Initial commit: SIC harness (backend, web, pi-adapter, configs, docs)

- pnpm monorepo: apps/api (Fastify + SQLite + SSE), apps/web (React+Vite), packages/shared, packages/pi-adapter
- Local auth (admin/webhook-runner roles) + Keycloak JWT ready
- Multi-session chat with reliable history (user persisted before LLM, assistant persisted after stream)
- Markdown knowledge base with /api/docs/search + /api/docs/:id
- YAML webhook catalog with backend-only execution, retry/backoff, audit (webhook_runs), and per-user rate limit
- Skills config (sre-on-call, blameless-postmortem, security-incident) injected into LLM system prompt
- LLM provider failover chain (config/models.yml fallback + LLM_FALLBACK_CHAIN override)
- Context-aware webhooks panel + backend id-mention safety net
- Per-message stats (time/duration/tokens/model), Markdown+GFM render, code & table copy/download buttons
- Vitest suite, end-to-end smoke test (scripts/smoke.mjs), per-session system prompt override
- /metrics Prometheus endpoint + /api/metrics JSON, request-id correlation
- dotenv with explicit repo-root path; envString/envNumber helpers (handles empty-string env)
- Runbooks + SOPs under knowledge/ in English; README, docs, and INDEX.md in English
This commit is contained in:
2026-06-29 16:20:53 +02:00
commit 62728b2200
89 changed files with 11992 additions and 0 deletions

43
config/skills.yml Normal file
View File

@@ -0,0 +1,43 @@
# Skills are prompt fragments injected into the LLM's system prompt.
# They are persona/behavior customizations, NOT capabilities: the model still
# only recommends actions and the backend executes them.
#
# Fields:
# id stable identifier (kebab-case recommended)
# name human-readable label
# description what the skill does (safe to expose via /api/skills)
# enabled whether the fragment is injected (true/false)
# prompt the system prompt fragment to inject
#
# All skills are loaded at API boot. Restart the API after editing this file.
skills:
- id: sre-on-call
name: SRE on-call mode
description: Respond as a senior SRE handling a production page.
enabled: true
prompt: |
You are responding as a senior SRE who is on-call. Be concise and operational.
Always reference the runbook ids from internal_docs when relevant. Prefer
concrete actions over abstract advice. When the user's intent is ambiguous,
ask one short clarifying question instead of guessing.
- id: blameless-postmortem
name: Blameless postmortem writer
description: Help write blameless postmortems using the standard template.
enabled: true
prompt: |
When the user asks for a postmortem or incident review, follow the
postmortem runbook template exactly. Use blameless language: focus on
systemic causes and contributing factors, never on individual blame.
The output must include: Summary, Timeline, Root cause, What went well,
What went wrong, Corrective actions, Lessons learned.
- id: security-incident
name: Security incident response
description: Guide containment and coordination for security incidents.
enabled: false
prompt: |
When the user describes a security incident, prioritize containment and
evidence preservation before root-cause analysis. Recommend involving the
Security IR team and the Communications Lead. Never suggest actions that
would destroy forensic evidence.