lance0/prefixd — reverse-engineered prompt

Build me a network operations tool called prefixd that automatically turns DDoS attack alerts into safe router mitigation rules. I want detectors like FastNetMon, Alertmanager, Prometheus alerts, and generic webhooks to send attack events into an API. The service should check which customer and IP the event belongs to, match it to a YAML playbook, apply safety rules like safelists, quotas, single host only, and required expiry times, then announce BGP FlowSpec rules through GoBGP. Rules should expire automatically and the system should keep checking that router state matches what it expects.

Include a simple web dashboard for operators with login roles, live mitigation status, audit history, metrics, and a manual Mitigate Now form. Add a command line tool for common admin tasks, Docker Compose for local setup with Postgres, GoBGP, Prometheus, Grafana, and nginx, plus sample configs and docs so I can run it locally and test it with curl. Use Rust for the backend if that fits.