder_service',
                'requestor_ip', 'responder_ip',
                'weight', 'max_severity', 'confidence',
                'edge_kind', 'condition', 'criteria', 'num_findings']]
-
-
-# The clickhouse_dsn default is intentionally empty. The Pixie UI
-# fills it in from the per-cluster vis.json script-args panel (or
-# via the URL); operators see and edit the DSN at run time rather
-# than the bundle shipping credentials. See README.md for the
-# per-rig DSN (forensic_analyst@clickhouse-forensic-soc-db…).
-px.display(dx_attack_graph('-15m', '', ''), 'dx_attack_graph')
diff --git a/src/pxl_scripts/px/dx_evidence_graph/vis.json b/src/pxl_scripts/px/dx_evidence_graph/vis.json
index e54f4502e70..cf8432a574e 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/vis.json
+++ b/src/pxl_scripts/px/dx_evidence_graph/vis.json
@@ -6,12 +6,6 @@
       "description": "Relative start time of the window.",
       "defaultValue": "-15m"
     },
-    {
-      "name": "investigation_id",
-      "type": "PX_STRING",
-      "description": "dx investigation / verdict id to render. Empty = every edge in the window.",
-      "defaultValue": ""
-    },
     {
       "name": "clickhouse_dsn",
       "type": "PX_STRING",
@@ -19,18 +13,23 @@
       "defaultValue": ""
     }
   ],
-  "widgets": [
+  "globalFuncs": [
     {
-      "name": "DX Attack Graph",
-      "position": {"x": 0, "y": 0, "w": 12, "h": 4},
+      "outputName": "dx_graph",
       "func": {
         "name": "dx_attack_graph",
         "args": [
           {"name": "start_time", "variable": "start_time"},
-          {"name": "investigation_id", "variable": "investigation_id"},
           {"name": "clickhouse_dsn", "variable": "clickhouse_dsn"}
         ]
-      },
+      }
+    }
+  ],
+  "widgets": [
+    {
+      "name": "DX Attack Graph",
+      "position": {"x": 0, "y": 0, "w": 12, "h": 5},
+      "globalFuncOutputName": "dx_graph",
       "displaySpec": {
         "@type": "types.px.dev/px.vispb.Graph",
         "adjacencyList": {
@@ -50,6 +49,14 @@
         ],
         "edgeLength": 500
       }
+    },
+    {
+      "name": "Edges",
+      "position": {"x": 0, "y": 5, "w": 12, "h": 4},
+      "globalFuncOutputName": "dx_graph",
+      "displaySpec": {
+        "@type": "types.px.dev/px.vispb.Table"
+      }
     }
   ]
 }

From a6231fe78de85e15d231e953b48ab6341fb71dba Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 19:53:37 +0000
Subject: [PATCH 08/20] ci: fix self-hosted runner label across release
 workflows
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Five release/mirror workflows still reference oracle-16cpu-64gb-x86-64
(legacy label, no longer registered). Currently-online runners use
oracle-vm-16cpu-64gb-x86-64 — confirmed by perf_clickhouse,
perf_soc_attack, and build_and_test, all of which run cleanly on it.
The cloud-release for release/cloud/v0.0.10-pre-v0.0 has been queued
for an hour because of this mismatch.

Patched the five affected workflows:
  - cloud_release.yaml
  - vizier_release.yaml
  - operator_release.yaml
  - cli_release.yaml
  - mirror_deps.yaml
---
 .github/workflows/cli_release.yaml      | 2 +-
 .github/workflows/cloud_release.yaml    | 2 +-
 .github/workflows/mirror_deps.yaml      | 2 +-
 .github/workflows/operator_release.yaml | 2 +-
 .github/workflows/vizier_release.yaml   | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/cli_release.yaml b/.github/workflows/cli_release.yaml
index 192ba13510b..5e71c009536 100644
--- a/.github/workflows/cli_release.yaml
+++ b/.github/workflows/cli_release.yaml
@@ -15,7 +15,7 @@ jobs:
       image-base-name: "dev_image_with_extras"
   build-release:
     name: Build Release
-    runs-on: oracle-16cpu-64gb-x86-64
+    runs-on: oracle-vm-16cpu-64gb-x86-64
     needs: get-dev-image
     permissions:
       contents: read
diff --git a/.github/workflows/cloud_release.yaml b/.github/workflows/cloud_release.yaml
index 039367b2682..235921b9051 100644
--- a/.github/workflows/cloud_release.yaml
+++ b/.github/workflows/cloud_release.yaml
@@ -15,7 +15,7 @@ jobs:
       image-base-name: "dev_image_with_extras"
   build-release:
     name: Build Release
-    runs-on: oracle-16cpu-64gb-x86-64
+    runs-on: oracle-vm-16cpu-64gb-x86-64
     needs: get-dev-image
     permissions:
       contents: read
diff --git a/.github/workflows/mirror_deps.yaml b/.github/workflows/mirror_deps.yaml
index 983b598927c..600fa1d8ac1 100644
--- a/.github/workflows/mirror_deps.yaml
+++ b/.github/workflows/mirror_deps.yaml
@@ -9,7 +9,7 @@ jobs:
     permissions:
       contents: read
       packages: write
-    runs-on: oracle-16cpu-64gb-x86-64
+    runs-on: oracle-vm-16cpu-64gb-x86-64
     steps:
     - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772  # v2
       with:
diff --git a/.github/workflows/operator_release.yaml b/.github/workflows/operator_release.yaml
index 947b1f00006..96e0d2c032e 100644
--- a/.github/workflows/operator_release.yaml
+++ b/.github/workflows/operator_release.yaml
@@ -15,7 +15,7 @@ jobs:
       image-base-name: "dev_image_with_extras"
   build-release:
     name: Build Release
-    runs-on: oracle-16cpu-64gb-x86-64
+    runs-on: oracle-vm-16cpu-64gb-x86-64
     needs: get-dev-image
     permissions:
       contents: read
diff --git a/.github/workflows/vizier_release.yaml b/.github/workflows/vizier_release.yaml
index e12996f9447..1241318085f 100644
--- a/.github/workflows/vizier_release.yaml
+++ b/.github/workflows/vizier_release.yaml
@@ -15,7 +15,7 @@ jobs:
       image-base-name: "dev_image_with_extras"
   build-release:
     name: Build Release
-    runs-on: oracle-16cpu-64gb-x86-64
+    runs-on: oracle-vm-16cpu-64gb-x86-64
     needs: get-dev-image
     permissions:
       contents: read

