# Project Specification: LLM-Powered Monitoring Agent

## 1. Project Goal

The primary goal of this project is to develop a self-contained Python script, `monitor_agent.py`, that functions as a monitoring agent. This agent will collect system and network data, use a locally hosted Large Language Model (LLM) to analyze the data for anomalies, and send alerts through Discord and Home Assistant if an anomaly is detected.

## 2. Core Components

The project will be composed of the following files:

- **`monitor_agent.py`**: The main Python script containing the core logic for data collection, analysis, and alerting.
- **`config.py`**: A configuration file to store sensitive information and settings, such as API keys and URLs.
- **`requirements.txt`**: A file listing all the necessary Python libraries for the project.
- **`README.md`**: A documentation file providing an overview of the project, setup instructions, and usage examples.
- **`.gitignore`**: A file to specify which files and directories should be ignored by Git.
- **`PROGRESS.md`**: A file to track the development progress of the project.

## 3. Functional Requirements

### 3.1. Configuration

- The agent must load configuration from `config.py`.
- The configuration shall include placeholders for:
    - `DISCORD_WEBHOOK_URL`
    - `HOME_ASSISTANT_URL`
    - `HOME_ASSISTANT_TOKEN`
    - `GOOGLE_HOME_SPEAKER_ID`
    - `DAILY_RECAP_TIME`

### 3.2. Data Ingestion and Parsing

- The agent must be able to collect and parse system logs.
- The agent must be able to collect and parse network metrics.
- The parsing of this data should result in a structured format (JSON or Python dictionary).

### 3.3. LLM Analysis

- The agent must use a local LLM (via Ollama) to analyze the collected data.
- The agent must construct a specific prompt to guide the LLM in identifying anomalies.
- The LLM's response will be either "OK" (no anomaly) or a natural language paragraph describing the anomaly, including a severity level (high, medium, low).

### 3.4. Alerting

- The agent must be able to send alerts to a Discord webhook.
- The agent must be able to trigger a text-to-speech (TTS) alert on a Google Home speaker via Home Assistant.

### 3.5. Alerting Logic

- Immediate alerts (Discord and Home Assistant) will only be sent for "high" severity anomalies.
- A daily recap of all anomalies (high, medium, and low) will be sent at a configurable time.

### 3.6. Main Loop

- The agent will run in a continuous loop.
- The loop will execute the data collection, analysis, and alerting steps periodically.
- The frequency of the monitoring loop will be configurable.

## 4. Future Features

- **4.1. Data Storage and Averaging**: Store historical system data to calculate baseline averages for more accurate anomaly detection.

## 5. Technical Requirements

- **Language**: Python 3.8+
- **LLM**: `llama3.1:8b` running on a local Ollama instance.
- **Libraries**:
    - `ollama`
    - `discord-webhook`
    - `requests`
    - `syslog-rfc5424-parser`
    - `apachelogs`
    - `jc`

## 6. Project Structure

```
/
├── .gitignore
├── config.py
├── monitor_agent.py
├── PROMPT.md
├── README.md
├── requirements.txt
├── PROGRESS.md
└── SPEC.md
```