Resilient API & AI Incident Analyst

Inspiration

Honestly, waking up at 3 AM to dig through endless Docker logs to figure out why the server crashed or who is poking around just sucks. We wanted to build a system that not only takes a punch and stays up, but also does the initial SRE triage for us so we don't have to.

What it does

It’s a resilient API setup that handles its own security and incident reporting. We slapped a custom RASP middleware on it to block nasty stuff (like XSS) right at the door, and set up strict database constraints to catch bad business logic. If a container somehow crashes, Docker auto-heals it. But the sickest part is our Python script: it ingests the raw container logs, feeds them to Llama-3, and instantly spits out a clean, readable incident response report in your terminal.

How we built it

We kept it lean. The backend is Python and Flask, hooked up to PostgreSQL, and everything is containerized with Docker. Nginx sits in front doing the heavy lifting. For the AI analyst, we plugged into the Groq API running Llama-3 because it's crazy fast and we needed real-time reporting without the annoying lag.

Challenges we ran into

Getting the AI prompt exactly right was a headache. We had to make sure Llama-3 actually understood what an Nginx rate limit or a Flask stack trace meant instead of just hallucinating weird answers. We also hit some API rate limit walls while testing, which forced us to write fallback error handling so the script doesn't just crash when the API goes down.

Accomplishments that we're proud of

We're super hyped about the end-to-end flow. Firing off a malicious curl request, watching it get blocked by the middleware, and then seeing the AI script catch that exact event and document it in a markdown report automatically... it just feels like magic.

What's next for the project

We'd love to hook this up to Discord or Slack webhooks. That way, the AI can just drop the incident report directly in a team channel the second an anomaly pops up. Throwing in Prometheus and Grafana for some visual metrics is definitely on the roadmap too.

Built With

Submitted to

Production Engineering Hackathon

Created by

I led the backend development and the core security architecture. I built the custom RASP middleware to block malicious payloads (like XSS) and set up the Docker and Nginx infrastructure. I also wrote the ai_analyst.py script that integrates with the Groq API to ingest logs and generate the real-time SRE reports using Llama-3

Ibrahim Ahmed
I focused on the database architecture and data integrity. I designed the PostgreSQL schemas and implemented the strict database constraints to catch logic flaws. I also helped debug the container networking, set up the API health checks, and handled the extensive testing of the endpoints to ensure the auto-healing policies worked perfectly.

Seif Osama

Updates

Ibrahim Ahmed started this project — Apr 05, 2026 09:58 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.