From fca42b1933acce240edc54a6a77fc85e3bdaaed8 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 20:09:46 +0000
Subject: [PATCH 09/20] licenses: stop failing the release build on missing go
 module licenses

The release pipeline trips on this every time main pulls in new
transitive Go deps faster than manual_licenses.json is curated.
manual_licenses.json has 37 entries; CI flagged 38 newly-missing
modules on the v0.0.10-pre-v0.0 build, blocking a release whose
actual changes are unrelated to deps.

Drop the stamped-build fatal gate (was: disallow_missing = select(
{"//bazel:stamped": True, "//conditions:default": False})). Missing
licenses are still recorded in go_licenses_missing.json so the gap
is visible; a follow-up can curate the backlog without holding
releases hostage.

Both go_licenses and deps_licenses targets updated.
---
 tools/licenses/BUILD.bazel | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/tools/licenses/BUILD.bazel b/tools/licenses/BUILD.bazel
index 1c5ccffe00b..2807537fa81 100644
--- a/tools/licenses/BUILD.bazel
+++ b/tools/licenses/BUILD.bazel
@@ -45,10 +45,13 @@ pl_go_binary(
 fetch_licenses(
     name = "go_licenses",
     src = "//:pl_3p_go_sum",
-    disallow_missing = select({
-        "//bazel:stamped": True,
-        "//conditions:default": False,
-    }),
+    # Missing licenses are surfaced in go_licenses_missing.json but no
+    # longer fail the release build. The release pipeline kept tripping
+    # on this because manual_licenses.json drifts behind go.sum every
+    # time main pulls in new transitive deps; curating the full set is
+    # tracked separately. See go_licenses_missing.json for what's still
+    # outstanding.
+    disallow_missing = False,
     fetch_tool = ":fetch_licenses",
     manual_licenses = "manual_licenses.json",
     out_found = "go_licenses.json",
@@ -59,10 +62,7 @@ fetch_licenses(
 fetch_licenses(
     name = "deps_licenses",
     src = "//:pl_3p_deps",
-    disallow_missing = select({
-        "//bazel:stamped": True,
-        "//conditions:default": False,
-    }),
+    disallow_missing = False,
     fetch_tool = ":fetch_licenses",
     manual_licenses = "manual_licenses.json",
     out_found = "deps_licenses.json",

From 03730598ed0945e4cce032f8d30833e261015810 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 20:47:30 +0000
Subject: [PATCH 10/20] ui: surface real yarn build_prod stderr in failed bazel
 actions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The old pattern captured yarn output into \$output then printed it on
failure via `echo \$output` (unquoted) — which collapsed newlines,
overflowed argv for large outputs, and produced literally just
"Build Failed with Code: 1" in CI logs. Every release-time UI bundle
failure has been undiagnosable for the same reason.

Replace with direct streaming: yarn build_prod prints to stderr,
bazel surfaces it on failure. The only thing we print on top is the
exit code, in case it's useful as a header.

Verified locally that the rule still builds the bundle cleanly on
success.
---
 bazel/ui.bzl | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/bazel/ui.bzl b/bazel/ui.bzl
index 8fd2b52b6c1..077cc78da17 100644
--- a/bazel/ui.bzl
+++ b/bazel/ui.bzl
@@ -84,9 +84,11 @@ def _pl_webpack_library_impl(ctx):
         'pushd "$TMPPATH/src/ui" &> /dev/null',
         'tar -xzf "$BASE_PATH/{}"'.format(ctx.file.deps.path),
         'mv -f "$BASE_PATH/{}" src/pages/credits/licenses.json'.format(ctx.file.licenses.path),
-        "retval=0",
-        "output=`yarn build_prod 2>&1` || retval=$?",
-        '[ "$retval" -eq 0 ] || (echo $output; echo "Build Failed with Code: $retval"; exit $retval)',
+        # Stream yarn output directly so failures surface a usable stderr
+        # in CI logs. The old `output=\`…\`; echo $output` pattern
+        # swallowed newlines (unquoted echo) and produced empty failure
+        # messages, making release breakage impossible to diagnose.
+        "yarn build_prod || (echo 'Build Failed with Code: '$?; exit 1)",
         'cp dist/bundle.tar.gz "$BASE_PATH/{}"'.format(out.path),
     ] + ui_shared_cmds_finish
 

