$ git log --oneline -1 -- firewall-configs/

AI-driven firewall
rule management.
GitOps-native.

Business units submit firewall change requests as GitHub Issues — in plain language, with optional PDF attachments. Claude autonomously parses the intent, generates declarative YAML, writes configuration files via MCP tool, validates through Policy-as-Code, and deploys to Palo Alto Networks Strata Cloud Manager — with a full audit trail in Git.

demo mode — no credentials needed Claude API + MCP Protocol OPA / Rego policy validation Palo Alto Networks SCM integration
view on github run demo
demo project. FirePilot is an architectural portfolio piece. It demonstrates AI-driven GitOps patterns — not a production security tool. Run entirely without live infrastructure via FIREPILOT_ENV=demo.
flow

How a firewall rule gets deployed

GitHub Issue
natural language
+ optional PDF
Actions Trigger
event-driven
workflow
Claude API
autonomous
processing
write_config_file
YAML via MCP tool
to output dir
CI/OPA Gates
schema + policy
validation
PR Review
human approval
gate
SCM Deploy
via MCP server
ci/cd

Four validation gates

GATE 1
JSON Schema Validation
Structural correctness of generated YAML via check-jsonschema
GATE 2
OPA Policy Evaluation
Security semantics: zone topology, internet→db rules, tag requirements
GATE 3
SCM Dry-Run
Validation against Strata Cloud Manager API (or mock in demo mode)
GATE 4
Deploy + ITSM Update
Rule pushed to SCM via mcp-strata; issue updated via mcp-itsm
decisions

Key architectural decisions

Every non-trivial decision is documented as an ADR — including rejected alternatives and the conditions under which the decision should be revisited. 16 ADRs in total. Browse all →

GitOpsSecurity
MCP over direct API — credentials never enter Claude's context
All SCM and GitHub access is mediated by dedicated MCP servers. Claude holds no credentials. The tool surface is the operational allowlist — expanding capabilities requires an explicit code change, not a prompt edit.
ADR-0002
Policy-as-CodeNGFW
Zone topology-aware OPA validation — first-match semantics enforced at CI time
OPA/Rego policies encode the zone role vocabulary (internet, dmz, application, database …) and enforce first-match rule ordering constraints before any config reaches the SCM API. Internet-to-database paths are structurally blocked, not just discouraged.
ADR-0008 ADR-0003
Palo Alto Networks SCMSchema
YAML schema field names taken verbatim from SCM API docs — no abstraction layer
Declarative rule files use SCM API field names exactly as documented by Palo Alto Networks. No mapping layer, no renamed fields. What's in Git is what gets sent to the API. Rulebase ordering is a first-class schema concern, not an afterthought.
ADR-0007 ADR-0004
Agentic AIGitHub Issues
GitHub Issues as intake — full lifecycle in a single auditable artefact
No custom web UI. A structured Issue Template captures the request; a GitHub Actions workflow triggers Claude's autonomous agentic loop on creation. The issue contains the original request, PDF attachments, Claude's analysis, and the deployment outcome — a complete audit trail.
ADR-0009 ADR-0010
AutonomousAgentic
Autonomous processing — Claude decides, commits, or rejects without human-in-the-loop
In the asynchronous GitHub Issue workflow, interactive clarification is architecturally impossible. Claude operates with a three-tier decision model: confident (commit all), partial (commit what's unambiguous, skip the rest with documented reasoning), or unprocessable (reject with actionable feedback). The PR is the sole human approval gate.
ADR-0014
MCP ToolPipeline
Claude writes config files via MCP tool — no Markdown-to-YAML extraction
Configuration output travels through the file system via write_config_file, not through stdout regex extraction. Multi-rule support is native — Claude writes N files, the workflow commits N files. YAML validation happens at write time inside the agentic loop, not post-hoc in a workflow script.
ADR-0015
Drift DetectionGitOps
Scheduled drift detection — Git state vs. live SCM state reconciled daily
A daily GitHub Actions workflow compares firepilot-managed rules in Git against the live SCM ruleset. Out-of-band changes — GUI edits, other automation — are detected and reported as GitHub Issues. Push failures after merge trigger a label-based retry workflow without re-running Gates 1–3.
ADR-0011
Operator ConfigCost
Centralised operator config + prompt caching for multi-turn agentic loops
firepilot.yaml is the single operator configuration file — SCM defaults, zone topology, rule defaults. The system prompt and operator configuration are cached with cache_control: ephemeral, eliminating repeated input token costs across 10+ tool-use iterations per request.
ADR-0012 ADR-0013
stack

Technology stack

ORCHESTRATION
Claude API
INTEGRATION
MCP Protocol
SERVERS
Python 3.12+
POLICY
OPA / Rego
CONFIG
YAML
CI/CD
GitHub Actions
FIREWALL API
Palo Alto Networks SCM
DEMO
Docker / Compose
demo

Run it locally — no credentials needed

bash 
# Level 1 — run all CI/CD gates against fixture config
# no API key, no Docker required

$ git clone https://github.com/t11z/firepilot.git && cd firepilot
$ make demo

→ gate1  json-schema    ✓ PASS
→ gate2  opa-policy     ✓ PASS
→ gate3  scm-dry-run    ✓ PASS  (mock)
→ gate4  deploy         ✓ PASS  (demo)

# Level 2 — AI-powered analysis (requires Anthropic API key)

$ export ANTHROPIC_API_KEY=sk-ant-...
$ make demo-orchestrator

→ connecting mcp-strata-cloud-manager  (demo mode)
→ connecting mcp-itsm                  (demo mode)
→ loaded 14 tools  (7 SCM + 5 ITSM + 2 config)
→ invoking claude agentic loop ...
  list_security_zones → 4 zones
  list_security_rules → 6 rules
  write_config_file   → allow-web-to-app.yaml
→ proposal generated
✓ configuration files written to output dir