manojmallick/guardian

GitHub: manojmallick/guardian

面向受监管金融系统的 AI 事件响应自动化平台，实现从告警分级、手册检索、人工审批到合规报告生成的全流程编排。

Stars: 0 | Forks: 0

# 🛡 Guardian ## 面向受监管金融系统的 AI 治理事件响应 **Airia AI Agents Hackathon 2026 · 赛道 2：Active Agents** [![Airia Features](https://img.shields.io/badge/Airia%20Features-16-blue)]() [![Python](https://img.shields.io/badge/Python-3-blue)]() [![Node.js](https://img.shields.io/badge/Node.js-20-green)]() [![Tests](https://img.shields.io/badge/Tests-127%20passing-brightgreen)]() [![Regulatory](https://img.shields.io/badge/DORA%20%7C%20SOX-Compliant-orange)]() ## Guardian 的功能当支付网关在凌晨 2:47 出现性能下降时，Guardian 会在 12 秒内处理整个事件响应流程 —— 无需呼叫、无需 Slack 通知、无需人工创建工单： | # | 节点 | 动作 | 时间 | |---|------|--------|------| | 01 | **Triage Sentinel** | 使用确定性阈值 + AI 推理对严重程度进行分类 (P1/P2/P3) | +3s | | 02 | **Runbook Agent** | 通过 MCP Gateway + Knowledge Graph 检索最相关的 Confluence 运维手册 | +5s | | 03 | **HITL Gate** | 在执行任何自动化操作之前，发送交互式 Slack 审批请求（Block Kit 按钮） | +7s | | 04 | **War Room Coordinator** | 并行创建 Slack 事件频道 + Jira 工单 | +11s | | 05 | **Compliance Narrator** | 生成包含完整 AI 决策审计追踪的 DORA/SOX 事后分析报告 | async | **零人工协调。完整的 DORA Article 11 + SOX Section 404 合规记录。全自动。** ## 架构 ``` PagerDuty Webhook │ ▼ (Airia Webhook Trigger) ┌──────────────────────────────────────────────────────────────┐ │ NODE 01 — Triage Sentinel [node_01_triage.py] │ │ Deterministic P1/P2/P3 classification + Claude AI reasoning │ │ Output: severity, confidence, reasoning │ └──────────────────────────────┬───────────────────────────────┘ │ ▼ (Airia Agent Variables) ┌──────────────────────────────────────────────────────────────┐ │ NODE 02 — Runbook Agent [node_02_runbook.py] │ │ Confluence MCP Gateway + Knowledge Graph semantic search │ │ Output: runbook title, URL, steps │ └──────────────────────────────┬───────────────────────────────┘ │ ▼ (Airia Agent Variables) ┌──────────────────────────────────────────────────────────────┐ │ NODE 03 — HITL Gate [node_03_hitl.py] │ │ Posts Slack Block Kit approval card → Airia HITL Node │ │ Output: hitl.decision, hitl.approver, hitl.approved_at │ └──────────────────────────────┬───────────────────────────────┘ │ (on Approve) ▼ (Airia Agent Variables) ┌──────────────────────────────────────────────────────────────┐ │ NODE 04 — War Room Coordinator [node_04_warroom.py] │ │ Slack Channels API → create #inc-* channel │ │ Jira REST API → create INC ticket (priority Highest/High) │ │ Output: slack_channel_url, jira_ticket, jira_url │ └──────────────────────────────┬───────────────────────────────┘ │ (on incident resolve) ▼ (Airia Agent Variables) ┌──────────────────────────────────────────────────────────────┐ │ NODE 05 — Compliance Narrator [node_05_narrator.py] │ │ Builds DORA/SOX audit timeline + post-mortem record │ │ Output: governance_entry, compliance_status, postmortem_url │ └──────────────────────────────────────────────────────────────┘ ``` ## 技术栈 | 层级 | 技术 | |-------|-----------| | Agent Platform | [Airia Agent Studio](https://airia.ai) — 