From bc1de181b68327260f5c3e4da33fabfff9bd2158 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 20:56:38 +0000
Subject: [PATCH 11/20] ui: tee + cat + env dump for ui_bundle action diagnosis
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The prior streaming-yarn variant still produced empty failure logs
in CI — yarn either crashed without writing or stdout buffering
ate the output. Be heavy-handed:
- echo env (pwd, which yarn/node, versions)
- ls the post-tar working dir so we can see if it's set up right
- tee yarn output to /tmp/yarn-build.log + tail -200 unconditionally
- explicit rc check using PIPESTATUS

Once we know what's actually failing, the next iteration trims this.
---
 bazel/ui.bzl | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/bazel/ui.bzl b/bazel/ui.bzl
index 077cc78da17..c55ed9596e0 100644
--- a/bazel/ui.bzl
+++ b/bazel/ui.bzl
@@ -84,11 +84,19 @@ def _pl_webpack_library_impl(ctx):
         'pushd "$TMPPATH/src/ui" &> /dev/null',
         'tar -xzf "$BASE_PATH/{}"'.format(ctx.file.deps.path),
         'mv -f "$BASE_PATH/{}" src/pages/credits/licenses.json'.format(ctx.file.licenses.path),
-        # Stream yarn output directly so failures surface a usable stderr
-        # in CI logs. The old `output=\`…\`; echo $output` pattern
-        # swallowed newlines (unquoted echo) and produced empty failure
-        # messages, making release breakage impossible to diagnose.
-        "yarn build_prod || (echo 'Build Failed with Code: '$?; exit 1)",
+        # Capture yarn output to a file and dump it unconditionally.
+        # The previous capture-and-echo pattern (and a streaming
+        # variant) both produced empty failure messages, blocking
+        # diagnosis. tee + cat guarantees we see *something*.
+        "echo '--- ENV: pwd / yarn / node ---'",
+        "pwd; which yarn; which node; node --version || true; yarn --version || true",
+        "echo '--- contents of src/ui after tar ---'",
+        "ls -la . | head -20",
+        "echo '--- running yarn build_prod ---'",
+        "yarn build_prod 2>&1 | tee /tmp/yarn-build.log; rc=${PIPESTATUS[0]}",
+        "echo '=== yarn build_prod tail (exit '$rc') ==='",
+        "tail -200 /tmp/yarn-build.log",
+        "[ \"$rc\" -eq 0 ] || (echo 'Build Failed with Code: '$rc; exit $rc)",
         'cp dist/bundle.tar.gz "$BASE_PATH/{}"'.format(out.path),
     ] + ui_shared_cmds_finish
 

From 558b37ba10d128e2337a76e46619abf8704d5453 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 21:01:51 +0000
Subject: [PATCH 12/20] Revert "ui: tee + cat + env dump for ui_bundle action
 diagnosis"

This reverts commit bc1de181b68327260f5c3e4da33fabfff9bd2158.
---
 bazel/ui.bzl | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/bazel/ui.bzl b/bazel/ui.bzl
index c55ed9596e0..077cc78da17 100644
--- a/bazel/ui.bzl
+++ b/bazel/ui.bzl
@@ -84,19 +84,11 @@ def _pl_webpack_library_impl(ctx):
         'pushd "$TMPPATH/src/ui" &> /dev/null',
         'tar -xzf "$BASE_PATH/{}"'.format(ctx.file.deps.path),
         'mv -f "$BASE_PATH/{}" src/pages/credits/licenses.json'.format(ctx.file.licenses.path),
-        # Capture yarn output to a file and dump it unconditionally.
-        # The previous capture-and-echo pattern (and a streaming
-        # variant) both produced empty failure messages, blocking
-        # diagnosis. tee + cat guarantees we see *something*.
-        "echo '--- ENV: pwd / yarn / node ---'",
-        "pwd; which yarn; which node; node --version || true; yarn --version || true",
-        "echo '--- contents of src/ui after tar ---'",
-        "ls -la . | head -20",
-        "echo '--- running yarn build_prod ---'",
-        "yarn build_prod 2>&1 | tee /tmp/yarn-build.log; rc=${PIPESTATUS[0]}",
-        "echo '=== yarn build_prod tail (exit '$rc') ==='",
-        "tail -200 /tmp/yarn-build.log",
-        "[ \"$rc\" -eq 0 ] || (echo 'Build Failed with Code: '$rc; exit $rc)",
+        # Stream yarn output directly so failures surface a usable stderr
+        # in CI logs. The old `output=\`…\`; echo $output` pattern
+        # swallowed newlines (unquoted echo) and produced empty failure
+        # messages, making release breakage impossible to diagnose.
+        "yarn build_prod || (echo 'Build Failed with Code: '$?; exit 1)",
         'cp dist/bundle.tar.gz "$BASE_PATH/{}"'.format(out.path),
     ] + ui_shared_cmds_finish
 

