Skip to main content

An open-source AI agent that automatically investigates DevOps incidents and identifies root causes.

Project description

๐Ÿšจ DevOps Incident Agent

An open-source AI agent that automatically investigates DevOps incidents by analyzing metrics, logs, Kubernetes events, deployments, and CI/CD pipelines โ€” then identifies root causes and recommends fixes.


๐Ÿš€ Overview

When production breaks, engineers manually jump between Kubernetes, Prometheus, Grafana, Loki, GitHub, Jenkins, ArgoCD, and cloud consoles to piece together what happened. It's slow, repetitive, and stressful โ€” usually at 2am.

DevOps Incident Agent automates the first pass of that investigation. It collects evidence across your stack, reasons over it, and hands you a report with a probable root cause, a confidence score, and a recommended fix โ€” before you've even opened Grafana.


๐ŸŽฏ Goal

Reduce Mean Time To Resolution (MTTR) by letting AI do the initial investigation. The engineer stays in control and approves every action โ€” the AI just gets you to "here's probably what broke" faster.


๐Ÿง  How It Works

Production Alert
      โ†“
   Planner
      โ†“
Collect Evidence  โ†’  Metrics ยท Logs ยท Deployments ยท K8s ยท Infra
      โ†“
Reasoning Engine
      โ†“
Incident Report
      โ†“
Engineer Approval

๐Ÿ” Example

Input:

Production API latency increased to 8 seconds.

Agent automatically:

  • โœ… Pulls Prometheus metrics
  • โœ… Reads Loki logs
  • โœ… Checks Kubernetes events
  • โœ… Detects recent deployments
  • โœ… Reviews GitHub commits
  • โœ… Checks Jenkins pipeline status
  • โœ… Flags failing pods
  • โœ… Identifies probable root cause
  • โœ… Suggests remediation

Sample trace:

๐Ÿšจ Alert Received
   โ†’ Metrics: CPU normal, Memory normal, Latency โ†‘
   โ†’ Logs: Database timeout errors
   โ†’ Deployment: shipped 8 minutes ago
   โ†’ Git diff: DB connection pool size changed
   โ†’ Confidence: 94%
   โ†’ Recommendation: Rollback

Features

  • ๐Ÿค– AI-driven incident investigation
  • ๐Ÿ“ˆ Metrics analysis
  • ๐Ÿ“œ Log analysis
  • โ˜ธ๏ธ Kubernetes event analysis
  • ๐Ÿš€ Deployment analysis
  • ๐Ÿ”„ CI/CD investigation
  • ๐Ÿง  Root cause analysis with confidence scoring
  • ๐Ÿ“„ Auto-generated incident reports
  • โš ๏ธ Risk assessment before any remediation
  • ๐Ÿ‘จโ€๐Ÿ’ป Human-in-the-loop approval โ€” nothing auto-executes
  • ๐Ÿ“š Incident memory (planned)

Architecture

                        User
                         โ”‚
                         โ–ผ
                  Incident Agent
                         โ”‚
        โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
        โ–ผ                โ–ผ                โ–ผ
    Metrics          Kubernetes          CI/CD
        โ”‚                โ”‚                โ”‚
  Prometheus          Events           GitHub
  Grafana              Pods            Jenkins
  Loki                 Nodes           ArgoCD
        โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                         โ–ผ
                AI Reasoning Engine
                         โ–ผ
                  Incident Report

Integrations

Category Tools
Monitoring Prometheus, Grafana, Loki, Alertmanager
Kubernetes Kubernetes API, Helm
CI/CD GitHub, GitHub Actions, Jenkins, ArgoCD
Cloud AWS, Azure, GCP

Tech Stack

  • Language: Python
  • API layer: FastAPI
  • Agent orchestration: LangGraph
  • LLM: Gemini (primary) โ€” pluggable with OpenAI / Anthropic via a common interface
  • K8s access: Kubernetes Python client
  • Data sources: Prometheus API, Grafana API, Loki API, GitHub API
  • Storage: PostgreSQL, Redis
  • Deployment: Docker

Built LLM-agnostic on purpose โ€” bring your own key (Gemini, OpenAI, or Anthropic) rather than being locked to one provider.


Getting Started

The agent runs fully offline in mock mode out of the box โ€” no API key and no live infrastructure required. Add credentials later to point it at your real stack.

