brad/LLM_Engineering_OLD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
88b70bc635338fe5dc55f3352db0d2177a0cf380
LLM_Engineering_OLD/week8/community_contributions/salah/gitops-guardian
History

README.md

GitOps Guardian

AI-powered multi-agent system for automated security and compliance review of GitOps pull requests.

What It Does

GitOps Guardian automatically reviews pull requests in GitOps repositories to identify security risks and compliance violations before code reaches production. It uses a multi-agent architecture combining AI-powered security analysis with rule-based Kubernetes best practices validation.

Key Features

  • Multi-Agent Architecture: Four specialized agents (Scanner, Security, Compliance, Ensemble)
  • Security Detection: Identifies hardcoded secrets, privileged containers, missing security contexts, insecure RBAC
  • Compliance Validation: Checks for :latest tags, missing resource limits, required labels
  • Risk Scoring: 0-1 risk score with SAFE/REVIEW/RISKY classification
  • Interactive Dashboard: Real-time Gradio web interface
  • Cost Tracking: Monitor OpenAI API costs (~$0.0004 per PR)
  • Export & Comments: Download results as JSON/CSV, post reviews to GitHub PRs
  • Historical Trends: Track risk scores over time

Requirements

  • Python 3.10+
  • GitHub Personal Access Token (repo read permissions)
  • OpenAI API Key
  • GitOps repositories with open pull requests

Quick Start

  1. Install dependencies:
pip install -r requirements.txt
  1. Configure environment:
cp .env.example .env
# Edit .env with your tokens and repository list
  1. Run the application:
python app.py
  1. Open browser at http://localhost:7860

Configuration

Create .env file with:

GITHUB_TOKEN=ghp_your_token
OPENAI_API_KEY=sk_your_key
GITOPS_REPOS=owner/repo1,owner/repo2

Project Structure

gitops-guardian/
├── models.py          # Pydantic data models
├── agents.py          # Multi-agent system (4 agents)
├── app.py             # Gradio UI & orchestration
├── requirements.txt   # Dependencies
└── .env.example       # Configuration template

How It Works

  1. Scanner Agent fetches open PRs from GitHub repositories
  2. Security Agent analyzes diffs using OpenAI GPT-4o-mini for security issues
  3. Compliance Agent validates Kubernetes manifests against best practices
  4. Ensemble Agent combines scores (60% security, 40% compliance) into overall risk
  5. Results displayed in dashboard with recommendations

Week 8 Concepts Applied

  • Multi-agent system with base Agent class and color-coded logging
  • Ensemble pattern with weighted scoring
  • External API integration (GitHub + OpenAI)
  • Pydantic models for type safety
  • Gradio web interface
  • Persistent memory (JSON-based)
  • Real-world DevOps use case

Author

Salah - Week 8: Multi-Agent Systems - LLM Engineering Bootcamp 2025

Reference in New Issue View Git Blame Copy Permalink