Initial commit: SIC harness (backend, web, pi-adapter, configs, docs)

- pnpm monorepo: apps/api (Fastify + SQLite + SSE), apps/web (React+Vite), packages/shared, packages/pi-adapter
- Local auth (admin/webhook-runner roles) + Keycloak JWT ready
- Multi-session chat with reliable history (user persisted before LLM, assistant persisted after stream)
- Markdown knowledge base with /api/docs/search + /api/docs/:id
- YAML webhook catalog with backend-only execution, retry/backoff, audit (webhook_runs), and per-user rate limit
- Skills config (sre-on-call, blameless-postmortem, security-incident) injected into LLM system prompt
- LLM provider failover chain (config/models.yml fallback + LLM_FALLBACK_CHAIN override)
- Context-aware webhooks panel + backend id-mention safety net
- Per-message stats (time/duration/tokens/model), Markdown+GFM render, code & table copy/download buttons
- Vitest suite, end-to-end smoke test (scripts/smoke.mjs), per-session system prompt override
- /metrics Prometheus endpoint + /api/metrics JSON, request-id correlation
- dotenv with explicit repo-root path; envString/envNumber helpers (handles empty-string env)
- Runbooks + SOPs under knowledge/ in English; README, docs, and INDEX.md in English
This commit is contained in:
2026-06-29 16:20:53 +02:00
commit 62728b2200
89 changed files with 11992 additions and 0 deletions

81
config/webhooks.yml Normal file
View File

@@ -0,0 +1,81 @@
webhooks:
- id: vpn-diagnostic
label: Run VPN diagnostic
description: Runs a diagnostic on the VPN server and returns latency and health metrics.
method: POST
url: ${WEBHOOK_VPN_DIAGNOSTIC_URL}
required_roles:
- webhook-runner
confirmation_required: true
payload_template:
source: pi-chat
user_id: "{{user.id}}"
session_id: "{{session.id}}"
last_user_message: "{{chat.last_user_message}}"
- id: service-restart
label: Restart service
description: Restarts a system service. The service name is read from the payload.
method: POST
url: ${WEBHOOK_SERVICE_RESTART_URL}
required_roles:
- webhook-runner
- sre
confirmation_required: true
payload_template:
source: pi-chat
user_id: "{{user.id}}"
session_id: "{{session.id}}"
service: "{{payload.service}}"
last_user_message: "{{chat.last_user_message}}"
- id: dns-flush
label: Flush local DNS
description: Clears the local DNS cache and returns the result.
method: POST
url: ${WEBHOOK_DNS_FLUSH_URL}
required_roles:
- webhook-runner
confirmation_required: true
payload_template:
source: pi-chat
user_id: "{{user.id}}"
session_id: "{{session.id}}"
last_user_message: "{{chat.last_user_message}}"
- id: disk-cleanup
label: Clean /tmp
description: Removes files in /tmp older than 7 days.
method: POST
url: ${WEBHOOK_DISK_CLEANUP_URL}
required_roles:
- webhook-runner
- sre
confirmation_required: true
payload_template:
source: pi-chat
user_id: "{{user.id}}"
session_id: "{{session.id}}"
last_user_message: "{{chat.last_user_message}}"
- id: log-tail
label: Tail service log
description: Returns the last N lines of a service log.
method: GET
url: ${WEBHOOK_LOG_TAIL_URL}
required_roles:
- webhook-runner
confirmation_required: false
payload_template:
service: "{{payload.service}}"
lines: "{{payload.lines}}"
- id: cache-purge
label: Purge CDN cache
description: Invalidates the CDN cache for the provided paths.
method: POST
url: ${WEBHOOK_CACHE_PURGE_URL}
required_roles:
- webhook-runner
confirmation_required: true
payload_template:
source: pi-chat
user_id: "{{user.id}}"
session_id: "{{session.id}}"
paths: "{{payload.paths}}"
last_user_message: "{{chat.last_user_message}}"