feat(agentic): add Security Threat Intelligence Agent

[RohitSwami33]

What does this PR do?

Adds a new Security Threat Intelligence Agent to the Agentic kits.

Problem Statement

Security analysts and developers waste valuable time manually checking suspicious IPs or domains across multiple siloed threat intelligence tools (VirusTotal, AbuseIPDB, Shodan).

The Solution

This agent utilizes Lamatic's Flow Builder to execute a Fan-Out architecture.

1. The user inputs an indicator via the Next.js frontend.
2. The trigger fires parallel HTTP requests to VirusTotal, AbuseIPDB, and Shodan.
3. A Deepseek LLM node synthesizes the raw data from all three scanners.
4. The flow returns a structured JSON threat report with a unified risk score and recommendation.

Features

• Complete Next.js 14 (App Router) frontend with dark-mode UI.
• Defensive JSON parsing to handle Markdown-wrapped LLM responses.
• Exported lamatic-config.json included in the kit.
• Detailed README.md with setup instructions.

feat(agentic): add Security Threat Intelligence Agent

• New kit: Security Threat Intelligence Agent for parallel IP threat analysis
• Frontend: Next.js 14 (App Router) dark-mode UI with form input for IP scanning
• Architecture: Fan-out workflow via Lamatic Flow Builder with parallel threat data collection
• Integrations: VirusTotal, AbuseIPDB, and Shodan APIs for threat intelligence
• LLM synthesis: Deepseek LLM node aggregates scanner results into structured JSON threat report
• Risk reporting: Unified risk score (0–100), color-coded risk levels (CRITICAL/HIGH/MEDIUM/LOW), and actionable recommendations
• Implementation details:
  • Defensive JSON parsing for markdown-wrapped LLM responses
  • GraphQL integration with Lamatic workflow engine
  • Tailwind CSS dark theme with progress bars and status badges
• Configuration: lamatic-config.json with workflow, external API definitions, and LLM prompt templates
• Project files: Complete Next.js 14 setup with TypeScript, ESLint, PostCSS, and comprehensive README with setup and troubleshooting guides

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces a complete Security Threat Intelligence Agent kit with Next.js scaffolding, Tailwind CSS styling, TypeScript configuration, and a Lamatic workflow for parallel IP threat analysis across VirusTotal, AbuseIPDB, and Shodan APIs, including client-side threat report parsing and visualization.

Changes

Cohort / File(s)	Summary
Configuration & Build Setup next.config.js, postcss.config.js, tailwind.config.ts, tsconfig.json	Project configuration for Next.js, TypeScript strict mode, PostCSS with Tailwind CSS, and custom Tailwind theme extensions (neutral/cyan colors, spin animation).
Environment & Tooling .env.example, .gitignore, package.json	Environment variable setup for Lamatic API key, comprehensive .gitignore coverage for Node/Next.js artifacts, and npm dependencies/scripts for Next.js 14.2.35 with TypeScript and TailwindCSS.
Next.js App Structure app/layout.tsx, app/page.tsx, app/globals.css	Root layout with metadata and Inter font, global Tailwind CSS initialization with custom properties and utilities, and client-side threat analysis page with GraphQL query to Lamatic, result parsing, and risk-level-based threat report rendering.
Workflow & Documentation lamatic-config.json, README.md	Lamatic workflow configuration for Security Threat Intelligence Agent with LLM prompt templates and three external API integrations (VirusTotal, AbuseIPDB, Shodan); comprehensive kit documentation with architecture overview, setup instructions, API schema, risk thresholds, and troubleshooting.

Sequence Diagram

sequenceDiagram
    participant User
    participant Client as React Client<br/>(app/page.tsx)
    participant LamaticAPI as Lamatic GraphQL<br/>API
    participant ExternalAPIs as External APIs<br/>(VirusTotal, AbuseIPDB, Shodan)
    participant LLM as LLM Processor

    User->>Client: Submit IP address via form
    Client->>LamaticAPI: executeWorkflow(IP, NEXT_PUBLIC_LAMATIC_API_KEY)
    LamaticAPI->>ExternalAPIs: Parallel threat queries for IP
    ExternalAPIs-->>LamaticAPI: Threat data (malware scores,<br/>abuse reports, host info)
    LamaticAPI->>LLM: Process results with system prompt
    LLM-->>LamaticAPI: Structured threat_report<br/>(risk_level, risk_score, summary)
    LamaticAPI-->>Client: GraphQL response with<br/>nested data.executeWorkflow.result
    Client->>Client: Parse JSON result,<br/>validate threat_report
    Client-->>User: Render threat analysis card<br/>(risk badge, score bar,<br/>recommended action)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Fix : Config Removal #42 — Modifies Lamatic environment variable configuration in .env.example, overlapping with this PR's introduction of NEXT_PUBLIC_LAMATIC_API_KEY.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(agentic): add Security Threat Intelligence Agent' directly and clearly describes the main change—adding a new Security Threat Intelligence Agent to the agentic kits, which aligns with all file additions and the PR objectives.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can generate a title for your PR based on the changes with custom instructions.

Set the reviews.auto_title_instructions setting to generate a title for your PR based on the changes in the PR with custom instructions.

[coderabbitai]

Actionable comments posted: 9

🧹 Nitpick comments (1)

.gitignore (1)

1-33: Consider adding common IDE and editor directories.

The .gitignore file could be enhanced by adding patterns for common IDEs and editors to prevent developer-specific configurations from being committed.

💡 Suggested additions for IDE directories

Add a new section before or after the existing sections:

+# IDEs and editors
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+
 # dependencies

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1d09271a-7cdb-427e-a78e-9d33c32062cd

📥 Commits

Reviewing files that changed from the base of the PR and between e1ceb47 and 9145669.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (12)

• .env.example
• .gitignore
• README.md
• app/globals.css
• app/layout.tsx
• app/page.tsx
• lamatic-config.json
• next.config.js
• package.json
• postcss.config.js
• tailwind.config.ts
• tsconfig.json

[amanintech]

invalid agentKit contribution