DEVOPS · SLO + SUPPLY CHAIN

monsys.ai inside your CI/CD flow

SLO error budgets, deploy gates on Trust Score, npm supply-chain monitoring, terraform drift detection, LLM cost per team. Five hooks into your existing pipeline.

Full docs
01

SLO + error budget per application

You want to know: how many minutes of downtime do we have 'in budget' this month? And how fast are we burning it at this rate?

  1. Sidebar → Apps → click your application
  2. SLO tab → 'Define SLO' → target 0.999 + 30 days
  3. Burn-down sparkline appears in the same tab
  4. 'Embed badge' button for your README

SLO history is CSV-exportable for sprint reviews. Burn rate > 2.0 in the last hour = freeze deploys.

Same via API (bash) — for automation
curl -X POST https://app.monsys.ai/api/v1/apps/<id>/slo \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "target":      0.999,
    "window_days": 30,
    "minimum_data": 0.95
  }'

# /operations/mttr now shows: rolling 30d uptime,
# error budget remaining (minutes), burn-down sparkline,
# days-until-budget-exhausted if you keep burning.
02

Block deploy if a critical alert is open OR Trust Score is too low

Anti-pattern: 'deploy now, look at alerts later'. You want to make it mechanically impossible.

  1. Sidebar → Settings → API Tokens → generate scoped readonly token
  2. Sidebar → AI Insights → 'Deploy gate template' → copy bash snippet
  3. Paste in your CI yaml before the deploy step
  4. Test with --dry-run — shows Trust Score + open alerts

Deploy decision lives in CI logs and (optionally) in audit_log via webhook callback. Undisputed how you decided.

Same via API (bash) — for automation
#!/usr/bin/env bash
OPEN_CRITICAL=$(curl -s \
  "https://app.monsys.ai/api/v1/alerts?severity=critical&is_resolved=false&tag=production" \
  -H "Authorization: Bearer $MONSYS_TOKEN" | jq '. | length')

[[ "$OPEN_CRITICAL" -gt 0 ]] && {
  echo "✗ refusing deploy: $OPEN_CRITICAL critical alerts open"
  exit 1
}

SCORE=$(curl -s "https://app.monsys.ai/api/v1/trust-score/v12/tenant" \
  -H "Authorization: Bearer $MONSYS_TOKEN" | jq '.final_score')

[[ "$SCORE" -lt 70 ]] && {
  echo "✗ refusing deploy: Trust Score $SCORE/100 < 70"
  exit 1
}

echo "✓ Trust Score $SCORE — proceeding"
03

Auto-update CVE-vulnerable npm deps but pin our DB driver

You want to bulk-fix via 'Auto-update all', but mysql2 version 2.4.x has an ABI break that hits your production.

  1. Sidebar → Recommendations → 'Application CVEs'
  2. On mysql2 → 3-dots → 'Suppress this fix'
  3. Enter expires_at + reason
  4. Future Auto-update-all shows skip with reason

cve_suppressions appears in the Audit Pack under 'managed exceptions' — the auditor sees deliberate decision, not forgotten bug.

Same via API (bash) — for automation
curl -X POST https://app.monsys.ai/api/v1/cve-suppressions \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "package_name":  "mysql2",
    "ecosystem":     "npm",
    "version_range": ">=2.4.0",
    "reason":        "ABI break — see PROD-123",
    "expires_at":    "2026-09-01"
  }'

# Future "Auto-update all" skips this upgrade
# AND records the reason in monthly evidence.
04

Detect npm maintainer change (supply-chain indicator)

A legitimate npm package you depend on suddenly gets a new publish maintainer. Often benign — sometimes precursor to a compromise.

  1. Sidebar → Inventory → Dependencies tab
  2. Filter 'Maintainer changed last 7 days'
  3. Per package: current + previous maintainer set
  4. Click suspect → 'Pin version' or 'Investigate'

A hit triggers a webhook to your incident tooling. Optionally: IsolateNetwork EAT on staging where the package already landed.

Same via API (sql) — for automation
SELECT package_name, ecosystem,
       maintainers, deprecated,
       last_maintainer_change_at, seen_at
  FROM supply_chain_maintainer_cache
 WHERE tenant_id = $1::UUID
   AND last_maintainer_change_at
       >= NOW() - INTERVAL '7 days'
 ORDER BY last_maintainer_change_at DESC;
05

LLM cost per team via SDK

Your whole org uses OpenAI/Claude. You want to know: which team costs what, and what's whose p95 latency.

  1. Sidebar → AI → 'Per team' tab
  2. Default grouping on 'team' tag from SDK
  3. Filter on cost or p95 latency
  4. 'Export monthly CSV' for cross-charge

Monthly CSV export for financial cross-charging. Tokens + cost + p95 + refusal rate per team, project, model.

Same via API (python) — for automation
from monsys_ai import MonsysClient

client = MonsysClient(
    hub_url="https://hub.monsys.ai",
    api_key=os.environ["MONSYS_AI_TOKEN"],
    tenant="acme",
    team="checkout",        # → tag op every trace
)

with client.trace("price-lookup") as t:
    resp = openai.chat.completions.create(...)
    t.add_llm_call(
        model=resp.model,
        prompt_tokens=resp.usage.prompt_tokens,
        completion_tokens=resp.usage.completion_tokens,
    )

Other roles

Read the extended practical docs