1. Install

python -m venv .venv
source .venv/bin/activate        # Windows: .venv\Scripts\activate
pip install -e ".[dev]"          # core + test deps
# optional extras:
pip install -e ".[llm,integrations,orchestration,storage]"

2. Configure (optional)

cp .env.example .env
# Set LLM_PROVIDER=gemini and GEMINI_API_KEY=... (from https://aistudio.google.com/app/apikey)
# then set MOCK_MODE=false to use the real LLM. Leave MOCK_MODE=true to stay offline.

3. Run an investigation

CLI:

incident-agent "Production API latency increased to 8 seconds" --service api --severity critical

API server:

incident-agent --serve            # or: uvicorn incident_agent.main:app --reload
curl -X POST localhost:8000/investigate \
  -H "Content-Type: application/json" \
  -d '{"title":"Production API latency increased to 8 seconds","service":"api","severity":"critical"}'

Interactive docs at http://localhost:8000/docs.

4. Run with Docker

docker compose up --build         # app + postgres + redis

5. Run the tests

pytest -q

API endpoints

Method Path Purpose
GET /health Liveness + active LLM provider
POST /investigate Run an investigation, return a report
GET /reports/{id} Fetch a stored report
POST /reports/{id}/approval Human-in-the-loop approve/reject

โš ๏ธ Security note: the API ships without authentication for local/demo use. Put it behind an authenticating gateway or add auth before exposing it on a network.

Project layout

src/incident_agent/
โ”œโ”€โ”€ config.py          # env-driven settings (mock-mode fallbacks)
โ”œโ”€โ”€ models/            # Incident, Evidence, RootCause, Report schemas
โ”œโ”€โ”€ llm/               # pluggable providers (gemini/openai/anthropic/mock) + factory
โ”œโ”€โ”€ collectors/        # prometheus, loki, kubernetes, github, jenkins (+ mock data)
โ”œโ”€โ”€ agent/             # planner, reasoning, LangGraph graph (+ pure-python fallback)
โ”œโ”€โ”€ api/               # FastAPI routes
โ”œโ”€โ”€ store.py           # in-memory / redis report store
โ”œโ”€โ”€ main.py            # FastAPI app
โ””โ”€โ”€ cli.py             # command-line entrypoint

Roadmap

Version Scope
v0.1 Incident planner, Prometheus + Kubernetes + GitHub integration
v0.2 Loki + Jenkins integration, root cause engine
v0.3 Reflection agent, incident memory, timeline generation
v1.0 Multi-agent investigation, Slack/Teams/Jira integration, dashboard, incident replay

Why This Project?

Not another AI chatbot wrapper โ€” this solves one specific, real operational problem: getting engineers to a probable root cause faster during an incident, without replacing their judgment.


Contributing

Contributions welcome โ€” DevOps engineers, SREs, platform engineers, and AI engineers alike. Open an issue or PR.


License

Apache License 2.0


โญ Star the repo if you believe AI should help engineers solve incidents โ€” not replace them.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

devops_incident_agent-1.0.0.tar.gz (36.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

devops_incident_agent-1.0.0-py3-none-any.whl (40.5 kB view details)

Uploaded Python 3

File details

Details for the file devops_incident_agent-1.0.0.tar.gz.

File metadata

  • Download URL: devops_incident_agent-1.0.0.tar.gz
  • Upload date:
  • Size: 36.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.6

File hashes

Hashes for devops_incident_agent-1.0.0.tar.gz
Algorithm Hash digest
SHA256 c863eb42361a99aeffaa21dc36b98e3858b4ce16ce86ebfd7858a23f86478049
MD5 741833f8ae27d907ad1825eaf38e2501
BLAKE2b-256 68187cbdb566ffd7e88c7fa6d78d8226568dd4757cb116d0a69a81344721626f

See more details on using hashes here.

File details

Details for the file devops_incident_agent-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for devops_incident_agent-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a0053675a768c3f22c4d429d85231ae526dc560181bfa5ecba15d16fb0740c2e
MD5 adccb58ef67f6875e4c78570b6d62c76
BLAKE2b-256 a3c77fa5680370cb3d0fa3f00abb74f5b681c32f928c152c953a9d524a5cb586

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page