{"id":48948312,"url":"https://github.com/hridesh-net/opsintelligence","last_synced_at":"2026-06-02T05:00:50.504Z","repository":{"id":352052417,"uuid":"1213039425","full_name":"hridesh-net/OpsIntelligence","owner":"hridesh-net","description":"OpsIntelligence is a multi-agent autonomous intelligence platform for DevOps—coordinating specialized agents to monitor systems, analyze context, and execute workflows across infrastructure, repos, and delivery pipelines.","archived":false,"fork":false,"pushed_at":"2026-05-30T03:50:34.000Z","size":59478,"stargazers_count":7,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-30T04:23:04.427Z","etag":null,"topics":["agentic-ai","autonomous-agents","cloud","devops","devsecops","enterprise","golang","infrastructure","linux","openclaw","terraform"],"latest_commit_sha":null,"homepage":"https://opsintelai.com/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hridesh-net.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-04-17T01:37:42.000Z","updated_at":"2026-05-30T03:50:37.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/hridesh-net/OpsIntelligence","commit_stats":null,"previous_names":["hridesh-net/opsintelligence"],"tags_count":114,"template":false,"template_full_name":null,"purl":"pkg:github/hridesh-net/OpsIntelligence","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hridesh-net%2FOpsIntelligence","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hridesh-net%2FOpsIntelligence/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hridesh-net%2FOpsIntelligence/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hridesh-net%2FOpsIntelligence/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hridesh-net","download_url":"https://codeload.github.com/hridesh-net/OpsIntelligence/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hridesh-net%2FOpsIntelligence/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33806987,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-02T02:00:07.132Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic-ai","autonomous-agents","cloud","devops","devsecops","enterprise","golang","infrastructure","linux","openclaw","terraform"],"created_at":"2026-04-17T18:04:55.712Z","updated_at":"2026-06-02T05:00:50.498Z","avatar_url":"https://github.com/hridesh-net.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eOpsIntelligence\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eDevOps judgment, on a loop — with your policies wired in.\u003c/strong\u003e\u003cbr\u003e\n  \u003cem\u003ePR review · CI signals · Sonar triage · incidents · runbooks · optional deep repo memory.\u003c/em\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Go-1.26+-00ADD8?style=for-the-badge\u0026logo=go\" alt=\"Go\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/License-MIT-22c55e?style=for-the-badge\" alt=\"MIT\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Posture-read--only%20by%20default-6f42c1?style=for-the-badge\" alt=\"Read-only by default\"\u003e\n\u003c/p\u003e\n\n## Documentation\n\nFull docs are maintained under **`docs/`** for MkDocs. Browse on GitHub: **[`docs/index.md`](docs/index.md)**.\n\nServe or build locally (requires Python 3):\n\n```bash\npython3 -m venv .venv \u0026\u0026 .venv/bin/pip install -r requirements-docs.txt   # once; omit if pip works globally\n.venv/bin/mkdocs serve                 # http://127.0.0.1:8000\n.venv/bin/mkdocs build --strict        # static site in ./site\n```\n\nArchitecture narrative for contributors: [`docs/architecture/overview.md`](docs/architecture/overview.md).\n\n## The short version\n\n| You bring | It handles |\n|-----------|------------|\n| Markdown under `teams/\u003cyours\u003e/` | PR/MR reviews that cite *your* severity and style rules |\n| Tokens via env vars (`token_env:`) | GitHub, GitLab, Jenkins, Sonar — read-first, confirm-before-write |\n| Optional `repo_intel` + embeddings | **Repo Intelligence**: learns a repo, builds a call graph, answers **Ask repo** search (hybrid keyword + semantic) over indexed sources |\n\n**One line:** an autonomous agent for **in-house DevOps** — not a generic chatbot, not an auto-deploy bot. It connects to the systems you already run, respects guardrails, and escalates with evidence when something is wrong.