DevOpsAudit

5-Agent spatial pipelines. Live blast-radius tracking. Digital-twin sandbox verification. DevOpsAudit turns million-dollar cloud exposures into safe, autonomous fixes in 60 seconds.

Comment

🛡️ DevOpsAudit

Autonomous AI Infrastructure Guardrail System

DevOpsAudit is a 5-agent autonomous security pipeline built on the Jac programming language. By leveraging Object-Spatial Programming (OSP), it transforms reactive cloud security into a proactive, self-healing mathematical fortress.

🚨 The Problem: The Cost of Cloud Configuration Drift

Today, cloud environments mutate rapidly. Behind the scenes, developers are constantly deploying, tweaking, and debugging—often outside the visibility of security teams.

In the race to ship faster, a developer might temporarily open port 22 on a production security group to SSH in, and simply forget to close it. This "speed trap" has consequences: a single open port can expose critical databases, leading to million-dollar data breaches. Security teams usually find out days or weeks later.

To mitigate this, companies rely on static alerts that require humans to investigate, calculate the financial risk, write a patch, test it, and deploy it. This introduces massive friction, downtime, and human error.

The Question: What if you could detect drift, calculate its financial blast radius, and safely patch it in 60 seconds, autonomously?

💡 The Solution (Inspiration)

This exact dilemma inspired DevOpsAudit.

Imagine an engineer leaves a vulnerability exposed that directly connects to your payment ledger. What do you do?

DevOpsAudit acts as an autonomous digital immune system. It ensures that infrastructure drift is instantly detected, assessed for financial risk, and remediated by AI agents. Crucially, it mathematically guarantees safety by testing the AI-generated patch in an isolated sandbox before committing it to production.

🚀 What It Does

DevOpsAudit is a 5-Agent pipeline powered by Jac's spatial walkers:

  • 📡 Topology Sentinel: Ingests cloud state and traverses the infrastructure graph to instantly detect configuration drift (e.g., unauthorized open ports).
  • 💥 Blast Radius Evaluator: Spawns on compromised nodes and traverses dependency edges to calculate the direct financial exposure of a vulnerability.
  • 🛠️ Remediation Orchestrator: Interfaces with an LLM to generate targeted Infrastructure-as-Code (Terraform) patches.
  • 🛡️ Compliance Guardrail: Validates the LLM-generated patch against hardcoded corporate security policies before deployment.
  • 🧪 Chaos Tester (Digital Twin): Spawns an isolated sandbox, deep-copies the affected graph topology, applies the patch, and runs synthetic traffic to guarantee zero connectivity regression.

Key Innovation: We implement Object-Spatial Programming (OSP). Our agents aren't just scripts; they are "walkers" that physically traverse a graphical representation of the cloud, carrying state and triggering logic only on the specific infrastructure nodes they visit.

🛠️ How We Built It

  • Language: Jac (Jaseci Stack) utilizing Object-Spatial Programming (OSP).
  • Architecture: 5 distinct Walker agents traversing a memory-resident Node/Edge graph.
  • Frontend Dashboard: Vanilla HTML/JS/CSS mapping the Jac spatial graph dynamically to an interactive Web Canvas.
  • Dual-Mode Execution: A config.jac toggle seamlessly switches between zero-dependency local JSON mocking (for rapid prototyping) and full enterprise Python integrations (boto3, requests, LocalStack).

🚧 Challenges We Ran Into

  1. Spatial UI Rendering: Mapping a logical graph to a dynamic pixel canvas without visual collisions was a major hurdle. We had to calculate triangular layouts and implement masking behind text to prevent dependency lines from obscuring node labels.
  2. Sandbox Isolation: Creating the Chaos Tester required deep-copying node states without breaking edge references, ensuring the digital twin accurately mirrored production without leaking state.
  3. Pacing the Pipeline: Because computers are fast, the 5 agents executed in milliseconds. We had to implement asynchronous pacing in the dashboard so a human operator could actually comprehend the steps the AI was taking.

✨ Accomplishments We're Proud Of

  • True Agentic Workflow: We successfully modeled 5 distinct agents that hand off context seamlessly, from detection to verification.
  • Zero Connectivity Regression: The Chaos Tester sandbox ensures that an AI-generated security patch will never accidentally take down a production service.
  • High-Fidelity Dashboard: We built a beautiful, responsive, real-time visualizer that makes complex cloud infrastructure traversal easy to understand.

🧠 What We Learned

  • Spatial Programming Paradigm: Jac's OSP model is incredibly powerful for cloud infrastructure, as cloud environments are naturally graphs (VPCs, Subnets, Instances).
  • Verification over Generation: LLMs can generate code, but without strict, programmatic verification (like our Compliance Guardrail and Chaos Tester), they cannot be trusted in production.

🚀 Production Architecture (Implemented)

DevOpsAudit was built with a dual-mode architecture to guarantee both a flawless hackathon demo and true enterprise readiness. The following production systems are fully implemented in the codebase:

  • Dual-Mode Routing (config.jac): A global toggle that allows the 5-agent pipeline to seamlessly switch between local zero-dependency mock execution and production execution.
  • Python Interop Layer (integrations.jac): The core codebase is fully abstracted. We implemented structural Python interop stubs ready to accept live boto3 and requests calls without polluting the core Jac AI logic.
  • Live WebSocket Relay (server.py): When running in ?mode=prod, the agents bypass the static JS UI entirely and stream their graph traversal telemetry in real-time to the dashboard via a custom FastAPI WebSocket server.

🔮 What's Next: The Future of DevOpsAudit

If we secure funding and continue development, our vision is to evolve DevOpsAudit from an autonomous auditing tool into a comprehensive Cloud Reliability Platform. Our product roadmap includes:

  1. Multi-Cloud Support (GCP & Azure)

    • Expanding our native ingestion agents to support Azure Resource Manager and Google Cloud, allowing for a single, unified spatial graph across multi-cloud enterprise environments.

  2. Human-in-the-Loop ChatOps (Slack/Teams)

    • Integrating a compliance agent that pauses the pipeline after patch generation and sends the Terraform diff directly to a Slack/Teams channel for one-click human approval before the Chaos Tester deploys it.

  3. Predictive Drift Analytics

    • Training specialized Jac agents on historical cloud state data to proactively predict where configuration drifts are most likely to occur, alerting DevOps teams before an engineer makes a mistake.

  4. Autonomous Self-Healing

    • Transitioning from merely "generating patches" to allowing the Orchestrator to securely apply hotfixes directly to production CI/CD pipelines (e.g., GitHub Actions) the millisecond the Chaos Tester verifies the sandbox.

Built With

Share this project:

Updates