Governed AI-ops for Docker + Portainer container hosts: container/image/volume/network/system reads, restart-loop and resource-pressure and bloat analyses, and guarded lifecycle + prune writes with a built-in governance harness (audit, budget, undo, risk tiers)
Project description
Container Host AIops (preview)
Disclaimer: Community-maintained open-source project. Not affiliated with, endorsed by, or sponsored by Docker, Inc., Portainer.io, or any container-platform vendor. "Docker", "Portainer" and all product/trademark names belong to their respective owners. MIT licensed.
Governed AI-ops for non-orchestrator container hosts — the Docker Engine API (over a local unix socket or a TCP host) and Portainer (its management API, which also proxies Docker) — with a built-in governance harness: unified audit log, policy engine, token/runaway budget guard, undo-token recording, and graduated-autonomy risk tiers. Multi-platform by construction: a registry keyed by platform means a per-target platform field (docker / portainer) selects the API shape, and another host family could be added later without touching the ops/CLI/MCP layers. Preview — mock-validated only, not verified against a live Docker daemon or Portainer server.
What it does
Three flagship signature analyses, plus the guarded reads and writes around them:
- Restart-loop RCA — inspect containers for restart count + exit code, flag the crash-looping ones (restartCount over threshold, or restarting/dead, or a non-zero exit), and map each to a likely cause + action from the exit code (137 OOM/SIGKILL, 143 SIGTERM, 139 segfault, 127 bad entrypoint, …), with a tail of logs. Every ranking carries its numbers, not a black-box verdict.
- Resource-pressure analysis — a one-shot CPU%/memory% sample per running container vs its configured limits, flagging each "near" (≥ 80% of a threshold) or "over", with a recommendation (raise a limit, set a missing memory limit, scale out).
- Image & volume bloat — dangling images + dangling volumes + build cache from
system/df, totalled into prune candidates with reclaimable bytes.
What works
- CLI (
container-host-aiops ...):init,overview,container,image,volume,network,system,stack,analyze,manage,secret,doctor,mcp. - MCP server (
container-host-aiops mcporcontainer-host-aiops-mcp): 34 tools (26 read, 8 write), every one wrapped with the bundled@governed_toolharness. - Connection layer: Docker over a unix socket (
httpx.HTTPTransport(uds=...)) or a TCP host; Portainer over HTTPS with anX-API-Keytoken that also proxies the Docker API of a managed endpoint. A local Docker socket needs no secret — the socket's file permissions are the boundary. - Encrypted credentials: the Portainer API token lives in an encrypted store
~/.container-host-aiops/secrets.enc(Fernet + scrypt) — never plaintext on disk. Unlock with a master password fromCONTAINER_HOST_AIOPS_MASTER_PASSWORD(MCP/CI) or an interactive prompt (CLI). - Reversibility: mutating writes fetch the real before-state first and record a faithful inverse (
stop↔start;update_containerrestores prior CPU/memory limits). Irreversible ops (remove_container,prune_images,prune_volumes,recreate_stack) capture the before-state for audit but declare no undo. - Safety: every state-changing CLI op supports
--dry-runand requires double confirmation; every write MCP tool takes adry_runpreview — and prune previews list what would be removed + reclaimable bytes before doing it.
Capability matrix (34 MCP tools)
| Domain | Tools | Count | R/W |
|---|---|---|---|
| Overview | overview |
1 | read |
| Containers | list_containers, inspect_container, container_logs, container_stats, container_top, container_restart_summary |
6 | read |
| Images | list_images, inspect_image, dangling_images, image_disk_usage |
4 | read |
| Volumes | list_volumes, inspect_volume, dangling_volumes |
3 | read |
| Networks | list_networks, inspect_network |
2 | read |
| System | system_info, system_version, system_df, system_events |
4 | read |
| Stacks (Portainer) | list_endpoints, list_stacks, stack_detail |
3 | read |
| Analyses (flagship) | restart_loop_rca, resource_pressure_analysis, image_and_volume_bloat |
3 | read |
| Writes | remove_container, prune_images, prune_volumes, recreate_stack |
4 | write (high) |
restart_container, stop_container, start_container, update_container |
4 | write (medium) |
The three analyses accept injected data for offline analysis, or pull live from a configured target. Stacks/endpoints require a portainer target.