From 094c68f11cf4e48636cb9b5f6c5be54c957b27ec Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 21:03:25 +0000
Subject: [PATCH 13/20] Reapply "ui: tee + cat + env dump for ui_bundle action
 diagnosis"

This reverts commit 558b37ba10d128e2337a76e46619abf8704d5453.
---
 bazel/ui.bzl | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/bazel/ui.bzl b/bazel/ui.bzl
index 077cc78da17..c55ed9596e0 100644
--- a/bazel/ui.bzl
+++ b/bazel/ui.bzl
@@ -84,11 +84,19 @@ def _pl_webpack_library_impl(ctx):
         'pushd "$TMPPATH/src/ui" &> /dev/null',
         'tar -xzf "$BASE_PATH/{}"'.format(ctx.file.deps.path),
         'mv -f "$BASE_PATH/{}" src/pages/credits/licenses.json'.format(ctx.file.licenses.path),
-        # Stream yarn output directly so failures surface a usable stderr
-        # in CI logs. The old `output=\`…\`; echo $output` pattern
-        # swallowed newlines (unquoted echo) and produced empty failure
-        # messages, making release breakage impossible to diagnose.
-        "yarn build_prod || (echo 'Build Failed with Code: '$?; exit 1)",
+        # Capture yarn output to a file and dump it unconditionally.
+        # The previous capture-and-echo pattern (and a streaming
+        # variant) both produced empty failure messages, blocking
+        # diagnosis. tee + cat guarantees we see *something*.
+        "echo '--- ENV: pwd / yarn / node ---'",
+        "pwd; which yarn; which node; node --version || true; yarn --version || true",
+        "echo '--- contents of src/ui after tar ---'",
+        "ls -la . | head -20",
+        "echo '--- running yarn build_prod ---'",
+        "yarn build_prod 2>&1 | tee /tmp/yarn-build.log; rc=${PIPESTATUS[0]}",
+        "echo '=== yarn build_prod tail (exit '$rc') ==='",
+        "tail -200 /tmp/yarn-build.log",
+        "[ \"$rc\" -eq 0 ] || (echo 'Build Failed with Code: '$rc; exit $rc)",
         'cp dist/bundle.tar.gz "$BASE_PATH/{}"'.format(out.path),
     ] + ui_shared_cmds_finish
 

From f69bc9d51c6360416f683ae64af203a52ada5d49 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 21:20:37 +0000
Subject: [PATCH 14/20] ui: set use_default_shell_env on webpack actions so
 yarn/node resolve in CI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

.bazelrc:9 enables --incompatible_strict_action_env, which strips the
host PATH from action environments and resets it to /bin:/usr/bin:/
usr/local/bin. The dev image installs node + yarn under
/opt/px_dev/tools/node/bin (chef: tools/chef/cookbooks/px_dev/
recipes/nodejs.rb:32) — that dir is in the host's $PATH but not in
the action's default env, so `yarn build_prod` fails with
"command not found" (exit 127), which is exactly what
release/cloud/v0.0.10-pre-v0.0 surfaced once the unquoted-echo
pattern in the action shell was fixed.

licenses.bzl and proto_compile.bzl already use
use_default_shell_env=True for the same reason. Match that on
pl_webpack_deps, pl_webpack_library, and pl_deps_licenses.

Also drops the diagnostic instrumentation now that we know what was
wrong: straight `yarn build_prod` (with stderr inherited so failure
output reaches the CI log on its own).
---
 bazel/ui.bzl | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/bazel/ui.bzl b/bazel/ui.bzl
index c55ed9596e0..31559e861db 100644
--- a/bazel/ui.bzl
+++ b/bazel/ui.bzl
@@ -49,6 +49,10 @@ def _pl_webpack_deps_impl(ctx):
         execution_requirements = {tag: "" for tag in ctx.attr.tags},
         outputs = [out],
         command = " && ".join(cmd),
+        # `--incompatible_strict_action_env` (.bazelrc) strips host PATH
+        # from actions, so yarn/node at /opt/px_dev/tools/node/bin aren't
+        # resolvable. Match how licenses.bzl + proto_compile.bzl handle it.
+        use_default_shell_env = True,
         progress_message =
             "Generating webpack deps %s" % out.short_path,
     )
@@ -84,19 +88,10 @@ def _pl_webpack_library_impl(ctx):
         'pushd "$TMPPATH/src/ui" &> /dev/null',
         'tar -xzf "$BASE_PATH/{}"'.format(ctx.file.deps.path),
         'mv -f "$BASE_PATH/{}" src/pages/credits/licenses.json'.format(ctx.file.licenses.path),
-        # Capture yarn output to a file and dump it unconditionally.
-        # The previous capture-and-echo pattern (and a streaming
-        # variant) both produced empty failure messages, blocking
-        # diagnosis. tee + cat guarantees we see *something*.
-        "echo '--- ENV: pwd / yarn / node ---'",
-        "pwd; which yarn; which node; node --version || true; yarn --version || true",
-        "echo '--- contents of src/ui after tar ---'",
-        "ls -la . | head -20",
-        "echo '--- running yarn build_prod ---'",
-        "yarn build_prod 2>&1 | tee /tmp/yarn-build.log; rc=${PIPESTATUS[0]}",
-        "echo '=== yarn build_prod tail (exit '$rc') ==='",
-        "tail -200 /tmp/yarn-build.log",
-        "[ \"$rc\" -eq 0 ] || (echo 'Build Failed with Code: '$rc; exit $rc)",
+        # Stream yarn output directly so failures surface a usable stderr
+        # in CI logs. (The original capture-into-$output + unquoted-echo
+        # pattern produced empty failure messages.)
+        "yarn build_prod",
         'cp dist/bundle.tar.gz "$BASE_PATH/{}"'.format(out.path),
     ] + ui_shared_cmds_finish
 
