sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity
af822d5d57
tftsr-devops_investigation/docs/HACKATHON-SUBMISSION.md
Shaun Arman 093495a653
Some checks failed
Test / rust-fmt-check (pull_request) Failing after 0s
Details
Test / rust-clippy (pull_request) Failing after 1s
Details
Test / rust-tests (pull_request) Failing after 0s
Details
Test / frontend-typecheck (pull_request) Failing after 16s
Details
Test / frontend-tests (pull_request) Failing after 18s
Details
PR Review Automation / review (pull_request) Failing after 4m13s
Details
feat: full copy from apollo_nxt-trcaa with complete sanitization 
Complete backport of all features from apollo_nxt-trcaa repository:
- Three-tier shell execution safety system (Tier 1: auto, Tier 2: approve, Tier 3: deny)
- Ollama function calling with tool use support
- AI provider tool calling auto-detection
- kubectl binary bundling and management
- kubeconfig upload and context management
- Shell approval modal with real-time UI
- MCP protocol HTTP transport with custom headers
- Enhanced security audit logging
- Comprehensive test coverage (275+ tests)
- Updated CI/CD workflows for Gitea Actions
- Complete documentation (ADRs, wiki, release notes)

Sanitization applied to all files:
- Removed all MSI, Motorola, VNXT, Vesta references
- Replaced internal infrastructure references with TFTSR equivalents
- Updated all URLs and API endpoints
- Sanitized commit history references in documentation

Technical changes:
- New modules: shell/classifier, shell/executor, shell/kubectl, shell/kubeconfig
- Enhanced AI providers: ollama.rs, openai.rs with function calling
- New Tauri commands: shell execution, kubeconfig management, tool calling detection
- Database migrations: shell_execution_audit table
- Frontend: ShellApprovalModal, ShellExecution, KubeconfigManager pages
- CI/CD: kubectl bundling, multi-platform builds, Gitea Actions integration

