Inspiration
When a Davis problem fires, someone still has to jump between Dynatrace, logs, Slack, and GCP before anything actually gets fixed. We wanted that path in one place.
What it does
Rapid Guard takes a Dynatrace problem, runs Gemini agents to investigate with DQL and notebooks, asks a human to approve, then remediates on GCP — Cloud Armor blocks a bad IP, GKE restarts the workload. Demo target is Online Boutique with a controlled crypto-mining scenario. https://github.com/googlecloudplatform/microservices-demo
How we built it
Cloud Run for the webhook, ADK agents, and incident console. Pub/Sub in between. Dynatrace MCP and custom tools for problems, DQL, and notebooks. Terraform for messaging and secrets. Optional GKE add-ons for the attack trigger and Ingress.
Challenges we ran into
Webhooks only flow when the payload has the right status transition — easy to miss in sandbox. Some Dynatrace APIs wanted scopes our token did not have yet. HITL meant stitching Slack, workflows, Pub/Sub, and the console without dropping messages.
Accomplishments that we're proud of
A full loop in one hackathon: alert → notebook investigation → approve in the UI or Slack → remediation workflows run. Sandbox mode to test the pipeline without a real Davis event.
What we learned
Putting evidence in a shared notebook before remediation keeps the agents grounded. Humans still need one obvious approve step before anything touches production.
What's next for Rapid Guard
More remediation playbooks, smoother Davis webhook handling, and better defaults for local and sandbox testing.
Built With
- adk
- cloud-run
- express.js
- typescript
Log in or sign up for Devpost to join the conversation.