Catalyst / admin/Synapse-Cortex 14.8 GB / 57.8 GB 40.0 GB free
Help Sign in

admin / Synapse-Cortex

public

Self Hosted ITSM Tool with RBAC/Tenanting and MFA

Code Issues Pull requests Pipelines Packages Security Insights Wiki Settings
Synapse-Cortex / Synapse-Cortexv2 / playbooks / README.md 5169 B · main
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# Playbook import files

Drop playbook `.json` files here, then load them into a **running** Synapse-Cortex
instance from **Admin → Playbooks → Import from File** — no container restart, no
rebuild. The browser reads the file and uploads it to the running API, so this
works identically whether Cortex runs in Docker or locally.

## File format

A file may hold **one** playbook object, **an array** of them, or a
`{ "playbooks": [ ... ] }` wrapper — the importer accepts all three. Each
playbook has exactly these fields (the same shape the **Export** button on a
playbook row produces, so an exported file re-imports as-is):

| Field | Type | Notes |
|---|---|---|
| `name` | string | Unique within the tenant. A name clash on import is **skipped** (never overwrites an existing playbook). |
| `enabled` | boolean | Whether the AI investigator may select it. |
| `graph_json` | object | `{ "nodes": [...], "edges": [...] }` — validated server-side on import (no Start node / unreachable command / cycle → reported as an error, that item is not created). |
| `allowed_target_os` | string[] | e.g. `["linux"]`. Empty = any OS. |
| `required_approval_level` | string | `"human_in_the_loop"` (default) or `"auto_approve"` (only importable by a global admin on a deployment with `ALLOW_AUTO_APPROVE=true`, otherwise reported as an error). |
| `forbidden_commands` | string[] | Tenant-specific blocked substrings, checked in addition to the non-overridable baseline. |
| `acknowledged_dangerous_commands` | string[] | Optional. Review-eligible baseline categories (currently only `"host_power"` → reboot/shutdown/halt/poweroff) this playbook may run **behind mandatory human review** instead of being auto-blocked. **Only importable by a `global_admin`** — otherwise reported as an error. An acknowledged run is never auto-approved. Catastrophic patterns (`rm -rf`, `mkfs`, `dd of=/dev/…`) can never be acknowledged. |

### Graph nodes

- **Start** — exactly one, `{"id": "start", "type": "start", "data": {}}`.
- **Command**`{"id": "...", "type": "command", "data": {"label": "...", "command": "..."}}`.
  Commands may use the ticket placeholders `{{username}}`, `{{ip_address}}`,
  and `{{password}}`, resolved per-ticket at run time.
- **Condition**`{"id": "...", "type": "condition", "data": {"label": "...", "expression": "..."}}`,
  with two outgoing edges whose `sourceHandle` is `"true"` / `"false"`.
  Execution always follows the `true` branch (the expression is documentation).

Edges: `{"id": "...", "source": "<node id>", "target": "<node id>", "sourceHandle": null }`.

## Import behaviour

- **Name clash** → skipped and reported (an existing playbook is never clobbered;
  rename in the file, or delete the existing one first, to re-import).
- **Invalid graph** or a disallowed `auto_approve` → that item is reported as an
  error and not created; the rest of the file still imports.
- Everything valid and new → created immediately in the running database.

## What's in this folder

Every playbook from the app's built-in **Template Catalogue** (36 Ubuntu/Debian
+ 10 Windows + 11 Docker + 14 Proxmox + 1 General) is exported here as an
individual `.json` file, so the
whole set is importable into any instance. `check-ssh-authentication-ubuntu-debian.json`
is a good complete example to read first, and the `docker-*.json` files cover
common container operations (restart, prune, compose, log/diagnostics, plus a
"locate a container's Compose project" discovery step). Import one at a time from
**Admin → Playbooks → Import from File**, and edit any of them freely in the
visual builder after importing — a template is only ever a starting point.

**Docker & container locations:** the container-level docker playbooks address
containers by name via the daemon, so they work from any directory. The Compose
playbooks **auto-locate** the project directory at run time from the container's
own Compose labels (and the update playbook also auto-derives the service name),
so no folder is ever hand-entered — you only supply the container name, and the
AI's proposed fix runs end to end with no human pointing it at a directory.
`docker-locate-a-container-s-compose-project-files.json` remains available as a
read-only diagnostic when you want to see a container's project directory and
compose-file path yourself.

**Command runner (`run-an-ai-suggested-command-review-required.json`):** the one
playbook whose command is the `{{command}}` token, supplied at run time — the AI
proposes the exact command for the ticket, a human reviews/edits it on the
approval card, and it runs only after an explicit approval. The proposed/edited
command still passes the full guardrail engine (the non-overridable
forbidden-command baseline blocks `rm -rf`, `mkfs`, `shutdown`, etc.). It can
**only be imported/created by a `global_admin`** and can never be Auto-Approve —
importing a `.json` containing `{{command}}` as a non-global-admin is reported as
an error.

These files are generated from `frontend/src/playbook/templates.ts` (the single
source of truth), so they stay identical to what the in-app catalogue shows.