Wrangler — Autonomous Remediation Agent
Wrangler is the remediation agent in the Federal Frontier Platform. It runs as a Claude Code agent in a Kubernetes Job, investigates affected resources using MCP tools, takes remediation action within authorized scope, and writes outcomes back to the FFO knowledge graph.
Wrangler — Autonomous Remediation Agent
Wrangler is the remediation agent in the Federal Frontier Platform. When the Dispatch Controller classifies an alert as LOW risk and authorizes autonomous execution — or when an operator approves a MEDIUM or HIGH risk dispatch — Wrangler runs as a Claude Code agent in a Kubernetes Job, investigates the affected resource, takes remediation action within its authorized scope, and writes the outcome back to the Federal Frontier Ontology.
What Wrangler Does
Wrangler is not a script. It reasons about the specific infrastructure state at the time of the alert, using live FFO context injected at dispatch time. It knows the resource’s history, relationships, and classification level before it takes a single action.
Investigation: Wrangler queries MCP tools across 13+ servers — Kubernetes, Ceph, Grafana, Keycloak, ArgoCD, OpenStack, and others — to build a complete picture of the affected resource and its upstream and downstream dependencies.
Remediation: For LOW risk events (disk cleanup, journal vacuuming, cache invalidation, non-production pod restarts), Wrangler acts directly. For HIGH risk events, it investigates and documents findings without taking action, handing off a complete investigation to the human operator.
Verification: After acting, Wrangler verifies the outcome — confirms the alert condition has resolved, queries the resource state again, and reports confidence in the resolution.
Write-back: Wrangler writes a structured outcome to FFO: session ID, timestamp, resource, action taken, verification result, root cause, confidence score. This is the audit trail and the input to the Phase 3 learning loop.
What Wrangler Does Not Do
- Wrangler does not decide to run. The Dispatch Controller and OPA govern invocation.
- Wrangler does not choose its tools. The harness assembles
mcp.jsonat dispatch time. - Wrangler does not execute destructive operations (delete, drop, terminate, purge). These are CRITICAL risk and are rejected before Wrangler is ever invoked.
- Wrangler does not run in CRITICAL risk scenarios. Ever.
Inference Backend
| Classification | Inference |
|---|---|
| IL2-IL4 | AWS Bedrock via VPC PrivateLink (us.anthropic.claude-sonnet-4-6) |
| IL5 | AWS Bedrock GovCloud |
| IL6 air-gapped | vLLM on VitroAI |
| Tactical edge | Ollama on Ampere ARM64 |
The harness is model-agnostic. The same Agent Harness governs Wrangler regardless of which inference backend is in use.
Related
- Agent Harness (ADR-005) — The eight harness components
- OutpostAI HIL Dispatch Console — Human approval gate
- Monitoring and Alert-Driven Dispatch — How alerts become dispatches
- Sovereign Inference — Classification-aware inference routing