# coreos-cve-agent

**Repository Path**: mirrors_coreos/coreos-cve-agent

## Basic Information

- **Project Name**: coreos-cve-agent
- **Description**: Agent used to verify is a RHEL CVE is fixed in RHEL CoreOS
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: main
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2025-10-10
- **Last Updated**: 2025-12-13

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# CoreOS CVE Agent

An intelligent agent system for processing and analyzing RHEL CoreOS (RHCOS) Common Vulnerabilities and Exposures (CVEs) using Google's Agent Development Kit (ADK) and AI models.

## Overview

The CoreOS CVE Agent automatically gathers, processes, and verifies CVE information related to Red Hat Enterprise Linux CoreOS from the Red Hat Jira instance. It uses a multi-agent pipeline to:

1. Query Jira for RHCOS CVEs and extract associated OCPBUGS
2. Find RHEL package fixes for each CVE
3. Get latest OCP versions for affected components
4. Verify package presence in RHCOS builds

## How to get started

### Prerequisites
- Python 3.11+
- [uv](https://docs.astral.sh/uv/) Python package manager
- Google API key
- Access to Red Hat Jira instance

### Installation and Setup

1. Clone and install dependencies:
   ```bash
   git clone <repository-url>
   cd coreos-cve-agent
   uv sync
   ```

2. Set up environment variables:
   ```bash
   cp .env.example .env
   # Edit .env with your API keys
   ```

3. Run the agent:
   ```bash
   # Using ADK run
   uv run adk run

   # Using ADK web interface
   uv run adk web

   # Using the direct script
   uv run python run_agent.py
   ```

## Telemetry and Tracing with Phoenix (Optional)

For observability and debugging, you can run Phoenix to monitor agent performance and trace execution flows:

```bash
podman run --rm -p 6006:6006 -p 4317:4317 -i -t arizephoenix/phoenix:latest
```

Access the Phoenix UI at `http://localhost:6006` to view traces and telemetry data.

## Documentation

- **[User Guide](USER_GUIDE.md)**: Comprehensive user guide with features, limitations, and usage guidelines
- **[Data Flow Diagram](DATA_FLOW_DIAGRAM.md)**: Visual representation of system integrations and data flows

## Configuration

### Environment Variables (.env)

Create a `.env` file with the following variables:

```env
# Gemini model configurations
GEMINI_FLASH_MODEL="gemini-2.5-flash"
GEMINI_PRO_MODEL="gemini-2.5-pro"

# Google API Key for Gemini models
GOOGLE_API_KEY="your-google-api-key"
GOOGLE_GENAI_USE_VERTEXAI="FALSE"

# Red Hat Jira credentials
JIRA_TOKEN="your-jira-token"

# OpenShift release accepted URL
OCP_RELEASE_ACCEPTED_URL="https://amd64.ocp.releases.ci.openshift.org/api/v1/releasestreams/accepted"

# Red Hat Jira URL
JIRA_URL="https://issues.redhat.com"

# Registry Authentication
REGISTRY_AUTH_FILE="you registry auth file path, ie: ${XDG_RUNTIME_DIR}/containers/auth.json"
```

### AI Models

The agent uses Google's Gemini models:
- **Gemini Flash** (gemini-2.5-flash): For Jira queries and version lookups
- **Gemini Pro** (gemini-2.5-pro): For build verification tasks