feat: LLM reasoning, severity overrides, dashboard freshness #14

Merged

pyr0ball merged 2 commits from feat/llm-reasoning into main

2026-05-11 13:00:52 -07:00

pyr0ball commented

2026-05-11 13:00:44 -07:00

Owner

Summary

LLM reasoning layer — app/services/llm.py sends top 25 log entries (errors-first) to Ollama and returns a plain-language reasoning field alongside diagnose results. URL/model configurable via Settings. Graceful fallback: reasoning: null if LLM is unreachable or times out.
Severity overrides — regex rules in preferences.json, applied at query time only (DB unchanged). Each rule has a name, pattern, target severity, and enabled toggle. Dashboard and Settings respect them. Ships with one default: pam_unix.*auth → WARN.
Dashboard freshness — last_ingested timestamp in stats response; stale-data banner appears when newest entry is >25h old. Suppressed criticals count shown inline.
Settings UI — LLM URL/model fields + severity overrides panel with toggle, delete, and add-rule form.

Test Plan

conda run -n cf pytest tests/ -v — 70 tests pass
Dashboard shows stale-data banner (current DB is from May 9)
Recent criticals: PAM auth failures no longer appear (suppressed count shows below the list)
Settings → disable PAM override → auth failures reappear in recent criticals
Settings → add a custom override rule, verify it persists
Quick Capture: describe a symptom → reasoning card appears above log stream
Settings → clear LLM URL → reasoning card absent on next diagnose
Settings → LLM URL pointing to non-existent endpoint → reasoning absent, entries still returned

## Summary - **LLM reasoning layer** — `app/services/llm.py` sends top 25 log entries (errors-first) to Ollama and returns a plain-language `reasoning` field alongside diagnose results. URL/model configurable via Settings. Graceful fallback: `reasoning: null` if LLM is unreachable or times out. - **Severity overrides** — regex rules in `preferences.json`, applied at query time only (DB unchanged). Each rule has a name, pattern, target severity, and `enabled` toggle. Dashboard and Settings respect them. Ships with one default: `pam_unix.*auth` → WARN. - **Dashboard freshness** — `last_ingested` timestamp in stats response; stale-data banner appears when newest entry is >25h old. Suppressed criticals count shown inline. - **Settings UI** — LLM URL/model fields + severity overrides panel with toggle, delete, and add-rule form. ## Test Plan - [ ] `conda run -n cf pytest tests/ -v` — 70 tests pass - [ ] Dashboard shows stale-data banner (current DB is from May 9) - [ ] Recent criticals: PAM auth failures no longer appear (suppressed count shows below the list) - [ ] Settings → disable PAM override → auth failures reappear in recent criticals - [ ] Settings → add a custom override rule, verify it persists - [ ] Quick Capture: describe a symptom → reasoning card appears above log stream - [ ] Settings → clear LLM URL → reasoning card absent on next diagnose - [ ] Settings → LLM URL pointing to non-existent endpoint → reasoning absent, entries still returned

pyr0ball added 2 commits 2026-05-11 13:00:45 -07:00