Scoping is security too
For AIOps on critical infrastructure, it is always worth reviewing specialties, operational rules, and task histories regularly. Two hours spent tightening a specialty can save 50 hours of post-hoc cleanup the next time that ticket type recurs.Three knobs to scope with
| Knob | What it controls | When to tune |
|---|---|---|
| Specialty | How the agent thinks about a domain | Whenever the agent enters a new tech vertical |
| Operational Rules | Hard constraints + procedures specific to your env | When you discover a “we always do it this way” pattern |
| Gateway prompt | Which agent gets which ticket, and how tasks sequence | When tickets cross multiple hosts or need a fixed flow |
Worked patterns
Many disk-full tickets
- Specialty: Disk Manager (Linux) — knows about logrotate, compress, mount points, when extension is safe vs not.
- Specialty: Disk Manager (Windows) — separate from Linux to keep command syntax sharp.
- Operational Rule — log rotation policy + maximum disk extension allowed in your env.
Reverse proxy changes (HAProxy, nginx, Traefik)
- Specialty: Reverse Proxy — covers redirections, SSL, ACLs for technologies with similar config syntax.
- As scope grows complex, split:
- Specialty: SSL Certificate Manager
- Specialty: ACL & Routing Manager
Anti-patterns
- One specialty per ticket type. Too narrow. Specialties should cover a technology or domain, not a single task.
- One specialty for everything in a cloud. Too broad. Split by service family (storage, compute, networking, identity).
- Putting environment specifics in a specialty. That’s what Operational Rules are for.