首页 / 全部技能 / aegisops-ai
A

Skill 详情

aegisops-ai

Autonomous DevSecOps & FinOps Guardrails. Orchestrates Gemini 3 Flash to audit Linux Kernel patches, Terraform cost drifts, and K8s compliance.

来源平台:GitHub
来源标识:sickn33/antigravity-awesome-skills
源文件:原始说明
前端设计 超热门 GitHub 低 风险 下载 1.43万Stars 3.68万 GitHub CopilotGemini CLI
来源平台GitHub
文档版本SKILL.md
热度超热门
排名信号下载 1.43万
概述 安装 文档 下载

快速判断

Autonomous DevSecOps & FinOps Guardrails. Orchestrates Gemini 3 Flash to audit Linux Kernel patches, Terraform cost drifts, and K8s compliance.

最后校验2026-05-27
来源平台GitHub
安全提示
下载副本ZIP 可用

适合任务

  • 把重复任务整理成可复用的 AI 操作流程。
  • 让 AI 在特定场景下按统一规范执行。
  • 为团队或个人工作流提供可复制的任务说明。

输入与输出

输入:任务目标、上下文材料、文件路径、约束条件或需要处理的内容。

输出:按 Skill 说明生成的文档、代码、检查结果、计划、建议或操作步骤。

示例任务

  • 使用 aegisops-ai 帮我处理当前任务,并说明执行前需要确认的输入。
  • 根据 aegisops-ai 的说明,给我一个安全的使用步骤清单。

安装方式

  1. 下载本站提供的 Skill ZIP 并解压。
  2. 把解压后的 Skill 目录放入当前 AI 工具支持的 skills 目录。
  3. 如需在线查看原始内容,可打开 GitHub 的 SKILL.md

在线原始地址:aegisops-ai/SKILL.md

风险边界

使用前请检查权限、外部依赖和要处理的数据类型。不要把密码、密钥、身份信息或敏感客户资料交给未经确认的 Skill。

SKILL.md 文档介绍

/aegisops-ai — Autonomous Governance Orchestrator

AegisOps-AI is a professional-grade "Living Pipeline"

that integrates advanced AI reasoning directly into

the SDLC. It acts as an intelligent gatekeeper for

systems-level security, cloud infrastructure costs,

and Kubernetes compliance.

Goal

To automate high-stakes security and financial audits by:

1. Identifying logic-based vulnerabilities (UAF, Stale

State) in Linux Kernel patches.

2. Detecting massive "Silent Disaster" cost drifts in

Terraform plans.

3. Translating natural language security intent into

hardened K8s manifests.

When to Use

  • Kernel Patch Review: Auditing raw C-based Git diffs for memory safety.
  • Pre-Apply IaC Audit: Analyzing terraform plan outputs to prevent bill spikes.
  • Cluster Hardening: Generating "Least Privilege" securityContexts for deployments.
  • CI/CD Quality Gating: Blocking non-compliant merges via GitHub Actions.

When Not to Use

  • Web App Logic: Do not use for standard web vulnerabilities (XSS, SQLi); use dedicated SAST scanners.
  • Non-C Memory Analysis: The patch analyzer is optimized for C-logic; avoid using it for high-level languages like Python or JS.
  • Direct Resource Mutation: This is an *auditor*, not a deployment tool. It does not execute terraform apply or kubectl apply.
  • Post-Mortem Analysis: For analyzing *why* a previous AI session failed, use /analyze-project instead.

---

🤖 Generative AI Integration

AegisOps-AI leverages the Google GenAI SDK to implement a "Reasoning Path" for autonomous security and financial audits:

  • Neural Patch Analysis: Performs semantic code reviews of Linux Kernel patches, moving beyond simple pattern matching to understand complex memory state logic.
  • Intelligent Cost Synthesis: Processes raw Terraform plan diffs through a financial reasoning model to detect high-risk resource escalations and "silent" fiscal drifts.
  • Natural Language Policy Mapping: Translates human security intent into syntactically correct, hardened Kubernetes securityContext configurations.

🧭 Core Modules

1. 🐧 Kernel Patch Reviewer (patch_analyzer.py)

  • Problem: Manual review of Linux Kernel memory safety is time-consuming and prone to human error.
  • Solution: Gemini 3 performs a "Deep Reasoning" audit on raw Git diffs to detect critical memory corruption vulnerabilities (UAF, Stale State) in seconds.
  • Key Output: analysis_results.json

2. 💰 FinOps & Cloud Auditor (cost_auditor.py)

  • Problem: Infrastructure-as-Code (IaC) changes can lead to accidental "Silent Disasters" and massive cloud bill spikes.
  • Solution: Analyzes terraform plan output to identify cost anomalies—such as accidental upgrades from t3.micro to high-performance GPU instances.
  • Key Output: infrastructure_audit_report.json

3. ☸️ K8s Policy Hardener (k8s_policy_generator.py)

  • Problem: Implementing "Least Privilege" security contexts in Kubernetes is complex and often neglected.
  • Solution: Translates natural language security requirements into production-ready, hardened YAML manifests (Read-only root FS, Non-root enforcement, etc.).
  • Key Output: hardened_deployment.yaml

🛠️ Setup & Environment

1. Clone the Repository

git clone https://github.com/Champbreed/AegisOps-AI.git
cd AegisOps-AI

2. Setup

python3 -m venv venv
source venv/bin/activate
pip install google-genai python-dotenv

3. API Configuration

Create a .env file in the root directory to securely

store your credentials:

echo "GEMINI_API_KEY='your_api_key_here'" > .env

🏁 Operational Dashboard

To execute the full suite of agents in sequence and generate all security reports:

python3 main.py

Pattern: Over-Privileged Container

  • Indicators: allowPrivilegeEscalation: true or root user execution.
  • Investigation: Pass security intent (e.g., "non-root only") to the K8s Hardener module.

---

💡 Best Practices

  • Context is King: Provide at least 5 lines of context around Git diffs for more accurate neural reasoning.
  • Continuous Gating: Run the FinOps auditor before every infrastructure change, not after.
  • Manual Sign-off: Use AI findings as a high-fidelity signal, but maintain human-in-the-loop for kernel-level merges.

---

🔒 Security & Safety Notes

  • Key Management: Use CI/CD secrets for GEMINI_API_KEY in production.
  • Least Privilege: Test "Hardened" manifests in staging first to ensure no functional regressions.

Links

+ - Repository: https://github.com/Champbreed/AegisOps-AI

+ - Documentation: https://github.com/Champbreed/AegisOps-AI#readme

Limitations

  • Use this skill only when the task clearly matches the scope described above.
  • Do not treat the output as a substitute for environment-specific validation, testing, or expert review.
  • Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.
建议反馈