\n\n## Architecture\n\nSingle-page runtime view (parallel ingress → `agent.Runner` → provider, memory, datastore, and tool execution). Edit in draw.io: [`docs/architecture/diagrams/opsintelligence-architecture.drawio`](docs/architecture/diagrams/opsintelligence-architecture.drawio). The PNG below lives under `docs/` so MkDocs and GitHub render it from the same path (regenerate with the draw.io CLI — see [Contributing → Architecture diagram export](docs/contributing.md#architecture-diagram-export)). For tabbed flows and extra detail, see [`architecture-overview.drawio`](architecture-overview.drawio) at the repo root. Contributor-oriented internals: [**MkDocs → Architecture**](docs/architecture/overview.md) (`pip install -r requirements-docs.txt \u0026\u0026 mkdocs serve`).\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/architecture/diagrams/opsintelligence-architecture.png\" alt=\"OpsIntelligence runtime architecture: ingress, config, agent Runner, provider, tools and graphs, memory, repointel, observability, external DevOps surface\" width=\"920\"\u003e\n\u003c/p\u003e\n\n## What this is\n\nOpsIntelligence watches the boring-but-risky layer of engineering work:\n\n- **Pull / merge requests** — review against team policy, flag risks, suggest fixes.\n- **CI** — follow `main` (and friends), spot real regressions, treat flakes with skepticism.\n- **SonarQube / SonarCloud** — quality gates, issues, hotspots: block vs. flag vs. ignore per your rules.\n- **Incidents** — help on-call triage, summarize signals, draft postmortem scaffolding.\n- **Runbooks** — execute step-by-step with a human in the loop.\n\nEverything is **team-configurable**: drop Markdown policy files into `teams/\u003cyour-team\u003e/` and the agent follows *your* bar for “ship” vs. “hold”.\n\n### Repo Intelligence (optional, but powerful)\n\nWhen you enable **`repo_intel`** in config (GitHub PAT, memory dir, optional embedder), you can **register repositories** (`opsintelligence repos add …`, or the dashboard). Each **sync**:\n\n1. Fetches a bounded snapshot of the tree for LLM analysis and artifacts.  \n2. Builds a **call graph** and symbol index.  \n3. Optionally indexes a **large slice of the repo** into a hybrid store (FTS + vectors) for **scoped search** and agent RAG.\n\nThe dashboard exposes **Scan**, **Index memory**, **Call graph**, and **Ask repo** (natural language / keyword search over that index). Very large GitHub trees may return `truncated: true`; the UI and API surface a warning so you know search may be partial.\n\n## What this is not\n\n- **Not a deploy robot.** Default posture is **read-only** on GitHub, GitLab, Jenkins, Sonar, and MCP-backed tools. Writes need explicit human confirmation in-turn. Posting a **PR comment** is available when `devops.github` is configured with a PAT that allows it.\n- **Not a consumer assistant.** Scope is DevOps workflows, integrations, and operator-controlled policy.\n\n**Channels:** production docs and defaults center on **Slack** plus the **REST/WebSocket gateway** (apps, internal tools, dashboard). The example config still shows **commented stubs** for other adapters; enable only what your security team approves.\n\n## Relationship to AssistClaw\n\nOpsIntelligence is a hard fork of [AssistClaw](https://github.com/hridesh-net/AssistClaw). It keeps the agent loop, tiered memory, lazy skill graph, tools, MCP, cron, webhooks, guardrails, and extensions — and replaces consumer-centric defaults with a first-class **`devops.*`** surface and **team-aware** Markdown rules.\n\n## Built-in integrations\n\n| Platform | Status | What it reads |\n|---|---|---|\n| **GitHub** (cloud \u0026 Enterprise) | first-class | PRs, diffs, Actions runs, combined status |\n| **GitLab** (cloud \u0026 self-hosted) | first-class | MRs, pipelines, jobs |\n| **Jenkins** | first-class | jobs, builds, queue status |\n| **SonarQube / SonarCloud** | first-class | quality gates, issues, hotspots |\n| **Slack** | first-class | inbound + outbound messaging |\n| **Everything else** (PagerDuty, Datadog, Sentry, Jira, …) | via **MCP** | plug in any MCP server |\n\nEvery integration stays **off** until you add a token. Tokens live in **environment variables** referenced from YAML (`token_env:`) — never committed in config files.