Governed AI-ops for self-hosted Prometheus + Grafana: PromQL, scrape-target & rule health, alerts/silences, dashboards, and flagship RCA/scrape-health/alert-noise analyses with a built-in governance harness (audit, budget, undo, risk tiers)
Project description
Observability AIops (preview)
Disclaimer: Community-maintained open-source project. Not affiliated with, endorsed by, or sponsored by the Prometheus or Grafana projects, Grafana Labs, or the Cloud Native Computing Foundation. Prometheus, Alertmanager and Grafana are trademarks of their respective owners. MIT licensed.
Governed AI-ops for a self-hosted observability stack in one server —
Prometheus (HTTP API, PromQL, targets, rules, alerts), Alertmanager
(alerts + silences), and Grafana (dashboards, datasources, folders) — with a
built-in governance harness: unified audit log, policy engine, token/runaway
budget guard, undo-token recording, and graduated-autonomy risk tiers. One config
can span your whole stack; each target names its own platform.
Preview — mock-validated only, not yet verified against a live stack.
This is the self-hosted-observability complement to enterprise monitoring suites: it speaks the open Prometheus/Grafana APIs an SRE actually runs, not a vendor NMS.
What it does
Answers the questions an SRE actually repeats over a Prometheus/Grafana stack, and guards the writes that follow:
- PromQL + metadata — instant and range queries, label-value enumeration, and series metadata, all read-only and result-capped.
- Scrape-target & rule health — which targets are up/down (and why, from
lastError), which were dropped by relabeling, and which recording/alerting rules are erroring. - Alerts & silences — firing/pending Prometheus rule alerts, Alertmanager's post-routing view, and its silences.
- Grafana — dashboards, datasources (+ health), and folders.
- Flagship analyses — transparent heuristics that show their numbers:
firing_alert_rca(join each firing alert to its rule expr → cause + action),target_scrape_health_analysis(rank down/erroring scrapes → likely cause), andalert_noise_and_flap_analysis(frequently-repeated / duplicate alerts → dedup/rollup recommendation). - Governed writes — create/expire Alertmanager silences (time-boxed), create
Grafana annotations, update/delete dashboards, and hot-reload the Prometheus
config — each audited, risk-tiered,
dry_run-able, and the reversible ones capture the real fetched before-state for undo.
Capability matrix (30 MCP tools)
| Group | Platform | Tools | Count | R/W |
|---|---|---|---|---|
| Metrics | Prometheus | instant_query, range_query, label_values, series_metadata |
4 | read |
| Targets | Prometheus | list_targets, target_scrape_health, dropped_targets |
3 | read |
| Status | Prometheus | prometheus_config_status, prometheus_tsdb_status |
2 | read |
| Rules | Prometheus | list_rules, rule_health |
2 | read |
| Alerts | Prometheus/Alertmanager | firing_alerts, pending_alerts, alertmanager_alerts, list_silences |
4 | read |
| Grafana | Grafana | list_dashboards, get_dashboard, list_datasources, datasource_health, list_folders |
5 | read |
| Overview | both | observability_overview |
1 | read |
| Analyses | Prometheus | firing_alert_rca, target_scrape_health_analysis, alert_noise_and_flap_analysis |
3 | read |
| Writes | Alertmanager | create_silence, expire_silence |
2 | write (med) |
| Grafana | create_annotation |
1 | write (low) | |
| Grafana | update_dashboard |
1 | write (med) | |
| Grafana | delete_dashboard |
1 | write (high) | |
| Prometheus | reload_prometheus_config |
1 | write (med) |
The CLI exposes a convenience subset; the full 30-tool surface is via the MCP server.
