|
ARMA is a modular, multi-agent assistant for Azure resource provisioning, validation, and management, built with LangGraph and LangChain v1. |
- TL;DR
- Features
- Architecture
- Quickstart
- Usage Examples
- Development
- Bicep Templates
- Contributing
- License
What it does: ARMA is an AI-powered assistant that helps you deploy and manage Azure resources using natural language. It translates your requests into validated Bicep templates, provides what-if analysis, and executes deployments with human-in-the-loop approval.
Who it's for: DevOps engineers, cloud architects, and developers who want to streamline Azure infrastructure management without writing IaC manually.
Quick start:
git clone https://github.com/eosho/arma.git && cd arma
uv sync
uv run poe dev-agent- π£οΈ Natural Language Interface - Describe what you want in plain English
- π Intelligent Template Discovery - Automatically finds and configures Bicep templates
- π What-If Analysis - Preview changes before deployment with Azure's native what-if API
- β Human-in-the-Loop (HITL) - Approve/reject sensitive operations before execution
- π·οΈ Automatic Tagging - Tags deployed resources with metadata (user, timestamp, agent)
- πΎ Conversation Memory - Persistent checkpointing for stateful conversations
- π TODO Planning - Breaks down complex deployments into manageable steps
- π Azure-Native Auth - Uses
DefaultAzureCredentialvia the Azure CLI
sequenceDiagram
actor User
participant Agent as ARMA Agent<br/>(LangGraph)
participant Middleware as Middleware Stack
participant Tools as Agent Tools
participant Azure as Azure Services
User->>Agent: "Deploy storage account 'mystorageacct' in test-rg"
activate Agent
Agent->>Middleware: Preflight Validation
Middleware-->>Agent: Context enriched
Agent->>Middleware: Template Discovery
Middleware-->>Agent: Bicep template located
Agent->>Tools: plan_deployment(resource_type, params)
activate Tools
Tools->>Azure: Query Resource Graph
Azure-->>Tools: Existing resources
Tools-->>Agent: Deployment plan created
deactivate Tools
Agent->>Tools: preview_what_if(template, params)
activate Tools
Tools->>Azure: What-If API call
Azure-->>Tools: Predicted changes
Tools-->>Agent: Impact analysis
deactivate Tools
Agent-->>User: π Approval Required<br/>Preview changes
User->>Agent: Approve
Agent->>Tools: execute_deployment(template, params)
activate Tools
Tools->>Azure: Bicep compile
Azure-->>Tools: ARM template
Tools->>Azure: Deployment API
Azure-->>Tools: Deployment in progress
Tools-->>Agent: Deployment initiated
deactivate Tools
Agent->>Middleware: Apply resource tags
Middleware->>Azure: Tag resources
Agent-->>User: β
Deployment completed
deactivate Agent
Key Components:
- Agent State: Tracks Azure context, deployment plans, validation results
- Tools: Modular functions for Azure operations (query, plan, execute, delete)
- Middleware: Interceptors that enhance agent capabilities (see below)
- Checkpointer: Memory-based state persistence for HITL and conversation continuity
ARMA uses a middleware architecture to intercept and enhance agent requests. Middleware components are located in src/arma/agent/middleware/:
| Middleware | Purpose | Location |
|---|---|---|
| Preflight Validation | Validates Azure credentials and context before execution | pre_flight.py |
| Template Discovery | Automatically finds and suggests appropriate Bicep templates | template_discovery.py |
| Conversation Summary | Maintains conversation context and summarizes long histories | conversation_summary.py |
| Resource Tagging | Automatically tags deployed resources with metadata (user, timestamp, agent) | tagging.py |
| Usage Tracking | Monitors tool usage, token consumption, and performance metrics | usage_tracking.py |
| Template Discovery | Automatically finds appropriate Bicep templates from local store | template_discovery.py |
Each middleware implements hooks like before_agent, before_model, after_model, etc. to intercept and modify the agent's behavior at different stages of execution.