\n\n## Install\n\n**One-liner (recommended — pulls the latest release binary):**\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/hridesh-net/OpsIntelligence/main/install.sh | bash\n```\n\n**Pin a specific version:**\n\n```bash\nOPSINTELLIGENCE_VERSION=v0.3.50 bash install.sh\n```\n\n**Build from source** (Go version must satisfy `go.mod`, currently **1.26+**):\n\n```bash\ngit clone https://github.com/hridesh-net/OpsIntelligence.git\ncd OpsIntelligence\nFORCE_BUILD=1 bash install.sh\n```\n\nThe installer installs `opsintelligence` to `/usr/local/bin` (or `~/.local/bin`), scaffolds `~/.opsintelligence/`, and can register a login service so the gateway starts after sign-in. Use `SKIP_SERVICE=1` to skip that.\n\n### Locked-down or client machines\n\n1. Prefer a **tagged GitHub release** artifact: [Releases](https://github.com/hridesh-net/OpsIntelligence/releases). Pin with `OPSINTELLIGENCE_VERSION=v0.3.50 bash install.sh` (adjust tag as needed).\n2. To forbid surprise downloads (clone, go.dev bootstrap, GGUF): set `NO_SOURCE_FALLBACK=1` and `OPSINTELLIGENCE_SKIP_GO_BOOTSTRAP=1` — install succeeds only if the binary (or a local Go toolchain) is already usable.\n3. **Airgap / IT mirror:** copy `opsintelligence` + optional `skills/` from a machine that can reach GitHub, `chmod +x`, point `STATE_DIR` — the shell installer is optional.\n\nCommon environment toggles:\n\n| Variable | Default | What it does |\n|---|---|---|\n| `OPSINTELLIGENCE_VERSION` | `latest` | Release tag to install |\n| `INSTALL_DIR` | `/usr/local/bin` | Where the binary lands |\n| `STATE_DIR` | `~/.opsintelligence` | Config + datastore root |\n| `FORCE_BUILD=1` | — | Build from source even when a release binary exists |\n| `NO_SOURCE_FALLBACK=1` | — | No automatic source build when the release asset 404s |\n| `OPSINTELLIGENCE_SKIP_GO_BOOTSTRAP=1` | — | Do not download Go from go.dev when building from source |\n| `OPSINTELLIGENCE_BOOTSTRAP_GO_VERSION` | `1.26.2` | Bootstrap Go version (must satisfy `go.mod`) |\n| `SKIP_VENV=1` | — | Skip Python venv for the tool sandbox |\n| `SKIP_SERVICE=1` | — | Skip launchd/systemd registration |\n| `WITH_MEMPALACE=1` | — | Bootstrap managed MemPalace after install |\n| `WITH_GEMMA=1` | — | Download the default Gemma GGUF for local-intel |\n\n\u003e **Release binaries.** If GitHub returns `404` for an asset, the installer may **fall back to a source build** unless you set `NO_SOURCE_FALLBACK=1`. Without Go on `PATH`, it can **bootstrap Go from go.dev** once (then delete it) unless `OPSINTELLIGENCE_SKIP_GO_BOOTSTRAP=1`.\n\u003e\n\u003e **Gemma / local-intel.** GitHub caps release assets at **2 GiB**; the default Q4_K_M GGUF is larger, so releases ship **`gemma-4-e2b-it-MIRROR_MANIFEST.txt`** (Hugging Face URLs). Onboard / `local-intel setup` pull from those mirrors. Override with **`OPSINTELLIGENCE_LOCAL_GEMMA_GGUF_URL`** or **`--url`**.\n\u003e\n\u003e **Linux arm64** release binaries are built with **`fts5` only** (no in-process Gemma on musl cross-builds). Use cloud LLMs, or build on-device with glibc and **`EXTRA_TAGS=opsintelligence_localgemma`** if you need embedded Gemma there.\n\n**Uninstall:**\n\n```bash\nbash uninstall.sh                      # remove binary + service, keep state\nbash uninstall.sh --purge              # remove everything incl. ops.db\nbash uninstall.sh --purge --keep-datastore  # wipe state but preserve users/RBAC\n```\n\n`--keep-datastore` helps when moving hosts: users, roles, API keys, and audit data stay for the next install.\n\n## Quick start\n\n```bash\n# 1. Install (see above) or build locally:\nmake build    # -\u003e ./bin/opsintelligence\n\n# 2. Onboard (writes ~/.opsintelligence/opsintelligence.yaml)\n./bin/opsintelligence onboard\n\n# 3. Seed the example team policies\n./bin/opsintelligence init    # drops teams/example-team/ templates into state\n\n# 4. Validate config and reachability\n./bin/opsintelligence doctor\n\n# 5. Run the daemon (Slack + gateway + cron + webhooks)\n./bin/opsintelligence start\n```\n\nOnboarding collects: one LLM provider key, optional Slack tokens, optional GitHub / GitLab / Jenkins / Sonar tokens, and the active team name. Advanced options (memory, MCP, cron, webhooks, **repo_intel**) live in YAML or the dashboard.\n\nSee [`.opsintelligence.yaml.example`](.opsintelligence.yaml.example) for the full commented reference.\n\n## Dashboard\n\nWith the gateway up:\n\n```\nhttp://127.0.0.1:18790/dashboard/\n```\n\nFirst visit creates the **owner** account (datastore + RBAC). After that you get:\n\n- **Overview** — tasks, recent activity, health.\n- **Tasks** — live SSE stream and transcripts.