Agent Factory
The AuroraAgentFactory in aurorasoc/agents/factory.py is the central builder for all 16 AI agents. It encapsulates the consistent creation pattern while allowing each agent type to have specialized tools, prompts, and memory configurations.
Factory Pattern
Internal _create_agent Method
Every factory method delegates to a shared private method:
def _create_agent(
self,
agent_type: AgentType,
tools: List[Tool],
memory_preset: str = "default"
) -> RequirementAgent:
# 1. Get specialized system prompt
system_prompt = AGENT_PROMPTS[agent_type]
# 2. Create ThinkTool (forced at step 1)
think_tool = ThinkTool()
# 3. Create tiered memory with preset
memory = TieredAgentMemory.from_preset(memory_preset)
# 4. Build agent with middleware
agent = RequirementAgent(
llm=self._get_llm(),
system_prompt=system_prompt,
tools=[think_tool] + tools,
memory=memory,
middleware=[GlobalTrajectoryMiddleware()]
)
return agent
Why ThinkTool at Step 1?
ThinkTool forces the agent to reason before acting. Without it, agents tend to jump directly to tool calls without planning. By making ThinkTool the first tool and forcing it at step 1, we ensure:
- The agent analyzes the input before taking action
- Reasoning is visible in the trajectory log for auditability
- Tool selection is deliberate, not reflexive
Agent-Tool Mapping
Each agent type receives specific tools matching its domain:
| Agent | Tools | Memory Preset |
|---|---|---|
| Security Analyst | SearchLogs, CorrelateEvents, ExtractIOC, MitreMap | analyst |
| Threat Hunter | HuntLOLBins, BaselineDeviation, UserRiskScore, SearchLogs | hunter |
| Incident Responder | ExecutePlaybook, RequestHumanApproval, CreateCase, UpdateCase | responder |
| Threat Intel | LookupIOC, EnrichIOC, ShareIOC | intel |
| Network Security | AnalyzeFlows, DetectDNSTunneling, BlockIP | default |
| Endpoint Security | IsolateEndpoint, ScanEndpoint | default |
| Malware Analyst | RunYARAScan, SandboxAnalysis | analyst |
| Forensic Analyst | CollectEvidence, TimelineReconstruction | analyst |
| Compliance Analyst | (General reasoning tools) | default |
| Vulnerability Manager | (General reasoning tools) | default |
| Cloud Security | (General reasoning tools) | default |
| UEBA Analyst | HuntLOLBins, BaselineDeviation, UserRiskScore | hunter |
| Web Security | (General reasoning tools) | default |
| CPS Security | QueryCPSSensor, VerifyAttestation, RevokeCertificate, CorrelatePhysicalCyber, QueryOTProtocol, IsolateNetworkSegment | cps |
| Report Generator | GenerateReport | default |
| Orchestrator | 15 HandoffTools | orchestrator |
Creating a New Agent Type
To add a new agent specialization:
1. Add to AgentType Enum
# aurorasoc/models/domain.py
class AgentType(str, Enum):
# ... existing types ...
MY_NEW_AGENT = "my_new_agent"
2. Write System Prompt
# aurorasoc/agents/prompts.py
AGENT_PROMPTS[AgentType.MY_NEW_AGENT] = """
You are the My New Agent for AuroraSOC.
## Responsibilities
- Describe what this agent does
- List its specific expertise
## Methodology
1. Step-by-step approach this agent follows
2. Tools it should use and when
3. Output format expectations
"""
3. Add Factory Method
# aurorasoc/agents/factory.py
class AuroraAgentFactory:
def create_my_new_agent(self) -> RequirementAgent:
tools = [
MyCustomTool(),
SearchLogs(), # Can reuse existing tools
]
return self._create_agent(
agent_type=AgentType.MY_NEW_AGENT,
tools=tools,
memory_preset="default"
)
4. Create Server Entry
# aurorasoc/agents/my_new_agent/server.py
from aurorasoc.agents.server_builder import serve_agent
from aurorasoc.agents.factory import AuroraAgentFactory
factory = AuroraAgentFactory()
serve_agent(
factory_method=factory.create_my_new_agent,
port=9016, # Next available port
tags=["security", "my-domain"]
)
5. Update A2ASettings
# aurorasoc/config/settings.py
class A2ASettings(BaseSettings):
# ... existing ports ...
my_new_agent_port: int = 9016
6. Add to Orchestrator
The Orchestrator automatically discovers agents from the AgentType enum, so your new agent will automatically receive a HandoffTool.