CloudLens demo app: menu bar cloud sentinel (milestone 2)#3
Closed
jeffreyaven wants to merge 3 commits into
Closed
CloudLens demo app: menu bar cloud sentinel (milestone 2)#3jeffreyaven wants to merge 3 commits into
jeffreyaven wants to merge 3 commits into
Conversation
CloudLens embeds the StackQL MCP server and runs a small read_only pulse suite, surfacing state in the macOS menu bar with native notifications. Structure (two SwiftPM targets so the logic is CI-testable without a GUI): CloudLensCore (library, no SwiftUI): - Finding/Severity/PulseKind/PulseResult domain model with the SQL behind each finding carried through to notifications. - FindingDiff: pure menu-bar-state derivation and new-since-last-run diff. - Pulse protocol + RowParser (parses StackQL JSON-array tool output) and three pulses: PosturePulse (github null_auth, the zero-cred demo pulse), SpendPulse and ExposurePulse (AWS, degrade to "not configured" without creds rather than a false all-calm). - SentinelModel: @mainactor orchestrator - starts the embedded server, runs the suite, derives state, diffs, fires the new-findings hook. - AnthropicAgent: URLSession Messages API client (no official Swift SDK), x-api-key + anthropic-version headers, claude-opus-4-8, key never bundled. - Keychain: generic-password store for the Anthropic key. CloudLens (executable, SwiftUI): - MenuBarExtra app; icon reflects calm/attention/unknown; popover shows the three pulses with each finding's SQL (selectable). AppDelegate runs an initial check at launch then on a 15-minute schedule. - Notifications: one native notification per new attention finding, body includes the SQL behind it. Tests (CloudLensCoreTests, offline): finding diff/state, row parsing, each pulse's finding generation and severity thresholds, agent prompt building and response extraction. CI builds the CloudLens product explicitly and runs the new test target (swift build/test already cover both). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Long-lived feature branches may stack on each other (CloudLens is based on the package branch, not main), so a PR whose base is another feature branch never matched 'pull_request: branches: [main]' and got no CI. Run on every PR and on pushes to main and feature/** so stacked branches are validated. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A [String: String] literal of runtime variables does not implicitly convert to [String: Value] (Value's ExpressibleByStringLiteral only applies to string literals). Add a call(_:stringArgs:) overload that maps via Value(stringLiteral:) and use it from the pulses. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Milestone 2: the
CloudLensmenu bar cloud sentinel demo app.Based on the package branch (PR #1) so this PR shows only the CloudLens delta. Merge #1 first, then this retargets to
main.Structure
Two SwiftPM targets so the logic is CI-testable without a GUI:
CloudLensCore(library, no SwiftUI):Finding/Severity/PulseKind/PulseResult) carrying the SQL behind each finding through to notifications.FindingDiff- pure menu-bar-state derivation + new-since-last-run diff.Pulseprotocol +RowParserand three pulses:PosturePulse(githubnull_auth, the zero-cred demo pulse),SpendPulse/ExposurePulse(AWS, degrade to "not configured" without creds rather than a false all-calm).SentinelModel-@MainActororchestrator: starts the embedded server, runs the suite, derives state, diffs, fires the new-findings hook.AnthropicAgent- URLSession Messages API client (no official Swift SDK),x-api-key+anthropic-version,claude-opus-4-8; key from Keychain, never bundled.Keychain- generic-password secret store.CloudLens(executable, SwiftUI):MenuBarExtraapp; icon reflects calm/attention/unknown; popover shows the three pulses with each finding's SQL (selectable).AppDelegateruns an initial check at launch then on a 15-min schedule.Notifications- one native notification per new attention finding, body includes the SQL behind it.Tests
CloudLensCoreTests(offline): finding diff/state, row parsing, each pulse's finding generation + severity thresholds, agent prompt building + response extraction. CI builds theCloudLensproduct explicitly and runs the new test target.Notes
.appthat bundles the binary is the documented packaging step (docs/bundling-and-notarisation.md), not a CI artifact.Generated with Claude Code.