You've already forked incident-triage
Import UAPF package
61 lines
2.4 KiB
Markdown
61 lines
2.4 KiB
Markdown
# `lv.itsm.incident.triage` — overview
|
|
|
|
Level-4 UAPF process for triaging IT-infrastructure incidents at LVRTC.
|
|
|
|
## What it does
|
|
|
|
A new Signal lands in OpenITSM (Zabbix webhook, IMAP poll, Jira DC webhook,
|
|
manual entry). The host opens a Case and starts a session of this package
|
|
against the UAPF engine. The engine then drives the linear flow defined in
|
|
`bpmn/incident-triage.bpmn`, calling back to OpenITSM at every step:
|
|
|
|
1. **Normalize** the source-specific payload to a uniform shape.
|
|
2. **Classify** into one of nine taxonomy codes (LLM + regex fallback).
|
|
3. **Suggest** a soft P1..P4 priority.
|
|
4. **Evaluate** the three DMN tables in order: priority (binding),
|
|
ownership (LVRTC vs external), routing (which expert group).
|
|
5. **Update** the case with the decided priority + group + status=triaged.
|
|
6. **Draft** a parallel Latvian + English customer notification — flagged
|
|
PROPOSED, requires operator approval before send.
|
|
7. **Emit** the closing `routed` CaseEvent.
|
|
|
|
## Why the split
|
|
|
|
Classification, priority suggestion, and customer-response drafting are
|
|
the AI steps. Everything *binding* — the actual priority, who handles it,
|
|
which group — lives in versioned DMN, not in Python. That keeps the AI
|
|
contestable and the auditor's job tractable: an evaluator can read
|
|
`dmn/priority.dmn` and know exactly what priority an incident *will*
|
|
receive, given its severity and tier, without running anything.
|
|
|
|
## Cornerstones
|
|
|
|
- **bpmn/** — `incident-triage.bpmn` — 1 process, 9 service tasks, linear.
|
|
- **dmn/** — `priority.dmn` (14 rules), `ownership.dmn` (6 rules),
|
|
`routing.dmn` (14 rules), all FIRST hit-policy.
|
|
- **algorithms/** — 7 algorithm cards, each with embedded v2.5.0 tests.
|
|
- **resources/** — guardrails (PII, approval gating, timeouts, retention)
|
|
and host mappings (expert groups, service tiers, taxonomy).
|
|
- **metadata/** — lifecycle + ownership.
|
|
|
|
## Versioning
|
|
|
|
This package targets **UAPF v2.5.0** (track main, refreshed on every
|
|
schema release). Breaking changes follow the spec's CHANGELOG.
|
|
|
|
## Host requirements
|
|
|
|
OpenITSM must implement and advertise (via `/uapf/host/manifest`) the
|
|
seven UAPF-IP capabilities listed in `requires_capabilities`:
|
|
|
|
- `intake.normalize@1`
|
|
- `ai.classify@1`
|
|
- `ai.suggest_priority@1`
|
|
- `ai.draft_response@1`
|
|
- `dmn.evaluate@1`
|
|
- `incident.update@1`
|
|
- `event.emit@1`
|
|
|
|
The first six are intent-bearing (each governed by its own Algorithm
|
|
Card); `event.emit` is an append-only timeline writer.
|