Add Grafana-to-GitHub alert bridge with Claude SRE agent

Cloudflare Worker that converts Grafana Alertmanager webhooks into
categorized GitHub issues, triggering a Claude Code agent (Haiku)
to diagnose and act on bridge alerts.

- Classifies 28 bridge alerts into 8 categories (finality-lag,
  delivery-lag, confirmation-lag, reward-lag, relay-down,
  version-guard, headers-mismatch, low-balance)
- Detects environment and bridge pair from alert names
- GitHub Action triggers on issue label:claude, uses Grafana API
- Located in deployments/local-scripts/grafana-github-bridge/

Author: x3c41a

.github/workflows/claude-sre.yml

@@ -0,0 +1,26 @@
+name: Claude SRE Agent
+
+on:
+  issues:
+    types: [opened, labeled]
+
+jobs:
+  claude:
+    # Run when issue is opened/labeled with "claude"
+    if: |
+      (github.event_name == 'issues' && contains(github.event.issue.labels.*.name, 'claude'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+    env:
+      # Grafana API access for live metric queries.
+      # Claude can use: curl -H "Authorization: Bearer $GRAFANA_TOKEN" "$GRAFANA_URL/api/..."
+      GRAFANA_URL: ${{ secrets.GRAFANA_URL }}
+      GRAFANA_TOKEN: ${{ secrets.GRAFANA_TOKEN }}
+    steps:
+      - uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          model: claude-haiku-4-5-20251001
+          label_trigger: "claude"

deployments/local-scripts/grafana-github-bridge/README.md

@@ -0,0 +1,98 @@
+# grafana-github-bridge
+
+Cloudflare Worker that converts Grafana Alertmanager webhook POSTs into GitHub issues, triggering a Claude Code agent to diagnose and act on bridge alerts.
+
+## Flow
+
+```mermaid
+flowchart LR
+    subgraph Monitoring
+        P["Prometheus<br>:9615"] --> G["Grafana<br>Alert Rules"]
+        G --> AM["Alertmanager"]
+    end
+
+    subgraph Routing
+        AM -->|webhook| W["Cloudflare Worker<br>grafana-github-bridge"]
+        AM -->|webhook| M["Matrix"]
+        W -->|"classifies alert<br>(8 categories)"| I["GitHub Issue<br>labels: alert, bridge-alert, claude"]
+    end
+
+    subgraph "Claude Code (GitHub Action)"
+        I -->|"triggers on<br>label: claude"| D["Diagnose<br>Grafana API + Logs"]
+        D -->|known fix| A["Suggest Action<br>& Post Comment"]
+        D -->|unknown| H["Page Human<br>& Summarize Findings"]
+    end
+
+    A --> V["Engineer Reviews<br>& Closes Issue"]
+    H --> V
+```
+
+## Alert categories
+
+| Category | Metric Pattern | Suggested Action |
+|----------|---------------|------------------|
+| `relay-down` | `up{container="bridges-common-relay"}` | Check relay pod status and restart |
+| `version-guard` | Loki: `"Aborting"` in relay logs | Redeploy relay with new runtime |
+| `headers-mismatch` | `*_is_source_and_source_at_target_using_different_forks` | Re-sync headers from canonical fork |
+| `finality-lag` | `*_Sync_best_source_at_target_block_number` | Check relay logs and source chain finality |
+| `delivery-lag` | `*_MessageLane_*_lane_state_nonces` (generated > received) | Check message relay process |
+| `confirmation-lag` | `*_lane_state_nonces` (received vs confirmed) | Check confirmation relay |
+| `reward-lag` | `*_lane_state_nonces` (confirmed src vs confirmed tgt) | Check reward mechanism |
+| `low-balance` | `at_*_relay_*Messages_balance` | Top up relay account |
+
+## Grafana configuration
+
+### Contact point
+
+```yaml
+- orgId: 1
+  name: GitHub parity-bridges-common
+  receivers:
+    - uid: github_parity_bridges_common
+      type: webhook
+      settings:
+        url: https://grafana-github-bridge.parity-bridges.workers.dev
+      disableResolveMessage: false
+```
+
+### Notification policy
+
+Route bridge alerts to GitHub **and** continue to Matrix:
+
+```yaml
+- receiver: GitHub parity-bridges-common
+  matchers:
+    - alertname =~ ".*Bridge.*|.*bridge.*|.*headers mismatch"
+  continue: true
+```
+
+`continue: true` ensures the alert also falls through to the default receiver (Matrix).
+
+## Deploy
+
+```bash
+cd deployments/local-scripts/grafana-github-bridge
+npm install
+npx wrangler secret put GITHUB_TOKEN      # PAT with issues:write scope
+npx wrangler secret put WEBHOOK_SECRET     # optional, shared secret
+npx wrangler deploy
+```
+
+Deployed at `https://grafana-github-bridge.parity-bridges.workers.dev`.
+
+## Test
+
+```bash
+# Local
+npx wrangler dev
+WORKER_URL=http://localhost:8787 node test.js
+
+# Production (dry run — creates a real issue)
+WORKER_URL=https://grafana-github-bridge.parity-bridges.workers.dev node test.js
+```
+
+## Monitor
+
+- **Worker metrics**: Cloudflare dashboard → Workers → grafana-github-bridge
+- **Logs**: `npx wrangler tail`
+- **GitHub side**: search `label:alert label:claude` in the repo issues

deployments/local-scripts/grafana-github-bridge/package.json

@@ -0,0 +1,12 @@
+{
+	"name": "grafana-github-bridge",
+	"private": true,
+	"scripts": {
+		"dev": "wrangler dev",
+		"deploy": "wrangler deploy",
+		"test": "node test.js"
+	},
+	"devDependencies": {
+		"wrangler": "^3"
+	}
+}