An open-source AI agent that automatically investigates DevOps incidents and identifies root causes.
Project description
๐จ DevOps Incident Agent
An open-source AI agent that automatically investigates DevOps incidents by analyzing metrics, logs, Kubernetes events, deployments, and CI/CD pipelines โ then identifies root causes and recommends fixes.
๐ Overview
When production breaks, engineers manually jump between Kubernetes, Prometheus, Grafana, Loki, GitHub, Jenkins, ArgoCD, and cloud consoles to piece together what happened. It's slow, repetitive, and stressful โ usually at 2am.
DevOps Incident Agent automates the first pass of that investigation. It collects evidence across your stack, reasons over it, and hands you a report with a probable root cause, a confidence score, and a recommended fix โ before you've even opened Grafana.
๐ฏ Goal
Reduce Mean Time To Resolution (MTTR) by letting AI do the initial investigation. The engineer stays in control and approves every action โ the AI just gets you to "here's probably what broke" faster.
๐ง How It Works
Production Alert
โ
Planner
โ
Collect Evidence โ Metrics ยท Logs ยท Deployments ยท K8s ยท Infra
โ
Reasoning Engine
โ
Incident Report
โ
Engineer Approval
๐ Example
Input:
Production API latency increased to 8 seconds.
Agent automatically:
- โ Pulls Prometheus metrics
- โ Reads Loki logs
- โ Checks Kubernetes events
- โ Detects recent deployments
- โ Reviews GitHub commits
- โ Checks Jenkins pipeline status
- โ Flags failing pods
- โ Identifies probable root cause
- โ Suggests remediation
Sample trace:
๐จ Alert Received
โ Metrics: CPU normal, Memory normal, Latency โ
โ Logs: Database timeout errors
โ Deployment: shipped 8 minutes ago
โ Git diff: DB connection pool size changed
โ Confidence: 94%
โ Recommendation: Rollback
Features
- ๐ค AI-driven incident investigation
- ๐ Metrics analysis
- ๐ Log analysis
- โธ๏ธ Kubernetes event analysis
- ๐ Deployment analysis
- ๐ CI/CD investigation
- ๐ง Root cause analysis with confidence scoring
- ๐ Auto-generated incident reports
- โ ๏ธ Risk assessment before any remediation
- ๐จโ๐ป Human-in-the-loop approval โ nothing auto-executes
- ๐ Incident memory (planned)
Architecture
User
โ
โผ
Incident Agent
โ
โโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโ
โผ โผ โผ
Metrics Kubernetes CI/CD
โ โ โ
Prometheus Events GitHub
Grafana Pods Jenkins
Loki Nodes ArgoCD
โโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโ
โผ
AI Reasoning Engine
โผ
Incident Report
Integrations
| Category | Tools |
|---|---|
| Monitoring | Prometheus, Grafana, Loki, Alertmanager |
| Kubernetes | Kubernetes API, Helm |
| CI/CD | GitHub, GitHub Actions, Jenkins, ArgoCD |
| Cloud | AWS, Azure, GCP |
Tech Stack
- Language: Python
- API layer: FastAPI
- Agent orchestration: LangGraph
- LLM: Gemini (primary) โ pluggable with OpenAI / Anthropic via a common interface
- K8s access: Kubernetes Python client
- Data sources: Prometheus API, Grafana API, Loki API, GitHub API
- Storage: PostgreSQL, Redis
- Deployment: Docker
Built LLM-agnostic on purpose โ bring your own key (Gemini, OpenAI, or Anthropic) rather than being locked to one provider.
Getting Started
The agent runs fully offline in mock mode out of the box โ no API key and no live infrastructure required. Add credentials later to point it at your real stack.
1. Install
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -e ".[dev]" # core + test deps
# optional extras:
pip install -e ".[llm,integrations,orchestration,storage]"
2. Configure (optional)
cp .env.example .env
# Set LLM_PROVIDER=gemini and GEMINI_API_KEY=... (from https://aistudio.google.com/app/apikey)
# then set MOCK_MODE=false to use the real LLM. Leave MOCK_MODE=true to stay offline.
3. Run an investigation
CLI:
incident-agent "Production API latency increased to 8 seconds" --service api --severity critical
API server:
incident-agent --serve # or: uvicorn incident_agent.main:app --reload
curl -X POST localhost:8000/investigate \
-H "Content-Type: application/json" \
-d '{"title":"Production API latency increased to 8 seconds","service":"api","severity":"critical"}'
Interactive docs at http://localhost:8000/docs.
4. Run with Docker
docker compose up --build # app + postgres + redis
5. Run the tests
pytest -q
API endpoints
| Method | Path | Purpose |
|---|---|---|
| GET | /health |
Liveness + active LLM provider |
| POST | /investigate |
Run an investigation, return a report |
| GET | /reports/{id} |
Fetch a stored report |
| POST | /reports/{id}/approval |
Human-in-the-loop approve/reject |
โ ๏ธ Security note: the API ships without authentication for local/demo use. Put it behind an authenticating gateway or add auth before exposing it on a network.
Project layout
src/incident_agent/
โโโ config.py # env-driven settings (mock-mode fallbacks)
โโโ models/ # Incident, Evidence, RootCause, Report schemas
โโโ llm/ # pluggable providers (gemini/openai/anthropic/mock) + factory
โโโ collectors/ # prometheus, loki, kubernetes, github, jenkins (+ mock data)
โโโ agent/ # planner, reasoning, LangGraph graph (+ pure-python fallback)
โโโ api/ # FastAPI routes
โโโ store.py # in-memory / redis report store
โโโ main.py # FastAPI app
โโโ cli.py # command-line entrypoint
Roadmap
| Version | Scope |
|---|---|
| v0.1 | Incident planner, Prometheus + Kubernetes + GitHub integration |
| v0.2 | Loki + Jenkins integration, root cause engine |
| v0.3 | Reflection agent, incident memory, timeline generation |
| v1.0 | Multi-agent investigation, Slack/Teams/Jira integration, dashboard, incident replay |
Why This Project?
Not another AI chatbot wrapper โ this solves one specific, real operational problem: getting engineers to a probable root cause faster during an incident, without replacing their judgment.
Contributing
Contributions welcome โ DevOps engineers, SREs, platform engineers, and AI engineers alike. Open an issue or PR.
License
Apache License 2.0
โญ Star the repo if you believe AI should help engineers solve incidents โ not replace them.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file devops_incident_agent-1.0.0.tar.gz.
File metadata
- Download URL: devops_incident_agent-1.0.0.tar.gz
- Upload date:
- Size: 36.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c863eb42361a99aeffaa21dc36b98e3858b4ce16ce86ebfd7858a23f86478049
|
|
| MD5 |
741833f8ae27d907ad1825eaf38e2501
|
|
| BLAKE2b-256 |
68187cbdb566ffd7e88c7fa6d78d8226568dd4757cb116d0a69a81344721626f
|
File details
Details for the file devops_incident_agent-1.0.0-py3-none-any.whl.
File metadata
- Download URL: devops_incident_agent-1.0.0-py3-none-any.whl
- Upload date:
- Size: 40.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a0053675a768c3f22c4d429d85231ae526dc560181bfa5ecba15d16fb0740c2e
|
|
| MD5 |
adccb58ef67f6875e4c78570b6d62c76
|
|
| BLAKE2b-256 |
a3c77fa5680370cb3d0fa3f00abb74f5b681c32f928c152c953a9d524a5cb586
|