Source of Truth (Canonical Facts)
This page is the canonical reference for facts that commonly drift in documentation.
If you update architecture, ports, runtime versions, or agent topology, update this page in the same pull request.
Runtime and Tooling Baselines
These values are sourced from project configuration and runtime manifests.
| Area | Canonical Value | Source |
|---|---|---|
| Python runtime | >=3.12 | pyproject.toml |
| Ruff target | py312 | pyproject.toml |
| Mypy version target | 3.12 | pyproject.toml |
| Dashboard Node.js | 22 recommended | dashboard/package.json + CI |
| Docs Node.js | >=18 supported | docs/package.json |
| Rust | 1.83+ | Makefile + CI |
Agent Topology (Canonical)
AuroraSOC has 17 agents total:
- 1 orchestrator
- 16 specialist agents
Specialists:
- SecurityAnalyst
- ThreatHunter
- MalwareAnalyst
- IncidentResponder
- NetworkSecurity
- NetworkAnalyzer
- CPSSecurity
- ThreatIntel
- UEBAAnalyst
- ForensicAnalyst
- EndpointSecurity
- WebSecurity
- CloudSecurity
- ComplianceAnalyst
- VulnerabilityManager
- ReportGenerator
A2A Ports (Canonical)
| Agent | Port |
|---|---|
| Orchestrator | 9000 |
| SecurityAnalyst | 9001 |
| ThreatHunter | 9002 |
| MalwareAnalyst | 9003 |
| IncidentResponder | 9004 |
| NetworkSecurity | 9005 |
| WebSecurity | 9006 |
| CloudSecurity | 9007 |
| CPSSecurity | 9008 |
| ThreatIntel | 9009 |
| EndpointSecurity | 9010 |
| UEBAAnalyst | 9011 |
| ForensicAnalyst | 9012 |
| ComplianceAnalyst | 9013 |
| VulnerabilityManager | 9014 |
| ReportGenerator | 9015 |
| NetworkAnalyzer | 9016 |
Data and Event Plane (Canonical)
| Component | Purpose |
|---|---|
| PostgreSQL | Relational persistence for cases, alerts, approvals, reports |
| Redis | Streams, cache, and operational runtime state |
| pgvector (PostgreSQL ext.) | Vector search for memory and similarity workflows |
| NATS JetStream | Durable event federation |
| Mosquitto MQTT | CPS/IoT ingress channel |
Documentation Rules to Prevent Drift
-
Do not hard-code moving counts when avoidable. Use phrasing such as "multiple", "dozens", or provide generated references.
-
If exact counts are required, tie them to source files. For example, agent topology must match
aurorasoc/agents/factory.pyand settings ports must matchaurorasoc/config/settings.py. -
Update docs and code together. Every change in these files must include doc review:
aurorasoc/agents/factory.pyaurorasoc/config/settings.pyaurorasoc/api/main.pyaurorasoc/tools/pyproject.tomldashboard/package.json
- Prefer generated API references for endpoints. Manual endpoint tables are useful for explanation, but OpenAPI should remain the protocol source of truth.
Quick Audit Checklist
Use this checklist before merging major changes:
- Agent count and names still match factory definitions.
- A2A ports and ranges still match settings.
- Runtime versions in docs match project files.
- User onboarding pages still reflect actual startup commands.
- API examples still authenticate and execute successfully.