Module report 

The Report envelope - a structured, frontend-renderable result.

Plugins produce one PluginResult::Json { name: "report", ... } per task containing a Report. The scheduler tags that row with role='report' in the task_results table and the API aggregates it into the task view.

The envelope has two layers:

• A semantic layer (verdict, indicators, ttps, artifacts) the platform understands and can query across tasks.
• A presentation layer (sections of typed Blocks) the frontend renders generically. Unknown block types degrade to a JSON tree view on the client, so adding new variants is never a breaking change.

See builder for the ergonomic ReportBuilder API.

Re-exports

pub use builder::ReportBuilder;

pub use builder::SectionBuilder;

Modules

builder

Fluent builder API for constructing Reports.

Structs

ArtifactRef

A reference to a sibling PluginResult produced by the same plugin in the same task - used by Block::Image / Block::Download to resolve artifact URLs on the frontend.

Column

Column definition for a Block::Table.

GraphEdge

A directed edge in a Block::Graph.

GraphNode

A node in a Block::Graph.

Indicator

An indicator of compromise. kind is an open vocabulary so plugins can emit kinds the SDK doesn’t know about yet; the frontend renders any kind. Common values: sha256, md5, sha1, ipv4, ipv6, domain, url, email, mutex, registry, filepath, yara_rule.

KvPair

A single key-value pair for Block::Kv.

PluginInfo

Identity of the plugin that produced a report.

Report

A plugin’s structured analysis result for a single task.

Section

A named section in the report’s presentation layer. Each section has a title and a list of renderable Blocks.

TimelineEvent

A single event on a Block::Timeline.

TreeNode

A node in a Block::Tree (e.g. a process or directory entry).

Ttp

A MITRE ATT&CK technique observation. id uses the canonical T#### (or T####.### for sub-techniques) form.

Verdict

The plugin’s overall assessment of the analyzed sample.

Enums

Block

A renderable block. The frontend dispatches on type; unknown types are rendered as a JSON tree so additions are non-breaking.

CalloutLevel

Severity level for a Block::Callout, controlling its color and icon.

Classification

Threat classification assigned by a plugin’s verdict.

Confidence

How confident a plugin is in its Classification.

Constants

REPORT_RESULT_NAME

The well-known result_name the scheduler and API use to identify a report envelope among a task’s outputs. Defined in malbox-plugin-transport so the SDK and scheduler share the same constant without a direct dep. Well-known result_name for a plugin’s structured report envelope.

SCHEMA_VERSION

Current schema version of the report envelope.

Functions

default_column_type 🔒