AI_Sandbox/incident-triage
MCP Server
Active
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
439c7d61337f2f24f8497619a995614b246b65a5
incident-triage/docs/overview.md

2.4 KiB
Raw Blame History

lv.itsm.incident.triage — overview

Level-4 UAPF process for triaging IT-infrastructure incidents at LVRTC.

What it does

A new Signal lands in OpenITSM (Zabbix webhook, IMAP poll, Jira DC webhook, manual entry). The host opens a Case and starts a session of this package against the UAPF engine. The engine then drives the linear flow defined in bpmn/incident-triage.bpmn, calling back to OpenITSM at every step:

  1. Normalize the source-specific payload to a uniform shape.
  2. Classify into one of nine taxonomy codes (LLM + regex fallback).
  3. Suggest a soft P1..P4 priority.
  4. Evaluate the three DMN tables in order: priority (binding), ownership (LVRTC vs external), routing (which expert group).
  5. Update the case with the decided priority + group + status=triaged.
  6. Draft a parallel Latvian + English customer notification — flagged PROPOSED, requires operator approval before send.
  7. Emit the closing routed CaseEvent.

Why the split

Classification, priority suggestion, and customer-response drafting are the AI steps. Everything binding — the actual priority, who handles it, which group — lives in versioned DMN, not in Python. That keeps the AI contestable and the auditor's job tractable: an evaluator can read dmn/priority.dmn and know exactly what priority an incident will receive, given its severity and tier, without running anything.

Cornerstones

  • bpmn/incident-triage.bpmn — 1 process, 9 service tasks, linear.
  • dmn/priority.dmn (14 rules), ownership.dmn (6 rules), routing.dmn (14 rules), all FIRST hit-policy.
  • algorithms/ — 7 algorithm cards, each with embedded v2.5.0 tests.
  • resources/ — guardrails (PII, approval gating, timeouts, retention) and host mappings (expert groups, service tiers, taxonomy).
  • metadata/ — lifecycle + ownership.

Versioning

This package targets UAPF v2.5.0 (track main, refreshed on every schema release). Breaking changes follow the spec's CHANGELOG.

Host requirements

OpenITSM must implement and advertise (via /uapf/host/manifest) the seven UAPF-IP capabilities listed in requires_capabilities:

  • intake.normalize@1
  • ai.classify@1
  • ai.suggest_priority@1
  • ai.draft_response@1
  • dmn.evaluate@1
  • incident.update@1
  • event.emit@1

The first six are intent-bearing (each governed by its own Algorithm Card); event.emit is an append-only timeline writer.

Reference in New Issue View Git Blame Copy Permalink