{"id":47489043,"url":"https://github.com/incidentfox/incidentfox","last_synced_at":"2026-03-29T13:00:39.918Z","repository":{"id":333627747,"uuid":"1138015269","full_name":"incidentfox/incidentfox","owner":"incidentfox","description":"AI-powered SRE platform for automated incident investigation","archived":false,"fork":false,"pushed_at":"2026-02-26T22:51:53.000Z","size":58838,"stargazers_count":390,"open_issues_count":9,"forks_count":41,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-02-26T22:53:11.393Z","etag":null,"topics":["ai-ops","ai-sre","cloud","devops","incident-management","observability","on-call"],"latest_commit_sha":null,"homepage":"https://www.incidentfox.ai/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/incidentfox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-20T06:14:54.000Z","updated_at":"2026-02-26T22:51:57.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/incidentfox/incidentfox","commit_stats":null,"previous_names":["incidentfox/incidentfox"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/incidentfox/incidentfox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/incidentfox%2Fincidentfox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/incidentfox%2Fincidentfox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/incidentfox%2Fincidentfox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/incidentfox%2Fincidentfox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/incidentfox","download_url":"https://codeload.github.com/incidentfox/incidentfox/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/incidentfox%2Fincidentfox/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31144130,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-29T11:01:20.541Z","status":"ssl_error","status_checked_at":"2026-03-29T11:01:14.322Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-ops","ai-sre","cloud","devops","incident-management","observability","on-call"],"created_at":"2026-03-26T15:00:45.189Z","updated_at":"2026-03-29T13:00:39.911Z","avatar_url":"https://github.com/incidentfox.png","language":"Python","funding_links":[],"categories":["AI SRE Tools \u0026 SRE Copilots","\u003ca name=\"Python\"\u003e\u003c/a\u003ePython"],"sub_categories":["Incident Communication"],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cimg width=\"300\" src=\"/img/logo.png\" alt=\"IncidentFox\"\u003e\n\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  \u003cp align=\"center\"\u003e\u003cb\u003eThe open-source AI SRE platform\u003c/b\u003e: Investigate production incidents, find root causes, and suggest fixes — automatically.\u003c/p\u003e\n\u003c/p\u003e\n\n\u003ch4 align=\"center\"\u003e\n  \u003ca href=\"https://join.slack.com/t/incidentfox/shared_invite/zt-3ojlxvs46-xuEJEplqBHPlymxtzQi8KQ\"\u003eSlack\u003c/a\u003e |\n  \u003ca href=\"https://incidentfox.ai\"\u003eIncidentFox Cloud\u003c/a\u003e |\n  \u003ca href=\"docs/DEPLOYMENT.md\"\u003eSelf-Hosting\u003c/a\u003e |\n  \u003ca href=\"docs/FEATURES.md\"\u003eDocs\u003c/a\u003e |\n  \u003ca href=\"https://www.incidentfox.ai\"\u003eWebsite\u003c/a\u003e\n\u003c/h4\u003e\n\n\u003ch4 align=\"center\"\u003e\n  \u003ca href=\"https://github.com/incidentfox/incidentfox/blob/main/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/license-Apache%202.0-blue.svg\" alt=\"IncidentFox is released under the Apache 2.0 license.\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/incidentfox/incidentfox/blob/main/CONTRIBUTING.md\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/PRs-Welcome-brightgreen\" alt=\"PRs welcome!\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/incidentfox/incidentfox/issues\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/commit-activity/m/incidentfox/incidentfox\" alt=\"git commit activity\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://join.slack.com/t/incidentfox/shared_invite/zt-3ojlxvs46-xuEJEplqBHPlymxtzQi8KQ\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/chat-on%20Slack-blueviolet\" alt=\"Slack community channel\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://twitter.com/jimmyweiiiii\"\u003e\n    \u003cimg src=\"https://img.shields.io/twitter/follow/jimmyweiiiii?label=Follow\" alt=\"IncidentFox Twitter\" /\u003e\n  \u003c/a\u003e\n\u003c/h4\u003e\n\n\u003cimg src=\"demo.gif\" width=\"100%\" alt=\"IncidentFox Demo\" /\u003e\n\n## Introduction\n\n**[IncidentFox](https://incidentfox.ai)** is the open-source AI SRE that automatically investigates production incidents, correlates alerts, analyzes logs, and finds root causes. It connects to your observability stack, infrastructure, and code — then reasons through to an answer.\n\nIncidentFox lives in Slack (or Microsoft Teams / Google Chat). It can auto-respond to every alert, investigate in the thread, and post a root cause summary — or you can @mention it on demand. It learns from your codebase, Slack history, and past incidents to get smarter over time.