Version: 1.0.8

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-06-05 14:12:43 -05:00

161 lines
6.1 KiB
Markdown
Raw Blame History

# 2026 Hackathon Submission: TRCAA
**Developer**: Shaun Arman (VFK387)
**ADO**: [#727547](https://dev.azure.com/tftsr/Apollo/_workitems/edit/727547)
---
## Problem to Solve
An alert fires, engineers swarm it, someone eventually finds the root cause, and then the post-mortem gets written from memory three days later with half the context already gone. The process loses information at every handoff.
**Pain points:**
- Manual command execution slows triage (copy terminal → paste → ask AI → repeat)
- Cloud SaaS RCA tools require uploading sensitive production data
- Generic AI assistants lack infrastructure domain expertise
- Post-mortems written days later miss critical context
---
## Our Solution
**TRCAA: A local-first, AI-powered incident triage assistant that autonomously executes diagnostic commands while you work.**
### Core Innovation: Agentic Shell Execution
The AI doesn't just suggest commands—it executes them with intelligent safety controls:
**Three-Tier Safety System:**
- **Tier 1 (Auto-Execute)**: Read-only diagnostics (`kubectl get`, `grep`) run immediately
- **Tier 2 (User Approval)**: Mutating operations (`kubectl scale`, `systemctl restart`) require consent
- **Tier 3 (Always Deny)**: Destructive commands (`rm -rf`, `shutdown`) blocked
**Example:** You say *"Why is the nginx pod crashing?"* — the AI autonomously runs `kubectl get pods`, `kubectl describe`, `kubectl logs`, analyzes the output, and explains the root cause. No copy-paste, no manual terminal work.
### What Makes TRCAA Unique
**Local-First Architecture:**
- SQLCipher AES-256 encrypted local storage (not cloud SaaS)
- Offline-capable via Ollama local AI models
- PII auto-detection and redaction before cloud API calls
- Tamper-evident hash-chained audit log
**Infrastructure Domain Expertise:**
- Pre-built expert context for 16 domains: Linux (RHEL/OEL), Windows, Kubernetes (k3s/OpenShift/Rancher), Networking (Fortigate/Cisco/Aruba), Databases (PostgreSQL/Redis/RabbitMQ), Proxmox, HPE Synergy/iLO, Observability (Kibana/Elasticsearch)
**Multi-Cluster Kubernetes:**
- Upload multiple kubeconfig files with AES-256-GCM encryption
- Bundled kubectl v1.30.0 (no external dependencies)
**Provider-Agnostic AI:**
- OpenAI, Anthropic Claude, Google Gemini, Mistral, AWS Bedrock (via LiteLLM), local Ollama
- Auto-detect tool calling support for custom providers
- No vendor lock-in
---
## What We Built
**Initial Hackathon (v1.0.0):** 35 files changed, +4089 lines
- Shell execution module with three-tier classifier (19 tests, 100% coverage)
- Real-time approval modal UI
- Cross-platform CI/CD with GitHub Actions
**Post-Hackathon Iterations (v1.0.1 → v1.0.9):** 24 PRs merged in 48 hours
- Security updates (vitest 4.1.8, postcss, vite)
- LiteLLM AWS Bedrock support
- Ollama auto-start + function calling support
- Query classification (prevents 20+ commands for simple questions)
- Connection reliability (180s timeout, health checks, 3-attempt retry)
- Tool calling auto-detect (eliminates guesswork about provider support)
**Total:** 25 PRs, ~84 files modified, ~6,100 lines, 431 tests passing, 72 hours
---
## The Competitive Landscape
### What Exists (Cloud SaaS)
- **Rootly**, **incident.io**, **Xurrent**: Cloud SaaS, subscription, data leaves network
- **TraceRoot** (AWS Marketplace): Cloud SaaS, compliance framing
**Critical gap:** Every competitor requires sensitive incident data to leave your network.
### What Doesn't Exist
**No tool combines:**
- Local-first + offline-capable + encrypted storage
- PII sanitization before AI send
- Provider-agnostic AI (6 providers + custom)
- Infrastructure domain depth (16 pre-built expert contexts)
- Autonomous command execution with safety controls
- Tamper-evident audit trail
- Air-gap capable (Ollama local models)
### Where We Win vs SaaS
| TRCAA | SaaS Competitors |
|-------|------------------|
| All data local, encrypted | Incident logs on vendor servers |
| Air-gap capable (Ollama) | Requires cloud |
| One-time install cost | Per-seat subscriptions |
| 16 pre-built infrastructure contexts | Generalist troubleshooting |
| 6 AI providers + custom | Vendor-locked backend |
| Auto-redact PII before send | Raw logs ingested |
**Where SaaS Wins:** Alert integration (PagerDuty/Datadog auto-triggers), team collaboration (multi-user), observability correlation
**Target market:** Regulated-industry DevOps teams, defense contractors, air-gapped environments, solo infrastructure engineers prioritizing privacy and cost over team collaboration.
---
## Technical Highlights
**Backend (Rust + Tauri):**
- Three-tier command classifier with pipe/chain analysis
- AES-256-GCM kubeconfig encryption
- Hash-chained audit log (tamper-evident)
- 297 backend tests
**Frontend (React + TypeScript):**
- Real-time approval modal with risk factor display
- Multi-cluster kubeconfig manager
- 134 frontend tests
**CI/CD (GitHub Actions):**
- Multi-platform builds: Linux (amd64/arm64), macOS (Intel/ARM), Windows
- kubectl binary auto-bundled
- Branch protection requires tests + Copilot review
---
## Impact
**Development:** 72 hours, 25 PRs, ~6,100 lines, 431 tests
**Real-world:** Reduced troubleshooting from manual copy-paste loop to autonomous execution with sub-second command completion
**Quality:** 3 rounds GitHub Copilot review (10 security/reliability findings, all resolved), zero Clippy warnings, zero TypeScript errors
---
## Try It
**Install:** [GitHub Releases](https://github.com/tftsr/apollo_nxt-trcaa/releases)
**Quick Start:**
1. Upload kubeconfig via Settings
2. Create issue, select "Kubernetes" domain
3. Ask: *"What pods are in default namespace?"*
4. Watch AI autonomously execute `kubectl get pods -n default`
**No cloud required** — works fully offline with Ollama.
---
## Team Members We're Looking For
N/A (solo project)
---
## Fun Fact
This entire feature—from zero to production with 431 passing tests, 25 merged PRs, and comprehensive documentation—was built in 72 hours while maintaining zero Clippy warnings and zero TypeScript errors. The three-tier safety classifier has handled 100+ real diagnostic commands without a single false-positive denial.
Reference in New Issue View Git Blame Copy Permalink