ARMA's agent tools are implemented in src/arma/agent/tools/:
| Tool | Purpose | Location |
|---|---|---|
| Resource Management | check_existing_resource, list_resources, get_resource, delete_resource, update_resource_tags |
resource.py |
| Deployment | plan_deployment, preview_what_if |
plan.py |
| Execution | execute_deployment |
execute.py |
| Generic | get_arma_version, get_current_date |
generic.py |
| Validation | execute_deployment |
execute.py |
- Python 3.11+ (3.12 recommended)
- uv package manager (install)
- Azure CLI with active login (
az login) - Azure OpenAI or OpenAI API key
# Clone the repository
git clone https://github.com/eosho/arma.git
cd arma
# Install dependencies
uv sync
# Copy environment template
cp .env.example .env
# Configure your .env file
# Required: AZURE_OPENAI_ENDPOINT, AZURE_OPENAI_API_KEY, AZURE_OPENAI_DEPLOYMENT
# Or: OPENAI_API_KEY (for OpenAI instead of Azure OpenAI)Create a .env file in the project root:
# Azure OpenAI (recommended)
AZURE_OPENAI_ENDPOINT=https://your-endpoint.openai.azure.com/
AZURE_OPENAI_API_KEY=your-api-key
AZURE_OPENAI_DEPLOYMENT=gpt-4 # Your deployment name
AZURE_OPENAI_API_VERSION=2024-02-15-preview
# OR OpenAI (alternative)
# OPENAI_API_KEY=sk-...
# Optional: LangSmith tracing
# LANGCHAIN_TRACING_V2=true
# LANGCHAIN_API_KEY=your-langsmith-key
# LANGSMITH_PROJECT=arma-dev
# Optional: Database for persistence (future)
# DATABASE_URL=postgresql://user:pass@localhost:5432/arma# Interactive CLI
uv run poe dev-agentExample interaction:
π ARMA Agent
============================================================
π€ You: Deploy a premium key vault arma-kv-test in test-rg in eastus
π€ Agent: β Template found: Microsoft.KeyVault/vaults
β Plan created: 1 resource
β What-if: 1 CREATE operation
============================================================
HUMAN APPROVAL REQUIRED
============================================================
Action: execute_deployment
Decision ([a]pprove/[r]eject): a
β
Deployment completed! (12.3s)
π€ You: List all storage accounts in my subscription
π‘ Agent: Found 3 storage accounts:
- mystorageacct (eastus, Standard_LRS)
- proddata001 (westus2, Standard_GRS)
- devlogs (eastus2, Standard_LRS)
π€ You: What would happen if I deployed a VM in test-rg?
π‘ Agent: Running what-if analysis...
Changes:
+ Microsoft.Compute/virtualMachines/testvm
+ Microsoft.Network/networkInterfaces/testvm-nic
+ Microsoft.Network/publicIPAddresses/testvm-ip
π€ You: Delete storage account mystorageacct
β οΈ APPROVAL REQUIRED
Action: delete_resource
Resource: /subscriptions/.../storageAccounts/mystorageacct
Decision: approve
β
Resource deleted successfully
arma/
βββ src/arma/
β βββ agent/
β β βββ factory.py # Agent factory
β β βββ prompt.py # System prompts
β β βββ state/ # State schemas
β β βββ tools/ # Agent tools
β β βββ middleware/ # Middleware stack
β β βββ checkpointer/ # Checkpointer factory
β β βββ llm/ # LLM registry
β βββ core/ # Core utilities
βββ bicep/modules/ # Bicep templates by resource type
βββ pyproject.toml
β βββ models/ # Database models (future) βββ bicep/ # Bicep templates β βββ modules/ # Modular templates by resource type βββ pyproject.toml # Project metadata
### Running Tests
```bash
# Run all tests
uv run poe test
# Unit tests only
uv run poe test-unit
# With coverage
uv run poe test-cov
# Format code
uv run poe format
# Lint
uv run poe lint
# Type checking
uv run poe typecheck
# Run all quality checks
uv run poe qualityARMA uses a modular Bicep template library organized by Azure resource provider:
bicep/modules/
βββ Microsoft.Storage/
β βββ storageAccounts/
β βββ main.bicep
βββ Microsoft.Compute/
β βββ virtualMachines/
β βββ main.bicep
βββ ...
Templates are automatically discovered based on resource type. To add a new template:
- Create folder:
bicep/modules/{Provider}/{ResourceType}/ - Add
main.bicepwith parameters - ARMA will auto-discover it via
TemplateDiscoveryMiddleware
This project is licensed under the MIT License - see the LICENSE file for details.
Made with β€οΈ by the ARMA Team