Use Case: Automated Security Incident Response

This sequence diagram illustrates how Stavily can automate the response to a critical security vulnerability alert.
sequenceDiagram
    participant Monitor as Monitoring Service (e.g., Trivy, Snyk)
    participant Orchestrator as Stavily Orchestrator
    participant ActionAgent as Action Agent
    participant TargetServer as Affected Server
    participant NotifService as Notification Service (e.g., Slack, Email)
    participant Jira

    Monitor->>Orchestrator: 1. [TRIGGER] Webhook fires with "Critical CVE Detected" on TargetServer
    
    Orchestrator->>Orchestrator: 2. Workflow "CVE-Remediation" starts
    
    Orchestrator->>Jira: 3. [ACTION] Create high-priority ticket
    Jira-->>Orchestrator: Ticket ID
    
    Orchestrator->>ActionAgent: 4. [ACTION] Instruction: "Quarantine TargetServer"
    ActionAgent->>TargetServer: 5. Applies restrictive firewall rules
    TargetServer-->>ActionAgent: Success
    ActionAgent-->>Orchestrator: Quarantine successful

    Orchestrator->>ActionAgent: 6. [ACTION] Instruction: "Patch Vulnerability" (e.g., `apt-get update && apt-get install --only-upgrade lib-vulnerable`)
    ActionAgent->>TargetServer: 7. Executes patch command
    TargetServer-->>ActionAgent: Success
    ActionAgent-->>Orchestrator: Patch successful
    
    Orchestrator->>ActionAgent: 8. [ACTION] Instruction: "Remove Quarantine"
    ActionAgent->>TargetServer: 9. Removes restrictive firewall rules
    TargetServer-->>ActionAgent: Success
    ActionAgent-->>Orchestrator: Quarantine removed
    
    Orchestrator->>Jira: 10. [ACTION] Add comment to ticket: "Server patched and restored"
    Orchestrator->>Jira: 11. [ACTION] Close ticket
    
    Orchestrator->>NotifService: 12. [OUTPUT] Send summary report to #security-alerts channel