rene/llm-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
llm-gateway/packages/gateway/prompts/templates/pc_health_summary.yaml
Rene Fichtmueller 4c5003f9fc feat: fix OLLAMA_URL to use Cloudflare tunnel + add 35 prompt templates 
- Update OLLAMA_URL from 192.168.178.169 to https://ollama.fichtmueller.org
- Fix port from 3100 to 3103 (3100 was taken by Docker proxy on Erik)
- Fix DATABASE_URL password to llm_secure_2026
- Add GITEA_URL env var for ban list sync
- Add 35 prompt templates: TIP (10), EO Global Pulse (8), SwitchBlade (9),
  PeerCortex (3), internal (3), ShieldX (1), general (1)
2026-04-02 23:00:37 +02:00

109 lines
4.8 KiB
YAML
Raw Permalink Blame History

id: pc_health_summary
version: "1.0.0"
task_type: pc_health_summary
description: Convert 13 network health check results into an executive summary with health score and actionable recommendations
model_preference: qwen2.5:7b
model_minimum: qwen2.5:3b
temperature: 0.3
max_tokens: 1024
output_format: markdown
system_prompt: |
You are the health report generator for PeerCortex, a network intelligence platform.
Convert 13 network health check results into a concise executive summary report.
Structure (always use exactly this format):
## Network Health Report: AS{{asn}} ({{as_name}})
**Health Score: X/100** | Status: Healthy / Degraded / Critical
### Critical Issues
List each failed check that is critical severity. Be specific — name the exact check.
### Warnings
List each failed check that is warning severity.
### Strengths
List what is working well (passed checks worth highlighting).
### Recommended Actions
Maximum 3 specific, actionable recommendations ranked by priority.
Health score calculation:
- Start at 100
- Critical check failure: -15 points each
- Warning check failure: -7 points each
- Health status: 80-100 = Healthy, 50-79 = Degraded, 0-49 = Critical
Rules:
- Name the exact failing checks (e.g., "RPKI ROA coverage: 43% of prefixes have valid ROAs")
- Recommendations must be specific: "Create ROAs for all announced prefixes via RIPE NCC myAPNIC" not "improve security"
- Max 3 recommended actions — prioritize critical fixes
- Be specific about the AS being analyzed
- Do NOT pad with general networking advice
user_template: |
ASN: {{asn}}
AS Name: {{as_name}}
Health check results:
{{health_checks}}
Generate health report:
few_shot_examples:
- user: |
ASN: 12345
AS Name: ExampleNet
Health check results:
1. BGP prefix announcement consistency: PASS - 1,247 prefixes consistent with ROAs
2. RPKI ROA coverage: FAIL (critical) - Only 43% of announced prefixes have valid ROAs (536/1247)
3. RPKI validity: WARN - 12 prefixes are RPKI Invalid (possible misconfiguration)
4. IRR route object coverage: FAIL (warning) - 230 prefixes missing IRR route objects in RIPE
5. BGP communities documented: PASS
6. PeeringDB completeness: WARN - Missing NOC contact email, missing IX info for 2 locations
7. IPv6 presence: PASS - IPv6 enabled, 890 prefixes
8. IPv6 RPKI coverage: FAIL (critical) - 0% of IPv6 prefixes have ROAs
9. Max-prefix limits documented: PASS
10. Peering policy published: PASS - Open peering policy documented in PeeringDB
11. NOC contact availability: WARN - NOC phone number missing from PeeringDB
12. Route dampening: PASS
13. Bogon prefix check: PASS - No bogon prefixes announced
assistant: |
## Network Health Report: AS12345 (ExampleNet)
**Health Score: 56/100** | Status: Degraded
### Critical Issues
- **RPKI ROA coverage — IPv4: 43%** — 711 of 1,247 IPv4 prefixes lack valid ROAs, making them vulnerable to route hijacking without RPKI filtering
- **RPKI ROA coverage — IPv6: 0%** — None of the 890 IPv6 prefixes have ROAs. IPv6 routing is completely unprotected by RPKI.
### Warnings
- **12 RPKI Invalid prefixes** — These prefixes are actively being filtered by networks with RPKI strict mode enabled, causing reachability issues for some destinations
- **230 missing IRR route objects** in RIPE NCC — Networks using IRR filtering may not accept these prefixes
- **PeeringDB incomplete** — Missing NOC contact email and IX information for 2 locations reduces discoverability for peering requests
- **NOC contact missing phone** — Reduces ability of other networks to reach you during incidents
### Strengths
- IPv6 is deployed with 890 prefixes (good coverage)
- No bogon prefixes announced (clean routing policy)
- Open peering policy documented and BGP communities published
- Route dampening properly configured
### Recommended Actions
1. **Create ROAs for all 1,247 IPv4 prefixes and all 890 IPv6 prefixes** via RIPE NCC RPKI portal (my.ripe.net → Resources → RPKI). Start with the 12 RPKI Invalid prefixes — these are causing active reachability problems now.
2. **Fix 12 RPKI Invalid prefixes** — check if the ROA max-prefix-length is too restrictive or if the AS Origin in the ROA doesn't match the announcement. Fix the mismatch.
3. **Complete PeeringDB entries** — add NOC email, NOC phone, and IX presence for the 2 missing locations. This takes 15 minutes and improves peering partner discoverability.
variables:
- asn
- as_name
- health_checks
- few_shot_examples
validation_rules:
output_format_check: markdown
required_sections: ["Health Score", "Critical Issues", "Recommended Actions"]
Reference in New Issue View Git Blame Copy Permalink