Skip to content

Define next-gen requirements for Raven CMDB event integration #196

Open
Open
Define next-gen requirements for Raven CMDB event integration#196
Labels
enhancementNew feature or requeststatus:needs-reviewIssue pending maintainer review
@alexandervazquez98

Description

@alexandervazquez98
alexandervazquez98
opened on May 29, 2026

Pre-flight Checks

  • I searched existing issues for Raven/CMDB integration and did not find a duplicate.
  • This issue is a requirements/TODO tracking issue for maintainer review.

Problem Description

Raven is being designed as a local CMDB + operational timeline for CIs. next-gen is expected to be one of the upstream ecosystems that observes network/CI activity and provides signals for Raven to record.

Before wiring the two systems together, we need to verify what next-gen must provide so Raven can reliably create CIs, attach events to the correct ci_id, preserve evidence, and deduplicate repeated alerts.

Proposed Solution

Define and verify a next-gen → Raven integration contract.

At minimum, next-gen should be able to emit or expose enough data for Raven commands such as:

raven event capture <ci-id> --source next-gen --text "..."
raven event ingest --source next-gen --file alert.json
raven timeline <ci-id>

Normalized event payload example:

{
  "ci_id": "FW-MAIN-001",
  "type": "network_alert",
  "severity": "warning",
  "summary": "High packet loss detected on WAN link",
  "external_id": "ng-98765",
  "observed_at": "2026-05-28T21:00:00Z",
  "raw": "{...source evidence...}"
}

TODO / Requirements to Verify

CI identity

  • Confirm next-gen can provide a stable Raven-compatible ci_id for each monitored CI.
  • If ci_id is unavailable, decide whether next-gen should resolve it before emitting events or include aliases such as IP/hostname/serial/MAC.
  • Define naming conventions for ci_id values.

Event identity and deduplication

  • Confirm every next-gen event has a stable external_id.
  • Define Raven dedup key convention: usually next-gen:<external_id>.
  • Confirm repeated alerts/retries do not create duplicate Raven events.

Event fields

  • Define supported event type values, e.g. network_alert, diagnosis, maintenance, incident, resolution.
  • Define supported severity vocabulary, e.g. info, warning, critical.
  • Define status vocabulary, e.g. open, triaged, resolved.
  • Ensure summary is short and operator-readable.
  • Ensure raw evidence or source payload can be preserved when useful.

Timing

  • Confirm next-gen can provide observed_at in RFC3339 format.
  • Let Raven set ingested_at when it stores the event.

Transport

  • Decide first integration method: file, stdout pipe, local HTTP, or direct command execution.
  • For MVP, prefer either raven event capture for text or raven event ingest --file for normalized JSON.
  • Later consider event ingest --stdin or local HTTP endpoint.

AI/proxy behavior

  • Decide where Gemini CLI / Gemini proxy / Ollama agents receive Raven instructions.
  • Ensure agents do not invent ci_id values.
  • Ensure agents choose event capture for freeform diagnosis and event ingest for normalized structured events.
  • Ensure source is explicit: next-gen, gemini-cli, ollama, etc.

Storage roadmap

  • Raven currently stores JSON under user config.
  • Verify what needs to be stable before moving Raven to SQLite.
  • Avoid allowing models to write SQLite directly; prefer Raven CLI/API validation first.

Acceptance Criteria

  • A minimal next-gen payload contract is documented.
  • A sample next-gen alert can be converted into a Raven event.
  • The event lands on the correct Raven CI timeline.
  • Duplicate delivery of the same next-gen alert is rejected or safely ignored by Raven.
  • Missing/unknown CI IDs have a defined handling path.

Additional Context

Related Raven docs/work in progress:

  • docs/design/next-gen-event-ingest.md
  • docs/ai-usage.md
  • docs/agent-setup.md

Raven currently supports:

raven ci add ...
raven ci list
raven ci show <ci-id>
raven event capture <ci-id> --source ... --text ...
raven event ingest --source next-gen --file alert.json
raven timeline <ci-id>

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requeststatus:needs-reviewIssue pending maintainer review

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions