{"id":51025494,"url":"https://github.com/altikva/spero","last_synced_at":"2026-06-21T19:30:37.881Z","repository":{"id":362442865,"uuid":"1259050510","full_name":"altikva/spero","owner":"altikva","description":"Self-healing supervision agent for Linux hosts and Kubernetes","archived":false,"fork":false,"pushed_at":"2026-06-04T07:11:08.000Z","size":95,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-04T09:07:55.963Z","etag":null,"topics":["agentic-ai","aiops","anomaly-detection","asyncio","automation","devops","fastapi","homelab","incident-response","kubernetes","llm","monitoring","observability","python","self-healing","self-hosted","sre","ssh","supervision"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/altikva.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-04T06:37:57.000Z","updated_at":"2026-06-04T07:21:40.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/altikva/spero","commit_stats":null,"previous_names":["altikva/spero"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/altikva/spero","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/altikva%2Fspero","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/altikva%2Fspero/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/altikva%2Fspero/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/altikva%2Fspero/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/altikva","download_url":"https://codeload.github.com/altikva/spero/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/altikva%2Fspero/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34623906,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-21T02:00:05.568Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic-ai","aiops","anomaly-detection","asyncio","automation","devops","fastapi","homelab","incident-response","kubernetes","llm","monitoring","observability","python","self-healing","self-hosted","sre","ssh","supervision"],"created_at":"2026-06-21T19:30:37.218Z","updated_at":"2026-06-21T19:30:37.873Z","avatar_url":"https://github.com/altikva.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!--\n# -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#\n# __creation__ = 2026-06-03\n# __author__ = \"jndjama (Joy Ndjama)\"\n# __copyright__ = \"Copyright 2026 ALTIKVA.\"\n# __licence__ = \"MIT \u0026 CC BY-NC-SA (https://www.altikva.com/licenses/LICENSE-1.0)\"\n# -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#\n# Description: Project README: what Spero is, its concepts, quickstart, and roadmap.\n--\u003e\n\n```\n ___ _ __   ___ _ __ ___\n/ __| '_ \\ / _ \\ '__/ _ \\\n\\__ \\ |_) |  __/ | | (_) |\n|___/ .__/ \\___|_|  \\___/\n    |_|\n```\n\n**Self-healing supervision agent for Linux hosts and Kubernetes.**\n\nSpero watches the things you run, processes, services, disks, workloads, notices\nwhen they break, and heals them under policy-governed autonomy. It sits between a\nsingle-host tool like Monit and a full Prometheus + Alertmanager + Ansible stack:\nlightweight, agent-based, cluster-aware, with an AI layer for prediction,\nroot-cause, and policy-gated remediation.\n\n![spero top, the live supervision dashboard](assets/spero-top.svg)\n\nShipped under [Altikva](https://altikva.com).\n\n\u003e Status: pre-alpha but functional, published on PyPI as `spero` 0.4.0. It\n\u003e supervises and heals Linux hosts (local + asyncssh) and Kubernetes (kubectl)\n\u003e through one engine, with an AI layer (prediction, root-cause, natural-language\n\u003e queries, agentic policy-gated remediation), a control plane with live\n\u003e status / metrics / logs, dial-home fleet operation, and pluggable alerting.\n\u003e 265 tests, ruff + mypy clean.\n\n## Concepts\n\nSpero is built on four seams so it spans hosts and Kubernetes through one engine:\n\n| Seam | Question | Examples |\n|------|----------|----------|\n| **Provider** | where things run | `local`, `ssh:[user@]host[:port]`, `k8s:[context][/namespace]` |\n| **Probe** | how you know it is healthy | host: process, systemd, port, disk; k8s: pod, deployment, restart-count, resource-usage, pvc, cert-expiry; serverless: keda-scaledobject, knative-service, elpio-\\*; data: http, command, postgres, kafka, trino, clickhouse |\n| **Remediation** | what to do about it | host: restart, respawn, kill, rotate; k8s: rollout-restart, scale, delete-pod, patch-requests, keda-unpause |\n| **Policy** | the declared intent | YAML: target → probe → remediations + autonomy |\n\nEach seam is a registry: add a capability by writing the class and registering it.\nRemediations carry an **autonomy** level, `suggest`, `gated`, or `auto`, so low-risk\nhealing happens on its own while high-risk actions wait for a human (or the AI\napprover). Destructive actions (kill, delete-pod, patch-requests) can never be `auto`.\n\n## Install\n\n```bash\npip install spero            # or: uv pip install spero\npip install \"spero[ai]\"      # Claude-backed AI layer (prediction, root-cause, NL queries)\npip install \"spero[k8s]\"     # Kubernetes provider deps\npip install \"spero[tui]\"     # Textual dashboard for `spero top`\npip install \"spero[certs]\"   # the cert-expiry probe (cryptography)\n```\n\nConfiguration is env-driven (`SPERO_*` prefix or a `.env` file): `SPERO_POLICY_PATH`,\n`SPERO_DATABASE_URL`, `SPERO_HOST`, `SPERO_PORT`, plus the auth / alerting / privacy\nknobs below.