Add GitOps Guardian application with multi-agent architecture
This commit is contained in:
Mohamed Salah
@@ -1,87 +0,0 @@
|
||||
# GitOps Guardian
|
||||
|
||||
AI-powered multi-agent system for automated security and compliance review of GitOps pull requests.
|
||||
|
||||
## What It Does
|
||||
|
||||
GitOps Guardian automatically reviews pull requests in GitOps repositories to identify security risks and compliance violations before code reaches production. It uses a multi-agent architecture combining AI-powered security analysis with rule-based Kubernetes best practices validation.
|
||||
|
||||
## Key Features
|
||||
|
||||
- **Multi-Agent Architecture**: Four specialized agents (Scanner, Security, Compliance, Ensemble)
|
||||
- **Security Detection**: Identifies hardcoded secrets, privileged containers, missing security contexts, insecure RBAC
|
||||
- **Compliance Validation**: Checks for :latest tags, missing resource limits, required labels
|
||||
- **Risk Scoring**: 0-1 risk score with SAFE/REVIEW/RISKY classification
|
||||
- **Interactive Dashboard**: Real-time Gradio web interface
|
||||
- **Cost Tracking**: Monitor OpenAI API costs (~$0.0004 per PR)
|
||||
- **Export & Comments**: Download results as JSON/CSV, post reviews to GitHub PRs
|
||||
- **Historical Trends**: Track risk scores over time
|
||||
|
||||
## Requirements
|
||||
|
||||
- Python 3.10+
|
||||
- GitHub Personal Access Token (repo read permissions)
|
||||
- OpenAI API Key
|
||||
- GitOps repositories with open pull requests
|
||||
|
||||
## Quick Start
|
||||
|
||||
1. Install dependencies:
|
||||
```bash
|
||||
pip install -r requirements.txt
|
||||
```
|
||||
|
||||
2. Configure environment:
|
||||
```bash
|
||||
cp .env.example .env
|
||||
# Edit .env with your tokens and repository list
|
||||
```
|
||||
|
||||
3. Run the application:
|
||||
```bash
|
||||
python app.py
|
||||
```
|
||||
|
||||
4. Open browser at `http://localhost:7860`
|
||||
|
||||
## Configuration
|
||||
|
||||
Create `.env` file with:
|
||||
```bash
|
||||
GITHUB_TOKEN=ghp_your_token
|
||||
OPENAI_API_KEY=sk_your_key
|
||||
GITOPS_REPOS=owner/repo1,owner/repo2
|
||||
```
|
||||
|
||||
## Project Structure
|
||||
|
||||
```
|
||||
gitops-guardian/
|
||||
├── models.py # Pydantic data models
|
||||
├── agents.py # Multi-agent system (4 agents)
|
||||
├── app.py # Gradio UI & orchestration
|
||||
├── requirements.txt # Dependencies
|
||||
└── .env.example # Configuration template
|
||||
```
|
||||
|
||||
## How It Works
|
||||
|
||||
1. **Scanner Agent** fetches open PRs from GitHub repositories
|
||||
2. **Security Agent** analyzes diffs using OpenAI GPT-4o-mini for security issues
|
||||
3. **Compliance Agent** validates Kubernetes manifests against best practices
|
||||
4. **Ensemble Agent** combines scores (60% security, 40% compliance) into overall risk
|
||||
5. Results displayed in dashboard with recommendations
|
||||
|
||||
## Week 8 Concepts Applied
|
||||
|
||||
- Multi-agent system with base Agent class and color-coded logging
|
||||
- Ensemble pattern with weighted scoring
|
||||
- External API integration (GitHub + OpenAI)
|
||||
- Pydantic models for type safety
|
||||
- Gradio web interface
|
||||
- Persistent memory (JSON-based)
|
||||
- Real-world DevOps use case
|
||||
|
||||
## Author
|
||||
|
||||
Salah - Week 8: Multi-Agent Systems - LLM Engineering Bootcamp 2025
|
||||
Reference in New Issue
Block a user