lucasacchi/LogWhispererAI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3c406ef40557b275126670767edd740c00a401c4
LogWhispererAI/CHANGELOG.md
Luca Sacchi Ricciardi 3c406ef405 feat: create n8n workflow for secure log ingestion 
Implement LogWhisperer_Ingest workflow for Sprint 2 Feature 2:

Workflow Components:
- Webhook trigger: POST /webhook/logwhisperer/ingest
- HMAC-SHA256 validation with timing-safe comparison
- Anti-replay protection (5min timestamp window)
- Data validation: UUID client_id, severity levels, non-empty logs
- PostgreSQL storage with logs table auto-creation
- Conditional routing for critical severity logs

Security Features:
- HMAC signature verification (X-LogWhisperer-Signature header)
- Timestamp validation preventing replay attacks
- Input sanitization before DB insert
- Environment variable LOGWHISPERER_SECRET for shared secret

Documentation:
- workflows/logwhisperer_ingest.json: Export JSON workflow
- workflows/README.md: Installation and usage guide
- workflows/INTEGRATION.md: Bash script integration guide
- workflows/REPORT.md: Implementation report
- workflows/test_workflow.sh: Automated test suite

Metodo Sacchi Applied:
- Safety First: HMAC validation before any processing
- Little Often: Modular nodes, each with single responsibility
- Double Check: Test suite validates all security requirements

Next Steps:
- Configure LOGWHISPERER_SECRET in n8n environment
- Import workflow to n8n instance
- Test end-to-end with secure_logwhisperer.sh
2026-04-02 19:01:40 +02:00

111 lines
4.4 KiB
Markdown
Raw Blame History

# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Common Changelog](https://common-changelog.org/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Added
- feat: Create n8n workflow `LogWhisperer_Ingest` for secure log ingestion
- Webhook trigger on POST `/webhook/logwhisperer/ingest`
- HMAC-SHA256 signature validation with anti-replay protection
- Data validation (UUID, severity levels, non-empty raw_log)
- PostgreSQL storage with automatic table creation
- Conditional AI processing for critical severity logs
- JSON export at `workflows/logwhisperer_ingest.json`
- Test suite at `workflows/test_workflow.sh`
- Integration guide at `workflows/INTEGRATION.md`
- Documentation at `workflows/README.md`
- Implements Metodo Sacchi: Safety First, Little Often, Double Check
- feat: Configure MCP servers for enhanced AI capabilities
- sequential-thinking MCP for structured problem solving
- context7 MCP for contextual library documentation retrieval
- n8n MCP for workflow automation integration
- docs: Add agent-specific configurations in `.opencode/agents/`
- @n8n_specialist_agent for n8n workflow management
- @context_auditor_agent for documentation alignment checks
- docs: Add skill playbooks in `.opencode/skills/`
- TDD_Python_Specialist: Test-driven development workflow
- Git_and_Changelog: Conventional commits and changelog standards
- n8n_automation_mastery: n8n workflow best practices
- context7_documentation_retrivial: Context-aware documentation lookup
- docs: Add requirements.txt with Python dependencies (pytest, requests)
### Changed
- docs: Update README.md with complete project structure
- Add MCP configuration section
- Document all agent configurations
- Include skill playbooks in project tree
- Update setup instructions with requirements.txt
- docs: Refactor setup documentation structure (moved to `docs/1.setup_procedure/`)
## [0.1.1] - 2026-04-02
### Added
- docs: Project Review Sprint 1 complete analysis
- Product Manager review: UVP alignment (7.05/10)
- Tech Lead review: Architecture assessment (7.5/10)
- Security Auditor review: Risk analysis (5.75/10)
- Comprehensive recommendations for Sprint 2
### Changed
- docs: Major README.md refactoring with badges and improved navigation
- docs: Updated all sprint documentation to "Completed" status
## [0.1.0] - 2026-04-02
### Added
- feat: Implement log ingestion script (`logwhisperer.sh`) for monitoring system logs
- Monitor multiple log sources: syslog, nginx, postgresql
- Pattern matching for critical errors (FATAL, ERROR, OOM, segfault, disk full)
- JSON payload generation with severity levels (low, medium, critical)
- Rate limiting to prevent alert flooding (30s per source/pattern)
- Offset tracking for each log file to avoid reprocessing
- HTTP POST dispatch to configurable webhook with retry logic
- Dry-run mode for testing pattern matching without sending webhooks
- Configuration file support (`/etc/logwhisperer/config.env`)
- Command-line flags: `--help`, `--validate`, `--config`, `--dry-run`, `--test-line`
- feat: Create installation script (`install.sh`)
- Interactive configuration wizard
- UUID v4 generation for CLIENT_ID
- Systemd service creation (when run as root)
- Support for both system-wide and user-local installation
- Prerequisite checking (bash, curl)
- Connectivity test to webhook URL
- test: Add comprehensive test suite (`tests/test_logwhisperer.py`)
- Script existence and executable validation
- Configuration validation tests
- Pattern matching tests (FATAL, OOM, ERROR patterns)
- JSON payload structure validation
- Severity mapping verification
- docs: Create technical specification for Feature 1 (Log Ingestion)
- Architecture diagram and component description
- Requirements (functional and non-functional)
- Safety guidelines (Metodo Sacchi)
- Acceptance criteria
- docs: Create Sprint 1 verification report (`docs/sprint1_verification.md`)
- Complete verification of all Sprint 1 deliverables
- Test results summary (12/12 tests passed)
- Acceptance criteria checklist
- Security audit results
- Code quality assessment
### Security
- Configuration files created with restrictive permissions (600)
- No hardcoded credentials in scripts
- HTTPS validation for webhook URLs (warning for non-HTTPS)
- Read-only access to log files (no modifications)
Reference in New Issue View Git Blame Copy Permalink