使用了 16 项功能 | | Node Code | Python 3 (`airia-ready/` — 可直接粘贴至 Airia Studio) | | Tooling & Tests | Node.js 20 ESM (`scripts/`, `tests/`, `community/`) | | Alert Source | PagerDuty Events API v2 | | Runbooks | Atlassian Confluence（通过 Airia MCP Gateway） | | Human Approval | Slack Block Kit → Airia HITL Node | | War Room | Slack Channels API + Jira REST API | | Compliance | DORA Article 11, SOX Section 404, EU AI Act | ## 使用的 Airia 功能 (16) 1. Webhook Trigger 2. Python Code Block (×5 nodes) 3. AI Model Call (Claude 3.5 Sonnet) 4. Structured Output / Schema Validation 5. Agent Variables (pipeline state) 6. Knowledge Graph (semantic runbook search) 7. MCP Gateway — Confluence 8. MCP Gateway — Slack 9. MCP Gateway — Jira 10. MCP Apps (interactive Slack buttons) 11. Human-in-the-Loop (HITL) Node 12. Nested Agents (war room sub-agents) 13. Document Generator (post-mortem PDF) 14. Governance Dashboard 15. Compliance Automation 16. Airia Community Modules (×3 published) ## 社区 Modules 三个独立的模块已发布到 Airia Community —— 可 fork 并用于任何技术栈，无需 Airia： | Module | 功能 | Folder | |--------|-------------|--------| | **Triage Sentinel** | 确定性 P1/P2/P3 分类 + AI 推理。支持 PagerDuty、OpsGenie、Datadog、CloudWatch | [community/triage-sentinel](community/triage-sentinel/) | | **War Room Coordinator** | 并行创建 Slack 事件频道 + Jira 工单，耗时不到 5 秒 | [community/warroom-coordinator](community/warroom-coordinator/) | | **Compliance Narrator** | 根据任何事件上下文生成 DORA/SOX/HIPAA/FISMA 审计追踪 | [community/compliance-narrator](community/compliance-narrator/) | ## 仓库结构 ``` airia-ready/ ← Python nodes — paste these directly into Airia Studio node_01_triage.py node_02_runbook.py node_03_hitl.py node_04_warroom.py node_05_narrator.py community/ ← Standalone Node.js modules (no Airia dependency) triage-sentinel/ warroom-coordinator/ compliance-narrator/ nodes/ ← Node.js reference implementations (used by Jest tests) config/ ← Shared config (Airia endpoint, thresholds, services) scripts/ ← Demo trigger, seed scripts, setup checker tests/ ← 127 Jest unit + integration tests docs/ ← Architecture reference, runbooks mocks/ ← PagerDuty + Confluence fixture payloads screenshots/ ← Live demo screenshots (PagerDuty → Airia → Slack → Jira → Confluence) ``` ## 快速开始 ``` git clone https://github.com/manojmallick/guardian cd guardian cp .env.example .env # Add your credentials (see .env.example) npm install node scripts/setup.js # Verify all service connections node scripts/seed-confluence.js # Seed Confluence with 4 runbook pages npm run demo # Fire a P1 payment-gateway alert end-to-end ``` ### 必需的 `.env` 配置项 ``` AIRIA_API_KEY= AIRIA_PIPELINE_ID= PAGERDUTY_INTEGRATION_KEY= SLACK_BOT_TOKEN= SLACK_ONCALL_CHANNEL= JIRA_BASE_URL= JIRA_EMAIL= JIRA_API_TOKEN= JIRA_PROJECT_KEY= CONFLUENCE_BASE_URL= CONFLUENCE_EMAIL= CONFLUENCE_API_TOKEN= CONFLUENCE_SPACE_KEY= ``` ### npm Scripts | 命令 | 功能 | |---------|-------------| | `npm run demo` | 触发一个真实的 P1 告警 —— PagerDuty + 完整 Airia 流水线 | | `npm test` | 运行全部 127 个 Jest 测试 | | `npm run setup` | 检查所有服务连接 | | `npm run seed:confluence` | 向 Confluence 添加 4 份运维手册 | | `npm run seed:kg` | 初始化 Airia Knowledge Graph | | `npm run postmortem:gen` | 在本地生成事后分析 PDF | | `npm run lint` | 对所有 JS 源码运行 ESLint | ## 端到端输出（实时运行） ``` { "incident_id": "INC-2603192222", "severity": "P1", "confidence": 94, "slack_channel": "#inc-2603192222-payment-gateway", "jira_ticket": "INC-5", "governance_entry": "GOV-INC-2603192222-20260320", "compliance_status": "DORA_SOX_COMPLIANT", "postmortem_pdf_url": "https://guardian-vvd5824.slack.com/archives/C0AN4NHPSNM" } ``` ## 演示请参阅 [demo.md](demo.md) 获取完整的 4 分钟演示指南 —— 包括浏览器设置、要点讲解以及每一步的展示内容。 ## Demo 截图 ### 🚨 步骤 1 — PagerDuty 中触发告警 **事件仪表盘** —— Guardian 触发的 P1 告警在 webhook 触发的那一刻就会出现。 ![PagerDuty Incidents Dashboard](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/212df19773150016.png) **事件详情** —— `[GUARDIAN] payment-gateway degradation` 自动分类、分配并升级。 ![PagerDuty Incident Detail](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/5482033084150026.png) ### 🤖 步骤 2 — Airia Pipeline 执行 **Guardian pipeline 画布 (v15.00 · Published)** —— 在 Airia Agent Studio 中端到端连接的所有五个节点。 ![Airia Pipeline Canvas](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/7285817fa8150036.png) **运行步骤** —— 各节点依次完成；整个流水线在 **3.6 秒** 内成功执行。 ![Airia Run Steps](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/3b5ebaddce150046.png) **运行时间线** —— 节点执行的甘特图视图：Triage (61ms) → Runbook (664ms) → HITL Gate (285ms) → War Room (2.3s) → Compliance (64ms)。 ![Airia Run Timeline](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/92edd5589d150057.png) ### 📋 步骤 3 — 从 Confluence 获取 Runbook 节点 02 通过 Airia MCP Gateway + Knowledge Graph 从 Confluence 检索精确的运维手册。 ![Confluence Runbook](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/a162614e07150109.png) ### ✅ 步骤 4 — HITL 审批 & War Room 创建 **Slack Guardian 私信** —— 每次触发事件都会收到多条 war-room 激活消息。 ![Slack Guardian War Rooms List](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/0240d1ffbc150121.png) **War room 频道** —— `#inc-*-payment-gateway` 自动创建，内容完整：分类结果、运维手册步骤、Jira 工单、HITL 审批人以及 on-call 抄送。 ![Slack War Room Channel](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/7f3181ab5c150134.png) ### 🎫 步骤 5 — Jira 工单自动创建优先级为 **Highest**，带有 `dora-tracked` + `guardian-automated` 标签，关联到 Guardian 审计会话 —— 零人工输入。 ![Jira Incident Ticket](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/b154d6cacc150145.png) ### 🛡 步骤 6 — DORA/SOX 合规输出 **Pipeline JSON 输出** —— 完整审计追踪：分类推理、运维手册检索来源、HITL 决策、war-room URL 以及 `compliance_status: DORA_SOX_COMPLIANT` —— 全部在一个结构化 payload 中。 ![Airia Compliance JSON Output](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/6f718d9daa150156.png) ## 作者 **Manoj Mallick** — Solution Architect，15+ 年金融科技经验 Amsterdam, Netherlands [github.com/manojmallick](https://github.com/manojmallick)

标签：AIOps, AI智能体, Claude AI, DORA合规, GNU通用公共许可证, Jira集成, MITM代理, Node.js, Python, Runbook自动化, Slack集成, SOX合规, 事后复盘, 人机交互, 分诊系统, 合规科技, 审计追踪, 无后门, 自动化运维, 自定义脚本, 逆向工具, 金融科技, 风控系统, 高可用架构