[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-cceb05f5-34c3-49bb-8074-537782e2a5fa":3,"$fq5KFjJOTUT2558DGlqOYywdH5M_FJqgtO89gfXqGvL0":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"cceb05f5-34c3-49bb-8074-537782e2a5fa","aegisops-ai","自主DevSecOps & FinOps安全防护。编排Gemini 3闪存以审计Linux内核补丁、Terraform成本漂移和K8s合规性。","cat_coding_devops","mod_coding","sickn33,coding","---\nname: aegisops-ai\ndescription: \"Autonomous DevSecOps & FinOps Guardrails. Orchestrates Gemini 3 Flash to audit Linux Kernel patches, Terraform cost drifts, and K8s compliance.\"\nrisk: safe\nsource: community\nauthor: Champbreed\ndate_added: \"2026-03-24\"\n---\n\n# \u002Faegisops-ai — Autonomous Governance Orchestrator\n\nAegisOps-AI is a professional-grade \"Living Pipeline\" \nthat integrates advanced AI reasoning directly into \nthe SDLC. It acts as an intelligent gatekeeper for \nsystems-level security, cloud infrastructure costs, \nand Kubernetes compliance.\n\n## Goal\n\nTo automate high-stakes security and financial audits by:\n1. Identifying logic-based vulnerabilities (UAF, Stale \nState) in Linux Kernel patches.\n2. Detecting massive \"Silent Disaster\" cost drifts in \nTerraform plans.\n3. Translating natural language security intent into \nhardened K8s manifests.\n\n## When to Use\n- **Kernel Patch Review:** Auditing raw C-based Git diffs for memory safety.\n- **Pre-Apply IaC Audit:** Analyzing `terraform plan` outputs to prevent bill spikes.\n- **Cluster Hardening:** Generating \"Least Privilege\" securityContexts for deployments.\n- **CI\u002FCD Quality Gating:** Blocking non-compliant merges via GitHub Actions.\n\n## When Not to Use\n\n- **Web App Logic:** Do not use for standard web vulnerabilities (XSS, SQLi); use dedicated SAST scanners.\n- **Non-C Memory Analysis:** The patch analyzer is optimized for C-logic; avoid using it for high-level languages like Python or JS.\n- **Direct Resource Mutation:** This is an *auditor*, not a deployment tool. It does not execute `terraform apply` or `kubectl apply`.\n- **Post-Mortem Analysis:** For analyzing *why* a previous AI session failed, use `\u002Fanalyze-project` instead.\n\n---\n## 🤖 Generative AI Integration\n\nAegisOps-AI leverages the **Google GenAI SDK** to implement a \"Reasoning Path\" for autonomous security and financial audits:\n\n* **Neural Patch Analysis:** Performs semantic code reviews of Linux Kernel patches, moving beyond simple pattern matching to understand complex memory state logic.\n* **Intelligent Cost Synthesis:** Processes raw Terraform plan diffs through a financial reasoning model to detect high-risk resource escalations and \"silent\" fiscal drifts.\n* **Natural Language Policy Mapping:** Translates human security intent into syntactically correct, hardened Kubernetes `securityContext` configurations.\n\n## 🧭 Core Modules\n\n### 1. 🐧 Kernel Patch Reviewer (`patch_analyzer.py`)\n\n* **Problem:** Manual review of Linux Kernel memory safety is time-consuming and prone to human error.\n* **Solution:** Gemini 3 performs a \"Deep Reasoning\" audit on raw Git diffs to detect critical memory corruption vulnerabilities (UAF, Stale State) in seconds.\n* **Key Output:** `analysis_results.json`\n\n### 2. 💰 FinOps & Cloud Auditor (`cost_auditor.py`)\n\n* **Problem:** Infrastructure-as-Code (IaC) changes can lead to accidental \"Silent Disasters\" and massive cloud bill spikes.\n* **Solution:** Analyzes `terraform plan` output to identify cost anomalies—such as accidental upgrades from `t3.micro` to high-performance GPU instances.\n* **Key Output:** `infrastructure_audit_report.json`\n\n### 3. ☸️ K8s Policy Hardener (`k8s_policy_generator.py`)\n\n* **Problem:** Implementing \"Least Privilege\" security contexts in Kubernetes is complex and often neglected.\n* **Solution:** Translates natural language security requirements into production-ready, hardened YAML manifests (Read-only root FS, Non-root enforcement, etc.).\n* **Key Output:** `hardened_deployment.yaml`\n\n## 🛠️ Setup & Environment\n\n### 1. Clone the Repository\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FChampbreed\u002FAegisOps-AI.git\ncd AegisOps-AI\n```\n## 2. Setup\n\n```bash\npython3 -m venv venv\nsource venv\u002Fbin\u002Factivate\npip install google-genai python-dotenv\n```\n### 3. API Configuration\n\nCreate a `.env` file in the root directory to securely \nstore your credentials:\n\n```bash\necho \"GEMINI_API_KEY='your_api_key_here'\" > .env\n```\n## 🏁 Operational Dashboard\n\nTo execute the full suite of agents in sequence and generate all security reports:\n\n```bash\npython3 main.py\n```\n### Pattern: Over-Privileged Container\n\n* **Indicators:** `allowPrivilegeEscalation: true` or root user execution.\n* **Investigation:** Pass security intent (e.g., \"non-root only\") to the K8s Hardener module.\n\n---\n\n## 💡 Best Practices\n\n* **Context is King:** Provide at least 5 lines of context around Git diffs for more accurate neural reasoning.\n* **Continuous Gating:** Run the FinOps auditor before every infrastructure change, not after.\n* **Manual Sign-off:** Use AI findings as a high-fidelity signal, but maintain human-in-the-loop for kernel-level merges.\n\n---\n\n## 🔒 Security & Safety Notes\n\n* **Key Management:** Use CI\u002FCD secrets for `GEMINI_API_KEY` in production.\n* **Least Privilege:** Test \"Hardened\" manifests in staging first to ensure no functional regressions.\n\n## Links\n\n+ - **Repository**: https:\u002F\u002Fgithub.com\u002FChampbreed\u002FAegisOps-AI\n+ - **Documentation**: https:\u002F\u002Fgithub.com\u002FChampbreed\u002FAegisOps-AI#readme\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,216,264,"2026-05-16 13:01:10",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"DevOps","devops","mdi-cog-outline","CI\u002FCD、容器化、部署运维",3,162,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"8718ba72-cd40-4f92-8509-d2993972ac5a","1.0.0","aegisops-ai.zip",2663,"uploads\u002Fskills\u002Fcceb05f5-34c3-49bb-8074-537782e2a5fa\u002Faegisops-ai.zip","4c633cead54f63e9e93a04b45b8806fddceebc1bdc5beee637ee7971963830d9","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":5344}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]