\n\n## Quickstart\n\nBare `spero` greets with a branded landing screen and the command list:\n\n![the spero command-line landing screen](assets/spero-cli.svg)\n\n```bash\nspero status                       # show targets from the active policy\nspero run                          # run one supervision cycle (gated actions wait for a human)\nspero run --ai-approve             # agentic: the model decides gated remediations\nspero watch                        # supervise continuously, each target on its interval\nspero top                          # live k9s-style dashboard (needs the tui extra)\nspero heal nginx                   # probe one target, walk its remediations interactively\nspero ask \"what flapped today?\"    # natural-language query over the event history\nspero diagnose nginx               # LLM root-cause sketch for a target\nspero forecast disk-root           # predictive: when a disk crosses a threshold\nspero serve                        # run the control-plane API on :8800\nspero --version\n```\n\nA single `spero run` cycle reports each target's health and the action taken:\n\n![spero run cycle output](assets/spero-run.svg)\n\n## Control plane and dashboards\n\n`spero serve` runs a FastAPI control plane that supervises in the background and\nexposes its live state over HTTP:\n\n| Endpoint | What |\n|----------|------|\n| `/health` | liveness (always open) |\n| `/status`, `/events` | per-target health + the last action, recent events |\n| `/objects/{target}` | the target's underlying object as YAML |\n| `/logs/{target}` | last N log lines; `/logs/{target}/stream` follows over SSE |\n| `/metrics` | Prometheus text (per-target health and failure counts) |\n\n`spero top` renders a k9s-style live grid of targets and a rolling event feed. With\nthe `tui` extra it is a full Textual UI (mouse, scrollback, command palette); without\nit, a rich.Live fallback. Keys: `a` approve a gated action, `f` toggle the freeze,\n`i` inspect YAML, `l` tail logs, `L` follow logs, `s` shell into a pod (local, your\nkubectl). `spero top --remote http://host:port` observes a running worker over the\nendpoints above instead of probing locally:\n\n![spero top --remote observing a worker](assets/spero-top-remote.svg)\n\nEvery route except `/health` is guarded by a bearer token when `SPERO_API_TOKEN`\nis set (empty means auth off, the localhost default); pass it to an observer with\n`spero top --remote \u003curl\u003e --token \u003ctoken\u003e`.\n\n## Fleet operation (dial-home)\n\nFor clusters you cannot reach inbound, run the worker as `spero agent --owner \u003curl\u003e`:\nit supervises locally and dials OUT to a `spero owner` service, reporting status and\nevents on a timer and pulling orders. The owner answers gated remediations as a\nremote approver and can push a new policy to a running agent (hot-swapped, no\nredeploy). `auto` actions still run if the owner is offline. `SPERO_OWNER_TOKEN`\nguards the owner.\n\n## Alerting\n\nSpero fires on first failure and resolves on recovery. `NullAlerter` is the default;\nconfigure email (SMTP with optional STARTTLS + login), a generic JSON webhook\n(`SPERO_ALERT_WEBHOOK_URL`), or Slack (`SPERO_SLACK_WEBHOOK_URL`). The channel is\nused by `run`, `watch`, `serve`, and the dial-home `agent`.\n\n## Kubernetes deployment\n\nRun spero in-cluster with the Kustomize manifests in `deploy/k8s/`: a supervise-only\n`base` (read RBAC, always-on Deployment, default-deny NetworkPolicy) and an `acting`\noverlay that opts into remediation with exactly the mutating verbs it needs plus\nleader-election leases. The image runs non-root with a read-only root filesystem.\nSee [deploy/k8s/README.md](./deploy/k8s/README.md).\n\n## Data egress and privacy\n\nWith `ANTHROPIC_API_KEY` set, `spero ask`, `spero diagnose`, and `--ai-approve`\nsend text to Anthropic's API: the question, target names, remediation params, and\nrecorded event details (which can include command output). Event details are also\nstored in the local sqlite database. With no key, spero uses the `NullLLM` fallback\nand nothing leaves the host. To scrub likely secrets/PII from event text before it\nis sent to the model, set `SPERO_REDACT_EVENTS=1` (best-effort; see\n`src/spero/ai/redact.py`). The control-plane endpoints that expose object YAML and\npod logs are token-guarded; see [deploy/k8s/README.md](./deploy/k8s/README.md).\n\n## From source\n\n```bash\ngit clone https://github.com/altikva/spero \u0026\u0026 cd spero\nuv sync --locked --all-extras\nuv run pytest                      # run the suite\n```\n\n## License\n\nSpero is released under the **ALTIKVA Dual License v1.0**\n([MIT](./LICENSE) and [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/)),\nSPDX `MIT AND CC-BY-NC-SA-4.0`. See [LICENSE](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faltikva%2Fspero","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faltikva%2Fspero","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faltikva%2Fspero/lists"}