Skip to content

major grafana updates#27

Merged
simsteward merged 2 commits intomainfrom
feature/log-sentinel-v2
Apr 1, 2026
Merged

major grafana updates#27
simsteward merged 2 commits intomainfrom
feature/log-sentinel-v2

Conversation

@simsteward
Copy link
Copy Markdown
Owner

@simsteward simsteward commented Mar 26, 2026

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 26, 2026
View reviewed changes
observability/local/log-sentinel/Dockerfile
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
EXPOSE 8081
CMD ["python", "app.py"]

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: dockerfile.security.missing-user.missing-user Error

By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
observability/local/log-sentinel/app.py
if __name__ == "__main__":
t = threading.Thread(target=sentinel.start, daemon=True)
t.start()
app.run(host="0.0.0.0", port=8081, debug=False)

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: python.flask.security.audit.app-run-param-config.avoid_app_run_with_bad_host Warning

Running flask app with host 0.0.0.0 could expose the server publicly.
@wgutmann @claude
feat: log-sentinel v3 tiered agent architecture + Grafana alerting
ba829ab 
Replaces detector/flow/investigator pattern with a 3-tier agent system:
- T1: fast triage (summary + anomaly scan, evidence packet builder)
- T2: deep investigation (reads evidence packets from Loki, Sentry integration)
- T3: synthesis (session narratives, baseline updates, regression detection)

Supporting modules: analyst, baseline, evidence, narrative, timeline, trace,
circuit_breaker, loki_handler, ollama_client, prompts.

Adds Grafana alert rules (8 domains, 46 rules) with webhook trigger integration
into the sentinel cycle. Updates all 5 Grafana dashboards for v3 event names.

Also fixes DataCaptureSuite preflight seek to use ReplaySearch(ToEnd) instead
of frame-based seek — avoids stale ReplayFrameNumEnd reading session start state.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@simsteward simsteward merged commit e8c407e into main Apr 1, 2026
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@simsteward @github-advanced-security @wgutmann