Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

InfraPilot

БесплатноНе проверен

Enables infrastructure operations including provisioning, configuration, monitoring, compliance auditing, and auto-remediation through natural language, using T

GitHubEmbed

Описание

Enables infrastructure operations including provisioning, configuration, monitoring, compliance auditing, and auto-remediation through natural language, using Terraform and Ansible tools exposed over MCP.

README

Agentic AI for infrastructure operations. A multi-agent system that provisions, monitors, validates compliance and auto-remediates cloud, network and security infrastructure — built on Python, MCP, Anthropic Claude, Terraform and Ansible.

CI Python License: MIT IaC

InfraPilot closes the full ops loop end-to-end: provision → configure → observe → audit → remediate → re-audit, coordinated by a crew of specialised AI agents — and it runs out of the box with no cloud account, no API key and no Terraform/Ansible binaries required (it transparently simulates execution when a binary is absent).


Why it exists

Most "AI for DevOps" demos stop at a chatbot that writes a Terraform snippet. InfraPilot models the operational loop an automation engineer actually owns: turning declarative intent into running infrastructure, watching it, proving it meets security/governance policy, and fixing drift automatically through code — with every action typed, reported and auditable.

Architecture

Two ways to drive it (CLI or MCP) feed one orchestrator. The orchestrator runs a crew of five agents in sequence; each agent owns exactly one tool, and every tool runs through a single executor that either calls the real binary or falls back to a labelled simulation. Claude is an optional reasoning layer wired into the agents — never a hard dependency.

flowchart TB
    CLI["CLI · infrapilot run"] --> ORCH
    MCPC["MCP client · Claude Desktop / Code"] --> MCPS["MCP server"] --> ORCH

    subgraph ORCH["Orchestrator — sequential ops loop"]
        direction LR
        P[Provisioner] --> C[Configurator] --> O[Observer] --> A[Compliance Auditor] --> R[Remediator]
        R -. re-audit .-> A
    end

    CLAUDE["Anthropic Claude · optional<br/>anomaly triage · remediation rationale"] -. reasoning .-> ORCH

    P --> TF[Terraform tool]
    C --> AN[Ansible tool]
    O --> MON[Monitoring tool]
    A --> POL[Policy-as-code engine]
    R --> REM[Remediation strategies]

    TF --> EX
    AN --> EX
    MON --> EX
    POL --> EX
    REM --> EX
    EX["Executor — real binary if present, else simulated"] --> STATE[("Infra state · Terraform / Ansible")]
  • One orchestrator, one job each. A dependency-free sequential loop coordinates the five agents; the whole thing runs in CI and is what the tests exercise — no heavyweight agent framework to install or mock.
  • Tools are the source of truth. Terraform, Ansible, monitoring, policy and remediation logic live in infrapilot/tools/, shared by both the CLI loop and the MCP server — one implementation, two ways to drive it.
  • MCP-native. infrapilot/mcp_server/ exposes the tools over the Model Context Protocol, so Claude Desktop / Claude Code / any MCP client can run infra operations through natural language.
  • Claude optional. With ANTHROPIC_API_KEY set, each agent calls Claude to triage anomalies and justify remediations. Without it, the loop still completes deterministically.

Quickstart

git clone https://github.com/Gsfrota/infra-pilot && cd infra-pilot
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"

infrapilot demo          # fully simulated end-to-end run — no creds needed

Example output (abridged):

╭──────────────────────── InfraPilot run ────────────────────────╮
│ engine=native  llm=off  compliance score=100.0/100             │
╰────────────────────────────────────────────────────────────────╯
 provision   ok     4 resources provisioned (simulated)
 configure   ok     configuration applied (simulated)
 observe     warn   3 anomalies detected
 audit       error  3 violations, score 43.8
 remediate   ok     3 fixes applied, score 43.8 -> 100.0

Commands

Command What it does
infrapilot demo Self-contained simulated run (no cloud/API key/binaries).
infrapilot run Full loop; uses real terraform/ansible if installed.
infrapilot run --no-remediate Audit + propose fixes without applying.
infrapilot audit Compliance gate — exits non-zero on any violation (great in CI).

Use it from Claude (MCP)

pip install -e ".[mcp]"
infrapilot-mcp            # serves the tools over MCP (stdio)
// claude_desktop_config.json
{
  "mcpServers": {
    "infrapilot": { "command": "infrapilot-mcp" }
  }
}

Then ask Claude: "Provision the infra, audit it for security issues, and remediate anything critical."

How the loop works

  1. ProvisionTerraformTool applies infra/desired_state.yaml (real terraform apply against the local/null/random providers when the binary is present; simulated otherwise).
  2. ConfigureAnsibleTool converges host configuration via a playbook.
  3. ObserveMonitoringTool ingests a Prometheus-style telemetry snapshot and triages anomalies against thresholds.
  4. Audit — the policy-as-code engine evaluates every resource against policies/policies.yaml; new governance rules are added in YAML, not code.
  5. RemediateRemediationTool maps each violation to a least-privilege fix and applies it through the right IaC backend (Terraform or Ansible).
  6. Re-audit — the loop re-scores compliance to prove the drift is closed.

Policy-as-code

- id: SEC-001
  name: "No SSH open to the internet"
  severity: critical
  resource_type: security_group
  rule: no_ingress_cidr
  params: { port: 22, forbidden_cidr: "0.0.0.0/0" }
  remediation: restrict_sg_ingress

Built-in rules: required_tag, no_ingress_cidr, attribute_equals, attribute_max. Built-in remediations: add_tag, restrict_sg_ingress, enable_encryption, restart_service.

Project layout

infrapilot/
├── agents/        # role/goal/backstory crew
├── engines/       # the sequential orchestrator (native.py)
├── tools/         # terraform · ansible · monitoring · compliance · remediation
├── mcp_server/    # MCP server exposing the tools
├── llm.py         # optional Anthropic Claude reasoning layer
├── reporting.py   # rich console + JSON/Markdown artifacts
└── cli.py         # typer CLI
infra/             # terraform/, ansible/, observability/, desired_state.yaml
policies/          # policy-as-code
tests/             # pytest suite (engine, compliance, monitoring, remediation)

Development

pip install -e ".[dev]"
ruff check .          # lint
pytest                # tests
infrapilot demo       # smoke test the full loop

CI (GitHub Actions) runs ruff + pytest on 3.10/3.11/3.12 and additionally installs real Terraform and Ansible to validate/lint the IaC.

Roadmap

  • Real cloud providers behind a feature flag (AWS/GCP modules)
  • Parallel agent execution where the loop allows it
  • Drift detection on a schedule (cron / GitHub Actions)
  • OPA/Rego policy backend option

License

MIT — see LICENSE.


Built by Guilherme Frota Souza — Infrastructure & Automation Engineer.

from github.com/Gsfrota/infra-pilot

Установка InfraPilot

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/Gsfrota/infra-pilot

FAQ

InfraPilot MCP бесплатный?

Да, InfraPilot MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для InfraPilot?

Нет, InfraPilot работает без API-ключей и переменных окружения.

InfraPilot — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить InfraPilot в Claude Desktop, Claude Code или Cursor?

Открой InfraPilot на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare InfraPilot with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development