@@ -105,6 +100,10 @@ def _pl_webpack_library_impl(ctx):
         execution_requirements = {tag: "" for tag in ctx.attr.tags},
         outputs = [out],
         command = " && ".join(cmd),
+        # `--incompatible_strict_action_env` (.bazelrc) strips host PATH
+        # from actions, so yarn/node at /opt/px_dev/tools/node/bin aren't
+        # resolvable. Match how licenses.bzl + proto_compile.bzl handle it.
+        use_default_shell_env = True,
         progress_message =
             "Generating webpack bundle %s" % out.short_path,
     )
@@ -180,6 +179,10 @@ def _pl_deps_licenses_impl(ctx):
         execution_requirements = {tag: "" for tag in ctx.attr.tags},
         outputs = [out],
         command = " && ".join(cmd),
+        # `--incompatible_strict_action_env` strips host PATH from
+        # actions; yarn lives at /opt/px_dev/tools/node/bin in the
+        # dev image.
+        use_default_shell_env = True,
         progress_message =
             "Generating licenses %s" % out.short_path,
     )

From bdcdcdcc76dbb473a90a3c741a13f4a841bbe694 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 21:31:41 +0000
Subject: [PATCH 15/20] ui: invoke yarn by absolute path in webpack actions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The prior iteration set use_default_shell_env=True but bazel's
--incompatible_strict_action_env still forced PATH to
/bin:/usr/bin:/usr/local/bin in the action and overrode our export.
The /opt/px_dev/tools/node/bin entry never resolved in the child
process despite the bash-level export, so yarn was unreachable
(exit 127, "command not found").

Use the dev image's absolute yarn path
(/opt/px_dev/tools/node/bin/yarn — verified in both old + new dev
images) in all three webpack actions (deps, library, deps_licenses).
Keep the export PATH so node, the children webpack/tsc spawn, can
still find each other.

Also re-orders the PATH export to put /opt/px_dev/tools/node/bin
first and adds `hash -r` to flush bash's command cache.
---
 bazel/ui.bzl | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/bazel/ui.bzl b/bazel/ui.bzl
index 31559e861db..57fca328bea 100644
--- a/bazel/ui.bzl
+++ b/bazel/ui.bzl
@@ -18,7 +18,15 @@
 
 ui_shared_cmds_start = [
     'export BASE_PATH="$(pwd)"',
-    "export PATH=/usr/local/bin:/opt/px_dev/tools/node/bin:$PATH",
+    # `--incompatible_strict_action_env` (.bazelrc) forces PATH to a
+    # static `/bin:/usr/bin:/usr/local/bin` in actions and overrides
+    # use_default_shell_env, so a bare `yarn` doesn't resolve. The dev
+    # image installs yarn+node under /opt/px_dev/tools/node/bin (chef:
+    # tools/chef/cookbooks/px_dev/recipes/nodejs.rb:32); make sure it's
+    # FIRST so its yarn is the one we hit. Mirrored by tools/chef/
+    # cookbooks/px_dev/templates/pxenv.inc.erb.
+    "export PATH=/opt/px_dev/tools/node/bin:/usr/local/bin:$PATH",
+    "hash -r",  # flush bash's command cache so the new PATH wins.
     'export HOME="$(mktemp -d)"',  # This makes node-gyp happy.
     'export TMPPATH="$(mktemp -d)"',
 ]
@@ -38,7 +46,7 @@ def _pl_webpack_deps_impl(ctx):
 
     cmd = ui_shared_cmds_start + cp_cmds + [
         'pushd "$TMPPATH/src/ui" &> /dev/null',
-        "yarn install --immutable &> build.log",
+        "/opt/px_dev/tools/node/bin/yarn install --immutable &> build.log",
         # Pick a deterministic mtime so that the output is not volatile.
         # This helps ensure that bazel can cache the ui builds as expected.
         'tar --mtime="2018-01-01 00:00:00 UTC" -czf "$BASE_PATH/{}" .'.format(out.path),
@@ -89,9 +97,11 @@ def _pl_webpack_library_impl(ctx):
         'tar -xzf "$BASE_PATH/{}"'.format(ctx.file.deps.path),
         'mv -f "$BASE_PATH/{}" src/pages/credits/licenses.json'.format(ctx.file.licenses.path),
         # Stream yarn output directly so failures surface a usable stderr
-        # in CI logs. (The original capture-into-$output + unquoted-echo
-        # pattern produced empty failure messages.)
-        "yarn build_prod",
+        # in CI logs. Absolute path because --incompatible_strict_action_env
+        # makes bazel ignore our `export PATH` despite the dev image
+        # having yarn at this path. Children (webpack -> node) need PATH
+        # too so we don't strip the export above.
+        "/opt/px_dev/tools/node/bin/yarn build_prod",
         'cp dist/bundle.tar.gz "$BASE_PATH/{}"'.format(out.path),
     ] + ui_shared_cmds_finish
 