Quick start
uv tool install container-host-aiops # or: pipx install container-host-aiops
container-host-aiops init # wizard: add a Docker socket or Portainer target
container-host-aiops doctor # verify config, secrets, connectivity
container-host-aiops overview # one-shot host health
container-host-aiops analyze restart-loop # crash-looping containers + cause/action
container-host-aiops container list --running # running containers
Run as an MCP server (stdio):
export CONTAINER_HOST_AIOPS_MASTER_PASSWORD=... # only needed for Portainer targets
container-host-aiops-mcp
Governance
Every MCP tool passes through the bundled @governed_tool harness:
- Audit — every call (params, result, status, duration, risk tier, approver, rationale) is logged to
~/.container-host-aiops/audit.db(relocatable viaCONTAINER_HOST_AIOPS_HOME). - Budget / runaway guard — token and call budgets trip a circuit breaker.
- Risk tiers — graduated autonomy; high-risk ops (remove / prune / recreate) can require a named approver.
- Undo recording — reversible writes record an inverse descriptor built from the fetched before-state.
Scope
This is the container-host member of the AIops-tools family (governed AI-ops with audit + budget + undo + risk tiers), for single-host Docker / Portainer. It is deliberately NOT for a cluster orchestrator, a hypervisor, a storage appliance, a backup product, or OT / industrial edge — those are separate tools/lines.
Missing a capability?
Coverage is intentionally a curated subset of the Docker Engine + Portainer APIs. Missing a call, or want another container host family? Open an issue or PR — contributions welcome.
Status
Preview — mock-validated only, not verified against a live Docker daemon or Portainer server. The API paths are modelled from the public API shape and need live verification. container-host-aiops doctor is the fastest live check.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file container_host_aiops-0.1.0.tar.gz.
File metadata
- Download URL: container_host_aiops-0.1.0.tar.gz
- Upload date:
- Size: 138.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
eb6356ccedf99d432f9ba82e2ac91a4d33e92ca4081a8d88f512d6410c3f7daf
|
|
| MD5 |
c56aedf6e490134f05d4d66fa9f62e26
|
|
| BLAKE2b-256 |
bd6084c339fde1d83d59291364a3cd77b907d79b510cf11fdefd725175894261
|
Provenance
The following attestation bundles were made for container_host_aiops-0.1.0.tar.gz:
Publisher:
publish.yml on AIops-tools/Container-Host-AIops
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
container_host_aiops-0.1.0.tar.gz -
Subject digest:
eb6356ccedf99d432f9ba82e2ac91a4d33e92ca4081a8d88f512d6410c3f7daf - Sigstore transparency entry: 2160146438
- Sigstore integration time:
-
Permalink:
AIops-tools/Container-Host-AIops@03e31e1ee007055771d6ef3c481058f690c808a4 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/AIops-tools
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@03e31e1ee007055771d6ef3c481058f690c808a4 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file container_host_aiops-0.1.0-py3-none-any.whl.
File metadata
- Download URL: container_host_aiops-0.1.0-py3-none-any.whl
- Upload date:
- Size: 94.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ae4ee86d8e5fb26ed09268f2904dc5155cf70255ff678f17363f6992cc0a9a0d
|
|
| MD5 |
51865c6f66a9ab12598968257e6a964d
|
|
| BLAKE2b-256 |
9db0b89265751bdd2ed1ff765170c116f9cc4dfb8faec755236c063c0bdac9c1
|
Provenance
The following attestation bundles were made for container_host_aiops-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on AIops-tools/Container-Host-AIops
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
container_host_aiops-0.1.0-py3-none-any.whl -
Subject digest:
ae4ee86d8e5fb26ed09268f2904dc5155cf70255ff678f17363f6992cc0a9a0d - Sigstore transparency entry: 2160146688
- Sigstore integration time:
-
Permalink:
AIops-tools/Container-Host-AIops@03e31e1ee007055771d6ef3c481058f690c808a4 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/AIops-tools
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@03e31e1ee007055771d6ef3c481058f690c808a4 -
Trigger Event:
workflow_dispatch
-
Statement type: