The five problems this product exists to solve, written the way I hit them: the constraint, the engineering, and where each one stands. Where no off-the-shelf answer existed, I built my own. Everything below ships in v474 unless it's explicitly marked as in development.
orjson handling multi-megabyte chunks. A
DiskBackedDict storage layer that swaps in-memory dicts for SQLite tables behind
LRU RAM caches — WAL mode, tuned durability — so the working set stays bounded no matter how
large the tenant is. Adaptive API rate limiting with named profiles (ultra-conservative
through aggressive) that hot-apply mid-run, chunk sizing aligned to Tenable's own developer
guidance, and milestone publishing at 25/50/75/100% so the dashboard fills progressively
instead of wedging on per-chunk updates.ttm escalate-cve
and bulk-escalate-past-sla CLIs; CMDB push gated by
snow_link_verified.fetch_asm_aggregate() on a background thread, the
agg_asm dashboard metric, and the token-handling policy in the module source.{obj.__class__...} attribute traversal). No library gave me
"operator-editable templates that provably cannot introduce new behavior."literal,
binding (dotted-path lookup against the CVE/asset context), template
(a safe renderer I wrote that rejects dunder access, indexing, and eval-like patterns while
still supporting date/number format specs), and derived (a closed, whitelisted
derivation registry — profile JSON cannot register new rules). Profiles are stored
Fernet-encrypted with an HMAC integrity tag under a key deliberately different from the
dispatcher's primary vault key. The live SNOW client behind it refuses plain HTTP at
construction time — no verify_ssl=False flag exists to misuse.__class__, [0], !r), tamper and wrong-key cases on the
profile store, and wire-format/retry-classification tests on the client.