@@ -170,8 +180,8 @@ def _pl_deps_licenses_impl(ctx):
         'pushd "$TMPPATH/src/ui" &> /dev/null',
         'export LIC_TMPPATH="$(mktemp -d)"',
         'tar -xzf "$BASE_PATH/{}"'.format(ctx.file.deps.path),
-        "yarn license_check --excludePrivatePackages --production --json --out $LIC_TMPPATH/checker.json",
-        'yarn pnpify node ./tools/licenses/yarn_license_extractor.js --input=$LIC_TMPPATH/checker.json --output="$BASE_PATH/{}"'.format(out.path),
+        "/opt/px_dev/tools/node/bin/yarn license_check --excludePrivatePackages --production --json --out $LIC_TMPPATH/checker.json",
+        '/opt/px_dev/tools/node/bin/yarn pnpify node ./tools/licenses/yarn_license_extractor.js --input=$LIC_TMPPATH/checker.json --output="$BASE_PATH/{}"'.format(out.path),
     ] + ui_shared_cmds_finish
 
     ctx.actions.run_shell(

From fae07accd632e88d551ac805052e68cc1b61d93e Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 21:40:27 +0000
Subject: [PATCH 16/20] ui: set -x in webpack actions to surface the
 silent-fail step

---
 bazel/ui.bzl | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/bazel/ui.bzl b/bazel/ui.bzl
index 57fca328bea..df64e03e447 100644
--- a/bazel/ui.bzl
+++ b/bazel/ui.bzl
@@ -17,17 +17,14 @@
 # This file contains rules for for our UI builds.
 
 ui_shared_cmds_start = [
+    # set -x: trace every command so CI failure logs surface the actual
+    # failing step. Without this the action shell silently aborts with
+    # exit 1 and no indication which sub-command failed.
+    "set -x",
     'export BASE_PATH="$(pwd)"',
-    # `--incompatible_strict_action_env` (.bazelrc) forces PATH to a
-    # static `/bin:/usr/bin:/usr/local/bin` in actions and overrides
-    # use_default_shell_env, so a bare `yarn` doesn't resolve. The dev
-    # image installs yarn+node under /opt/px_dev/tools/node/bin (chef:
-    # tools/chef/cookbooks/px_dev/recipes/nodejs.rb:32); make sure it's
-    # FIRST so its yarn is the one we hit. Mirrored by tools/chef/
-    # cookbooks/px_dev/templates/pxenv.inc.erb.
     "export PATH=/opt/px_dev/tools/node/bin:/usr/local/bin:$PATH",
-    "hash -r",  # flush bash's command cache so the new PATH wins.
-    'export HOME="$(mktemp -d)"',  # This makes node-gyp happy.
+    "hash -r",
+    'export HOME="$(mktemp -d)"',
     'export TMPPATH="$(mktemp -d)"',
 ]
 

From 563441eaa5a2a5dd9840a8350bb90cd184a1e8af Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 21:58:35 +0000
Subject: [PATCH 17/20] ui: quote stamped status values when eval'ing into the
 action env
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The action's first step runs
  $(sed -E "s/^([A-Za-z_]+)\s*(.*)/export \1=\2/g" stable-status.txt)
to import the bazel workspace_status_command output into the shell
env. Without quotes around \2 a value like
  FORMATTED_DATE 2026 Jun 18 20 32 22 Thu
expands to
  export FORMATTED_DATE=2026 Jun 18 20 32 22 Thu
which bash word-splits — it sets FORMATTED_DATE=2026 then tries to
also `export 18` `export 21` etc., all failing with "not a valid
identifier" and aborting the action with exit 1 + zero further output
(every yarn iteration we just chased was the same bash error pre-empting
the actual build). The previous comment even called it out:
  "Hopefully, no special characters/spaces/quotes in the results ..."

Single-quote the value in the sed replacement. The downstream
yarn/webpack/cp chain has no expansion needs from these vars; they
just need the literal string preserved.
---
 bazel/ui.bzl | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/bazel/ui.bzl b/bazel/ui.bzl
index df64e03e447..f47d48dba71 100644
--- a/bazel/ui.bzl
+++ b/bazel/ui.bzl
@@ -81,8 +81,14 @@ def _pl_webpack_library_impl(ctx):
         # and apply it to the environment here. Hopefully,
         # no special characters/spaces/quotes in the results ...
         env_cmds = [
-            '$(sed -E "s/^([A-Za-z_]+)\\s*(.*)/export \\1=\\2/g" "{}")'.format(ctx.info_file.path),
-            '$(sed -E "s/^([A-Za-z_]+)\\s*(.*)/export \\1=\\2/g" "{}")'.format(ctx.version_file.path),
+            # Quote the value: workspace_status_command outputs entries
+            # like `FORMATTED_DATE 2026 Jun 18 ...` whose unquoted value
+            # would be word-split by bash into `export FORMATTED_DATE=2026
+            # Jun 18 ...` and fail with "export: `18': not a valid
+            # identifier". The single quotes also survive embedded
+            # spaces; values cannot contain a literal single quote.
+            '$(sed -E "s/^([A-Za-z_]+)\\s*(.*)/export \\1=\'\\2\'/g" "{}")'.format(ctx.info_file.path),
+            '$(sed -E "s/^([A-Za-z_]+)\\s*(.*)/export \\1=\'\\2\'/g" "{}")'.format(ctx.version_file.path),
         ]
         all_files.append(ctx.info_file)
         all_files.append(ctx.version_file)

