InfraPilot

InfraPilot

Enables infrastructure operations including provisioning, configuration, monitoring, compliance auditing, and auto-remediation through natural language, using Terraform and Ansible tools exposed over MCP.

Category
访问服务器

README

InfraPilot 🛰️

Agentic AI for infrastructure operations. A multi-agent system that provisions, monitors, validates compliance and auto-remediates cloud, network and security infrastructure — built on Python, MCP, Anthropic Claude, Terraform and Ansible.

CI Python License: MIT IaC

InfraPilot closes the full ops loop end-to-end: provision → configure → observe → audit → remediate → re-audit, coordinated by a crew of specialised AI agents — and it runs out of the box with no cloud account, no API key and no Terraform/Ansible binaries required (it transparently simulates execution when a binary is absent).


Why it exists

Most "AI for DevOps" demos stop at a chatbot that writes a Terraform snippet. InfraPilot models the operational loop an automation engineer actually owns: turning declarative intent into running infrastructure, watching it, proving it meets security/governance policy, and fixing drift automatically through code — with every action typed, reported and auditable.

Architecture

Two ways to drive it (CLI or MCP) feed one orchestrator. The orchestrator runs a crew of five agents in sequence; each agent owns exactly one tool, and every tool runs through a single executor that either calls the real binary or falls back to a labelled simulation. Claude is an optional reasoning layer wired into the agents — never a hard dependency.

flowchart TB
    CLI["CLI · infrapilot run"] --> ORCH
    MCPC["MCP client · Claude Desktop / Code"] --> MCPS["MCP server"] --> ORCH

    subgraph ORCH["Orchestrator — sequential ops loop"]
        direction LR
        P[Provisioner] --> C[Configurator] --> O[Observer] --> A[Compliance Auditor] --> R[Remediator]
        R -. re-audit .-> A
    end

    CLAUDE["Anthropic Claude · optional<br/>anomaly triage · remediation rationale"] -. reasoning .-> ORCH

    P --> TF[Terraform tool]
    C --> AN[Ansible tool]
    O --> MON[Monitoring tool]
    A --> POL[Policy-as-code engine]
    R --> REM[Remediation strategies]

    TF --> EX
    AN --> EX
    MON --> EX
    POL --> EX
    REM --> EX
    EX["Executor — real binary if present, else simulated"] --> STATE[("Infra state · Terraform / Ansible")]
  • One orchestrator, one job each. A dependency-free sequential loop coordinates the five agents; the whole thing runs in CI and is what the tests exercise — no heavyweight agent framework to install or mock.
  • Tools are the source of truth. Terraform, Ansible, monitoring, policy and remediation logic live in infrapilot/tools/, shared by both the CLI loop and the MCP server — one implementation, two ways to drive it.
  • MCP-native. infrapilot/mcp_server/ exposes the tools over the Model Context Protocol, so Claude Desktop / Claude Code / any MCP client can run infra operations through natural language.
  • Claude optional. With ANTHROPIC_API_KEY set, each agent calls Claude to triage anomalies and justify remediations. Without it, the loop still completes deterministically.

Quickstart

git clone https://github.com/Gsfrota/infra-pilot && cd infra-pilot
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"

infrapilot demo          # fully simulated end-to-end run — no creds needed

Example output (abridged):

╭──────────────────────── InfraPilot run ────────────────────────╮
│ engine=native  llm=off  compliance score=100.0/100             │
╰────────────────────────────────────────────────────────────────╯
 provision   ok     4 resources provisioned (simulated)
 configure   ok     configuration applied (simulated)
 observe     warn   3 anomalies detected
 audit       error  3 violations, score 43.8
 remediate   ok     3 fixes applied, score 43.8 -> 100.0

Commands

Command What it does
infrapilot demo Self-contained simulated run (no cloud/API key/binaries).
infrapilot run Full loop; uses real terraform/ansible if installed.
infrapilot run --no-remediate Audit + propose fixes without applying.
infrapilot audit Compliance gate — exits non-zero on any violation (great in CI).

Use it from Claude (MCP)

pip install -e ".[mcp]"
infrapilot-mcp            # serves the tools over MCP (stdio)
// claude_desktop_config.json
{
  "mcpServers": {
    "infrapilot": { "command": "infrapilot-mcp" }
  }
}

Then ask Claude: "Provision the infra, audit it for security issues, and remediate anything critical."

How the loop works

  1. ProvisionTerraformTool applies infra/desired_state.yaml (real terraform apply against the local/null/random providers when the binary is present; simulated otherwise).
  2. ConfigureAnsibleTool converges host configuration via a playbook.
  3. ObserveMonitoringTool ingests a Prometheus-style telemetry snapshot and triages anomalies against thresholds.
  4. Audit — the policy-as-code engine evaluates every resource against policies/policies.yaml; new governance rules are added in YAML, not code.
  5. RemediateRemediationTool maps each violation to a least-privilege fix and applies it through the right IaC backend (Terraform or Ansible).
  6. Re-audit — the loop re-scores compliance to prove the drift is closed.

Policy-as-code

- id: SEC-001
  name: "No SSH open to the internet"
  severity: critical
  resource_type: security_group
  rule: no_ingress_cidr
  params: { port: 22, forbidden_cidr: "0.0.0.0/0" }
  remediation: restrict_sg_ingress

Built-in rules: required_tag, no_ingress_cidr, attribute_equals, attribute_max. Built-in remediations: add_tag, restrict_sg_ingress, enable_encryption, restart_service.

Project layout

infrapilot/
├── agents/        # role/goal/backstory crew
├── engines/       # the sequential orchestrator (native.py)
├── tools/         # terraform · ansible · monitoring · compliance · remediation
├── mcp_server/    # MCP server exposing the tools
├── llm.py         # optional Anthropic Claude reasoning layer
├── reporting.py   # rich console + JSON/Markdown artifacts
└── cli.py         # typer CLI
infra/             # terraform/, ansible/, observability/, desired_state.yaml
policies/          # policy-as-code
tests/             # pytest suite (engine, compliance, monitoring, remediation)

Development

pip install -e ".[dev]"
ruff check .          # lint
pytest                # tests
infrapilot demo       # smoke test the full loop

CI (GitHub Actions) runs ruff + pytest on 3.10/3.11/3.12 and additionally installs real Terraform and Ansible to validate/lint the IaC.

Roadmap

  • [ ] Real cloud providers behind a feature flag (AWS/GCP modules)
  • [ ] Parallel agent execution where the loop allows it
  • [ ] Drift detection on a schedule (cron / GitHub Actions)
  • [ ] OPA/Rego policy backend option

License

MIT — see LICENSE.


Built by Guilherme Frota Souza — Infrastructure & Automation Engineer.

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选
Exa MCP Server

Exa MCP Server

模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。

官方
精选