Quick start
uv tool install observability-aiops # or: pipx install observability-aiops
observability-aiops init # wizard: pick platform (prometheus/grafana) + store the token (encrypted)
observability-aiops doctor # verify config, secrets, connectivity
observability-aiops overview # snapshot: firing alerts + targets up/down + rules erroring
observability-aiops query instant 'up' # run a PromQL instant query
observability-aiops alert rca # root-cause the firing alerts
Run as an MCP server (stdio):
export OBSERVABILITY_AIOPS_MASTER_PASSWORD=... # unlock secrets non-interactively
observability-aiops mcp
Governance
Every MCP tool passes through the bundled @governed_tool harness:
- Audit — every call (params, result, status, duration, risk tier, approver,
rationale) is logged to
~/.observability-aiops/audit.db(relocatable viaOBSERVABILITY_AIOPS_HOME). - Budget / runaway guard — token and call budgets trip a circuit breaker on tight poll/retry loops.
- Risk tiers — graduated autonomy; high-risk ops (
delete_dashboard) can require a named approver (OBSERVABILITY_AUDIT_APPROVED_BY/OBSERVABILITY_AUDIT_RATIONALE). - Undo recording — reversible writes capture the real before-state and record
an inverse descriptor (
create_silence→expire,update_dashboard/delete_dashboard→restore the captured prior model).
Supported scope & limitations
- Platforms: Prometheus HTTP API (+ a companion Alertmanager) and Grafana HTTP API. Hosted/SaaS monitoring suites (Datadog, New Relic, enterprise NMS) are deliberately out of scope for this tool.
- Preview / mock-only. All behaviour is validated against mocked
Prometheus/Grafana/Alertmanager responses. Both are free and open-source and
trivial to stand up in a lab (
docker run prom/prometheus,grafana/grafana), soobservability-aiops doctoris the fastest live check (Prometheus/api/v1/status/buildinfo, Grafana/api/health).
Missing a capability?
Want another read, an analysis tuned, or a platform capability that isn't here? Open an issue or a PR — feedback and contributions are welcome.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file observability_aiops-0.1.1.tar.gz.
File metadata
- Download URL: observability_aiops-0.1.1.tar.gz
- Upload date:
- Size: 132.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e05014e56bcef4eb022171f178e9bd5fa586d9db8dfe41d2e292c6a9e6828d86
|
|
| MD5 |
09ffd2838a133140ab61d8529f760207
|
|
| BLAKE2b-256 |
d423271dfc6021e97411378752307ec0101d7ce99e22f069f20d76c052bceb8d
|
Provenance
The following attestation bundles were made for observability_aiops-0.1.1.tar.gz:
Publisher:
publish.yml on AIops-tools/Observability-AIops
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
observability_aiops-0.1.1.tar.gz -
Subject digest:
e05014e56bcef4eb022171f178e9bd5fa586d9db8dfe41d2e292c6a9e6828d86 - Sigstore transparency entry: 2160872711
- Sigstore integration time:
-
Permalink:
AIops-tools/Observability-AIops@b29e6115089e4d94871088f0a7b0e00a054c9bd3 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/AIops-tools
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@b29e6115089e4d94871088f0a7b0e00a054c9bd3 -
Trigger Event:
release
-
Statement type:
File details
Details for the file observability_aiops-0.1.1-py3-none-any.whl.
File metadata
- Download URL: observability_aiops-0.1.1-py3-none-any.whl
- Upload date:
- Size: 83.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
50c0bbaa15fd8a00ad40b3a9c341bb0ec7961a25e65b51f5eebe0acd932e9d7b
|
|
| MD5 |
12444c619bc4028a06a0bad928c8ea65
|
|
| BLAKE2b-256 |
59891991617ffbba55dd9c0e5b13476aa5d34090ff6c3756705fdcacf2435d7e
|
Provenance
The following attestation bundles were made for observability_aiops-0.1.1-py3-none-any.whl:
Publisher:
publish.yml on AIops-tools/Observability-AIops
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
observability_aiops-0.1.1-py3-none-any.whl -
Subject digest:
50c0bbaa15fd8a00ad40b3a9c341bb0ec7961a25e65b51f5eebe0acd932e9d7b - Sigstore transparency entry: 2160872941
- Sigstore integration time:
-
Permalink:
AIops-tools/Observability-AIops@b29e6115089e4d94871088f0a7b0e00a054c9bd3 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/AIops-tools
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@b29e6115089e4d94871088f0a7b0e00a054c9bd3 -
Trigger Event:
release
-
Statement type: