de4ca533dd
Background thread runs qwen2.5 to analyze new security log entries: - Aggregates new entries by IP since last scan - Sends batch to local LLM with security analysis prompt - LLM classifies each IP: threat level, action, attack type, reason - Auto-bans IPs the AI recommends banning (via fail2ban) - Logs all verdicts and bans to /var/log/llm-team-sentinel.log - Logs AI bans to security log as AI_BAN events API: - /api/admin/sentinel — sentinel status, stats, recent verdicts Threat Intel tab enhancement: - Sentinel status card with magenta accent (distinct from threat cards) - Shows: model, scan count, ban count, last run, interval - Recent AI verdicts table: action, IP, attack type, reason - Errors displayed inline Security prompt tuning: - Explicit rules for common attack patterns - Low temperature (0.1) for consistent classification - JSON-only response format for reliable parsing Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>