\n- **Users \u0026 roles** — invites, roles (`owner`, `admin`, `operator`, …), guarded deletes. API: `/api/v1/users`, `/api/v1/roles`. Details: [`doc/users-apikeys-api.md`](doc/users-apikeys-api.md).\n- **API keys** — mint with scopes and expiry; plaintext `opi_\u003ckeyid\u003e_\u003csecret\u003e` shown once. API: `/api/v1/apikeys`.\n- **Settings** — gateway (bind, TLS), auth/OIDC, datastore, LLM providers, MCP, channels, webhooks, agent + DevOps guardrails, **Repo Intelligence** (index limits, call-graph policy, embeddings). Edits use **`If-Match`** optimistic concurrency.\n- **Repo Intel** (when configured) — per-repo scan results, learned memory, **call graph**, and **Ask repo** search over the hybrid index.\n\nFor remote access: set `gateway.bind` to `lan` or `0.0.0.0`, add TLS certs, optionally OIDC — all from Settings once an owner exists.\n\nCLI mirror for repos: `opsintelligence repos list | add | sync | status | users | tui`.\n\n## Configuring a team\n\nA **team** is a folder of Markdown files merged into the agent’s system prompt on startup:\n\n```\n~/.opsintelligence/teams/platform/\n├── README.md\n├── pr-review.md          # severity, size limits, merge bar\n├── sonar.md              # quality gates, false-positive policy\n├── cicd.md               # required pipelines, flakes, rollback\n├── secrets-and-safety.md # PII, tokens, approvals\n└── runbooks/             # optional operator runbooks\n```\n\nStart from [`teams/example-team/`](teams/example-team/), copy, rename, edit. The agent should cite which policy drove a recommendation.\n\n## DevOps skill graph\n\nShipped under [`skills/devops/`](skills/devops/) — lazy-loaded when needed:\n\n- [`SKILL.md`](skills/devops/SKILL.md) — map of the graph.\n- [`pr-review.md`](skills/devops/pr-review.md), [`sonar.md`](skills/devops/sonar.md), [`cicd.md`](skills/devops/cicd.md), [`incidents.md`](skills/devops/incidents.md), [`runbooks.md`](skills/devops/runbooks.md).\n\nCopy to `~/.opsintelligence/skills/devops/` or point `agent.skills_dir` at the repo during dev. Invoke nodes with `read_skill_node(\"devops\", \"\u003cnode\u003e\")`.\n\nThere is also [`gh-pr-review`](skills/gh-pr-review/SKILL.md) for a strict GitHub review flow (checkout, local lint/test, line comments, suggestions).\n\n## Smart prompts \u0026 chains\n\nComplex DevOps answers use **named chains** (gather → analyze → critique → render) exposed via the `chain_run` tool. See [doc/smart-prompts.md](doc/smart-prompts.md).\n\n```bash\nopsintelligence prompts ls\nopsintelligence prompts show pr-review\nopsintelligence prompts run pr-review --input pr_url=https://…\n```\n\nShipped chains include `pr-review`, `sonar-triage`, `cicd-regression`, `incident-scribe`. Override any prompt file under `~/.opsintelligence/prompts/\u003cid\u003e.md`.\n\n## Safety posture\n\n- **Read-first** integrations; writes need explicit human confirmation in the same conversation turn where relevant.\n- **Operator-owned policy files** on disk (`POLICIES.md`, `RULES.md`, `policies/`) cannot be edited by the agent through file tools.\n- **Secrets in env vars**, not YAML; `doctor` checks referenced vars before start.\n- **PII-aware summaries** — minimize verbatim quoting from CI logs or diffs; never echo secrets seen in content.\n\n## Commands\n\n```bash\nopsintelligence onboard     # Interactive setup\nopsintelligence init        # State dir + seed templates\nopsintelligence doctor      # Config + reachability\nopsintelligence start       # Daemon\nopsintelligence run \"...\"   # One-shot agent turn\nopsintelligence repos …     # Repo Intelligence (add, list, sync, tui, …)\nopsintelligence skills ls\nopsintelligence tools ls    # includes devops.*\nopsintelligence prompts ls | run \u003cchain\u003e --input key=value\n```\n\nRun `opsintelligence \u003ccmd\u003e --help` for flags.\n\n## Development\n\n```bash\nmake build    # go build -tags fts5 ./cmd/opsintelligence\nmake test     # go test ./...\nmake lint     # gofmt + go vet\n./bin/opsintelligence doctor --config .opsintelligence.yaml.example --skip-network\n```\n\n`go test ./internal/devops/...` hits GitHub, GitLab, Jenkins, and Sonar clients against `httptest` fixtures (no live APIs).\n\n## License\n\nMIT — see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhridesh-net%2Fopsintelligence","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhridesh-net%2Fopsintelligence","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhridesh-net%2Fopsintelligence/lists"}