HDFS log analysis agent. Retrieves relevant log chunks, generates an answer, scores confidence across three signals, then decides whether to suggest, flag for review, or abstain.
retrieve → reason → confidence → policy → suggest / review / abstain
No tool-picking loops. The LLM answers; the pipeline decides if that answer is trustworthy.
pip install -r requirements.txtNeeds Ollama running locally with a model pulled (ollama pull mistral). For other providers set the relevant env var (GOOGLE_API_KEY, OPENAI_API_KEY, etc.) and pass --llm-provider.
# download dataset and run
python main.py --dataset HDFS_v1 --download
# single query
python main.py --demo --query "Why is blk_-1233456789 failing to replicate?"
# different LLM
python main.py --demo --llm-provider google --llm-model gemini-1.5-flash
# tail a live log
python main.py --live data/HDFS.log --live-mode interactive
# eval only
python main.py --eval-only --n-eval-queries 200Three signals, weighted sum:
| Signal | Default weight |
|---|---|
| Grounding (token overlap with retrieved context) | 0.40 |
| Self-consistency (cosine sim across two generations) | 0.35 |
| Citation density | 0.25 |
Thresholds: suggest ≥ 0.75, review ≥ 0.40, abstain below that. Both configurable in config.py.
Runs as an MCP server over stdio. Any MCP client (Claude Desktop, Cursor, etc.) can call retrieve_logs, run_agent_query, score_confidence, knowledge_graph_context, list_anomalies.
pip install "mcp>=1.0.0"
python -m src.mcp_server.servermcp.json at the repo root has ready-to-paste configs for both local venv and Docker.
docker compose up -d
docker compose exec ollama ollama pull mistral
docker compose run --rm traceops python main.py --demoCopy .env.example to .env and fill in your provider/model.
python -m pytest tests/ -vCI runs on every PR (Python 3.11 + 3.12, flake8, pytest --cov, Docker smoke test).
LogHub HDFS dataset — put HDFS.log and anomaly_label.csv in data/, or use --download. Falls back to synthetic logs if neither is present.