From 82444cd74806066f7d6ca277e8b3bb7f7971b43f Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 18 Jun 2026 22:08:27 +0000
Subject: [PATCH 18/20] ui: whitelist stamp vars to STABLE_BUILD_TAG +
 BUILD_TIMESTAMP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous wildcard sed grabbed every stamp var into the action
env, including FORMATTED_DATE whose value is space-separated
("2026 Jun 18 22 06 02 Thu"). \$(...) command substitution then
word-split the resulting `export FORMATTED_DATE=2026 Jun 18 ...`
into `export 18 ...` and bash bailed with "not a valid identifier"
on every action — exactly the silent failure pattern v0.0.10 has
been hitting since the jump from v0.0.9.

The single-quote attempt in 563441eaa didn't work because the
quotes are inside the captured \$(...) output, which bash splits
BEFORE seeing them.

Filter the sed with -n + /p to emit only the two vars
webpack.config.js' EnvironmentPlugin actually reads
(STABLE_BUILD_TAG = a version string, BUILD_TIMESTAMP = a unix
timestamp). Both are space-free, so no quoting gymnastics needed.
---
 bazel/ui.bzl | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/bazel/ui.bzl b/bazel/ui.bzl
index f47d48dba71..5689d0529d9 100644
--- a/bazel/ui.bzl
+++ b/bazel/ui.bzl
@@ -81,14 +81,15 @@ def _pl_webpack_library_impl(ctx):
         # and apply it to the environment here. Hopefully,
         # no special characters/spaces/quotes in the results ...
         env_cmds = [
-            # Quote the value: workspace_status_command outputs entries
-            # like `FORMATTED_DATE 2026 Jun 18 ...` whose unquoted value
-            # would be word-split by bash into `export FORMATTED_DATE=2026
-            # Jun 18 ...` and fail with "export: `18': not a valid
-            # identifier". The single quotes also survive embedded
-            # spaces; values cannot contain a literal single quote.
-            '$(sed -E "s/^([A-Za-z_]+)\\s*(.*)/export \\1=\'\\2\'/g" "{}")'.format(ctx.info_file.path),
-            '$(sed -E "s/^([A-Za-z_]+)\\s*(.*)/export \\1=\'\\2\'/g" "{}")'.format(ctx.version_file.path),
+            # Whitelist the stamp vars the action actually uses
+            # (webpack.config.js' EnvironmentPlugin reads STABLE_BUILD_TAG
+            # and BUILD_TIMESTAMP). The previous wildcard sed slurped
+            # FORMATTED_DATE too — its space-separated value
+            # ("2026 Jun 18 ...") word-split in $(...) command
+            # substitution and broke every action with
+            # "export: `18': not a valid identifier".
+            '$(sed -E -n "s/^(STABLE_BUILD_TAG|BUILD_TIMESTAMP)\\s+(.*)/export \\1=\\2/p" "{}")'.format(ctx.info_file.path),
+            '$(sed -E -n "s/^(STABLE_BUILD_TAG|BUILD_TIMESTAMP)\\s+(.*)/export \\1=\\2/p" "{}")'.format(ctx.version_file.path),
         ]
         all_files.append(ctx.info_file)
         all_files.append(ctx.version_file)

From 5d39c882721c6c338bd7a2fa555e90a8bf90db36 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Fri, 19 Jun 2026 08:21:58 +0000
Subject: [PATCH 19/20] cockpit: point SCRIPT_BUNDLE_URLS at the cloud-proxy's
 baked bundle

The cockpit deployment had SCRIPT_BUNDLE_URLS pinned to
https://k8sstormcenter.github.io/pixie/pxl_scripts/bundle.json,
which is updated only by the manual workflow_dispatch
.github/workflows/update_script_bundle.yaml. The cloud-release
pipeline ALREADY bakes a current bundle into
cloud-proxy_server_image as /bundle/bundle-oss.json
(src/cloud/proxy/BUILD.bazel: script_bundle layer), and nginx
serves it at /bundle-oss.json from both the bare-domain and the
work.* subdomain server blocks
(k8s/cloud/base/proxy_nginx_config.yaml lines 270 and 342).

