feat: ai rule gen #2158
feat: ai rule gen #2158
Conversation
…ly the right number of alerts so that we don't overflow the prompt limitations
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Skipped Deployment
|
keep/api/routes/rules.py
Outdated
| pusher_client = get_pusher_client() | ||
| if pusher_client: | ||
| try: | ||
| pusher_client.trigger("private-{}".format(tenant_id), "rules-aigen-created", result) |
There was a problem hiding this comment.
nit: f"private-{tenant_id}" is how I see things being done in the code.
Thinking out loud: does this trigger a websocket message to every user logged in with the same tenant?
There was a problem hiding this comment.
thats a great point, i stole pattern from some other parts of the codebase, should we do something about this? @shahargl
|
Now if I don't have correlation rules yet I can't generate rules with AI. I think it's the perfect use case for the feature, so let's maybe always show the tabs with "existing" / "suggested" and add button "Suggest correlations with AI" which would get user to the "Suggested" tab. What do you think? 
|
…o feature/1968-ai-rule-gen # Conflicts: # keep-ui/app/rules/AIGenRules.tsx
| from keep.api.core.db import get_last_alerts | ||
| from keep.api.core.dependencies import get_pusher_client | ||
|
|
||
| # Add this import at the top of the file |
|
|
||
|
|
||
|
|
||
| def select_right_num_alerts(existing_rules, alerts, max_tokens): |
There was a problem hiding this comment.
Strict typing will make it look more like the rest of the codebase :)
There was a problem hiding this comment.
good point, done
| logger.info(f"Error generating rules: {e}") | ||
| result = {'error': "Error generating rules"} | ||
|
|
||
|
|
There was a problem hiding this comment.
Why those empty lines? 0_o
There was a problem hiding this comment.
it just creates more clarity i feel
|
|
||
| result['results'] = [rule for rule in result['results'] if check_cel_rule(rule['CELRule'])] | ||
|
|
||
| except Exception as e: |
There was a problem hiding this comment.
I know we have a few except Exception in the codebase, but why exactly do we catch it here? If that's a way to avoid retries burning OpenAI quota, it's possible to limit amount of retries in Arq
There was a problem hiding this comment.
Arq?, this wont create a retry, it just catchs all sorts of exceptions cuz there's a lof different things going on in the try, catch, i don't really want to deal with them in a case by case basis
| background_tasks: BackgroundTasks, | ||
| request: Request, | ||
| authenticated_entity: AuthenticatedEntity = Depends( | ||
| IdentityManagerFactory.get_auth_verifier(["read:rules", "read:alerts"]) |
There was a problem hiding this comment.
I guess also read:incidents? :)
There was a problem hiding this comment.
we're not reading incidents right now i think
| env = celpy.Environment() | ||
| ast = env.compile(rule_str) | ||
| env.program(ast) | ||
| return True |
There was a problem hiding this comment.
If you re-use
keep/keep/rulesengine/rulesengine.py
Line 39 in 8a2d747
There was a problem hiding this comment.
i don't think this is a good idea, would you reuse opening a file and reading all the bytes? meh
| return selected_alerts | ||
|
|
||
|
|
||
| def check_cel_rule(rule_str): |
There was a problem hiding this comment.
I like is_statement notation for methods returning bool, but it's a matter of taste I know
| return {"task_id": task_id} | ||
|
|
||
|
|
||
| def ruleGen(task_id, authenticated_entity): |
There was a problem hiding this comment.
CamelCase, but the rest is snake_case ;)
|
@mirrormystic I see your comments "done" but I con't see commits, is there a chance that you didn't push smth? 🤔 |
close #1987
demo: https://www.loom.com/share/2b3eacfd7b844688bddaae6f2df7d8b6?sid=c07e0832-13e1-4249-98db-aa3c696c7b32