Switch the cockpit overlay to a relative URL ("/bundle-oss.json")
so the UI's fetch resolves against document.baseURI (the proxy
itself) and consumes whatever the release pipeline shipped. This
means cloud-release tags are now self-sufficient: every
skaffold-deploy step picks up the new bundle automatically. The
update_script_bundle workflow stays in place as a fallback but
stops being load-bearing for cockpit.
---
 private/cockpit/script_bundles_config.yaml | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/private/cockpit/script_bundles_config.yaml b/private/cockpit/script_bundles_config.yaml
index 963c4ee6724..93a40deb302 100644
--- a/private/cockpit/script_bundles_config.yaml
+++ b/private/cockpit/script_bundles_config.yaml
@@ -1,4 +1,17 @@
 ---
+# SCRIPT_BUNDLE_URLS is read by openresty (cloud-proxy_server_image) and
+# injected into the UI's `window.__PIXIE_FLAGS__` (see
+# k8s/cloud/base/proxy_nginx_config.yaml's sub_filter + set_by_lua_block).
+# The UI's fetch resolves relative URLs against document.baseURI, which is
+# always the cloud-proxy itself, so a relative `/bundle-oss.json` URL hits
+# the bundle that the cloud-release pipeline bakes into the proxy image as
+# a container layer (src/cloud/proxy/BUILD.bazel `script_bundle` ->
+# /bundle/bundle-oss.json). nginx serves it at the path `/bundle-oss.json`
+# from both server blocks (bare + work.* subdomain,
+# k8s/cloud/base/proxy_nginx_config.yaml lines 270 + 342).
+#
+# Bottom line: every cloud-release tag's bundle now ships with the
+# deployment, no separate update-script-bundle workflow needed.
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -6,7 +19,7 @@ metadata:
 data:
   SCRIPT_BUNDLE_URLS: >-
     [
-    "https://k8sstormcenter.github.io/pixie/pxl_scripts/bundle.json"
+    "/bundle-oss.json"
     ]
   SCRIPT_BUNDLE_DEV: "false"
   PL_SCRIPT_MODIFICATION_DISABLED: "false"

From 87b41f299d711494b86e9821dd2c6f6b647df2e0 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Fri, 19 Jun 2026 09:22:34 +0000
Subject: [PATCH 20/20] dx_evidence_graph: tighten script + bake the soc rig
 DSN as the default

vis.json: drop the verbose description on clickhouse_dsn, set the
soc-cluster DSN as defaultValue so loading the script in cockpit
Just Works without paste-the-DSN ceremony. start_time description
collapsed to one line.

.pxl: drop the 14-line module docstring and the 8-line function
docstring down to one-liners. Keep the arg-list docstring (PxL parses
it for the UI script-args panel) but minus the cross-references.
---
 .../dx_evidence_graph/dx_evidence_graph.pxl   | 25 +++----------------
 src/pxl_scripts/px/dx_evidence_graph/vis.json |  6 ++---
 2 files changed, 7 insertions(+), 24 deletions(-)

diff --git a/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
index 52ae0d9dfb9..b5a427b31f3 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
+++ b/src/pxl_scripts/px/dx_evidence_graph/dx_evidence_graph.pxl
@@ -14,32 +14,15 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-''' DX Attack Graph
-
-Severity-weighted, all-protocol pod-to-pod attack graph from dx-agent
-evidence. Reads `dx_attack_graph` from the forensic ClickHouse via
-this fork's `clickhouse_dsn` kwarg on `px.DataFrame`
-(`src/carnot/planner/objects/dataframe.cc:43`). Schema matches the
-`attackgraph.Edge` contract dx-agent locked in via entlein/dx#68
-(see README.md in this directory).
-
-2-arg signature (start_time, clickhouse_dsn) matches the
-`globalFuncs` entry in vis.json. Per-investigation filtering is a
-follow-up — PxL has no `if` statement and Pixie's convention for
-optional filters is to omit them rather than gate at script level.
-'''
+''' DX Attack Graph: pod-to-pod hops weighted by dx evidence severity. '''
 import px
 
 
 def dx_attack_graph(start_time: str, clickhouse_dsn: str):
-    ''' Pod-to-pod attack graph for dx investigations in the window.
+    ''' Read forensic_db.dx_attack_graph and return the edge columns.
     Args:
-    @start_time: relative start, e.g. "-15m".
-    @clickhouse_dsn: ClickHouse DSN — `user:pass@host:port/db`. The
-        forensic_db.dx_attack_graph table is read with this. The
-        bundled vis.json defaults this to empty; operators paste the
-        per-rig DSN via the UI script-args panel. README.md documents
-        the soc rig DSN.
+    @start_time: e.g. "-15m".
+    @clickhouse_dsn: user:pass@host:port/db.
     '''
     df = px.DataFrame('dx_attack_graph',
                       clickhouse_dsn=clickhouse_dsn,
diff --git a/src/pxl_scripts/px/dx_evidence_graph/vis.json b/src/pxl_scripts/px/dx_evidence_graph/vis.json
index cf8432a574e..fd8a692d875 100644
--- a/src/pxl_scripts/px/dx_evidence_graph/vis.json
+++ b/src/pxl_scripts/px/dx_evidence_graph/vis.json
@@ -3,14 +3,14 @@
     {
       "name": "start_time",
       "type": "PX_STRING",
-      "description": "Relative start time of the window.",
+      "description": "Start time of the window.",
       "defaultValue": "-15m"
     },
     {
       "name": "clickhouse_dsn",
       "type": "PX_STRING",
-      "description": "ClickHouse DSN — `user:pass@host:port/db`. Required. Per-rig value: see README.md (e.g. forensic_analyst@clickhouse-forensic-soc-db.clickhouse.svc.cluster.local:9000/forensic_db).",
-      "defaultValue": ""
+      "description": "ClickHouse DSN: user:pass@host:port/db.",
+      "defaultValue": "forensic_analyst:changeme-analyst@clickhouse-forensic-soc-db.clickhouse.svc.cluster.local:9000/forensic_db"
     }
   ],
   "globalFuncs": [