\n\nWe're on a mission to make incident response faster and less painful for every on-call engineer, not just teams with dedicated SRE staff.\n\n## Features\n\n### Investigation \u0026 Root Cause Analysis\n\n- **[Auto-Investigation](docs/FEATURES.md)**: Automatically responds to every alert in Slack, investigates in-thread, and posts a root cause summary. Also supports on-demand @mention for any question.\n- **[Chat-First Debugging](docs/SLACK_SETUP.md)**: Investigate incidents without leaving Slack, Microsoft Teams, or Google Chat. Upload screenshots, attach logs, and get analysis inline.\n- **[Multi-Agent Orchestration](docs/FEATURES.md)**: Specialist agents for Kubernetes, AWS, metrics, code analysis, and more — routed automatically based on the problem.\n- **[Smart Log Sampling](docs/FEATURES.md)**: Statistics first, then targeted sampling. Stays useful where other tools hit context limits.\n- **[Alert Correlation](docs/FEATURES.md)**: 3-layer analysis (temporal + topology + semantic) reduces alert noise by 85-95%.\n- **[Anomaly Detection](docs/FEATURES.md)**: Meta's Prophet algorithm with seasonality-aware forecasting. Detects anomalies that account for daily/weekly patterns.\n- **[Dependency Mapping](docs/FEATURES.md)**: Automatic service topology discovery with blast radius analysis.\n- **[Knowledge Base (RAPTOR)](docs/FEATURES.md)**: Hierarchical retrieval over runbooks and docs. Maintains context across long documents where standard RAG fails.\n- **[Continuous Learning](docs/FEATURES.md)**: Learns from every investigation. Persists patterns and builds team-specific context over time.\n\n### Integrations\n\n| Category | Integrations |\n|----------|-------------|\n| **Logs \u0026 Metrics** | \u003cimg src=\"slack-bot/assets/processed/coralogix.png\" alt=\"Coralogix\" width=\"16\"\u003e Coralogix · \u003cimg src=\"slack-bot/assets/processed/grafana.png\" alt=\"Grafana\" width=\"16\"\u003e Grafana · \u003cimg src=\"slack-bot/assets/processed/elasticsearch.png\" alt=\"Elasticsearch\" width=\"16\"\u003e Elasticsearch · \u003cimg src=\"slack-bot/assets/processed/opensearch.png\" alt=\"OpenSearch\" width=\"16\"\u003e OpenSearch · \u003cimg src=\"slack-bot/assets/processed/datadog.png\" alt=\"Datadog\" width=\"16\"\u003e Datadog · \u003cimg src=\"slack-bot/assets/processed/prometheus.png\" alt=\"Prometheus\" width=\"16\"\u003e Prometheus · \u003cimg src=\"slack-bot/assets/processed/cloudwatch.png\" alt=\"CloudWatch\" width=\"16\"\u003e CloudWatch · \u003cimg src=\"slack-bot/assets/processed/splunk.png\" alt=\"Splunk\" width=\"16\"\u003e Splunk · \u003cimg src=\"slack-bot/assets/processed/new-relic.png\" alt=\"New Relic\" width=\"16\"\u003e New Relic · \u003cimg src=\"slack-bot/assets/processed/honeycomb.png\" alt=\"Honeycomb\" width=\"16\"\u003e Honeycomb · \u003cimg src=\"slack-bot/assets/processed/jaeger.png\" alt=\"Jaeger\" width=\"16\"\u003e Jaeger · \u003cimg src=\"slack-bot/assets/processed/sentry.png\" alt=\"Sentry\" width=\"16\"\u003e Sentry · \u003cimg src=\"slack-bot/assets/processed/loki.png\" alt=\"Loki\" width=\"16\"\u003e Loki · \u003cimg src=\"slack-bot/assets/processed/amplitude.png\" alt=\"Amplitude\" width=\"16\"\u003e Amplitude |\n| **Incidents \u0026 Alerts** | \u003cimg src=\"slack-bot/assets/processed/pagerduty.png\" alt=\"PagerDuty\" width=\"16\"\u003e PagerDuty · \u003cimg src=\"slack-bot/assets/processed/incident_io.png\" alt=\"incident.io\" width=\"16\"\u003e incident.io · \u003cimg src=\"slack-bot/assets/processed/opsgenie.png\" alt=\"Opsgenie\" width=\"16\"\u003e Opsgenie *(coming soon)* · \u003cimg src=\"slack-bot/assets/processed/servicenow.png\" alt=\"ServiceNow\" width=\"16\"\u003e ServiceNow *(coming soon)* |\n| **Cloud \u0026 Infra** | \u003cimg src=\"slack-bot/assets/processed/k8s.png\" alt=\"Kubernetes\" width=\"16\"\u003e Kubernetes (direct + agent) · \u003cimg src=\"slack-bot/assets/processed/aws.png\" alt=\"AWS\" width=\"16\"\u003e AWS *(coming soon)* · \u003cimg src=\"slack-bot/assets/processed/gcp.png\" alt=\"GCP\" width=\"16\"\u003e GCP *(coming soon)* · \u003cimg src=\"slack-bot/assets/processed/azure.png\" alt=\"Azure\" width=\"16\"\u003e Azure *(coming soon)* |\n| **Dev \u0026 Project Tools** | \u003cimg src=\"slack-bot/assets/processed/github.png\" alt=\"GitHub\" width=\"16\"\u003e GitHub · \u003cimg src=\"slack-bot/assets/processed/gitlab.png\" alt=\"GitLab\" width=\"16\"\u003e GitLab · Confluence · \u003cimg src=\"slack-bot/assets/processed/jira.png\" alt=\"Jira\" width=\"16\"\u003e Jira · ClickUp · \u003cimg src=\"slack-bot/assets/processed/linear.png\" alt=\"Linear\" width=\"16\"\u003e Linear *(coming soon)* · \u003cimg src=\"slack-bot/assets/processed/notion.png\" alt=\"Notion\" width=\"16\"\u003e Notion *(coming soon)* |\n| **LLM Providers** | Claude · OpenAI · Gemini · DeepSeek · Mistral · Groq · Ollama · Azure OpenAI · Amazon Bedrock · Vertex AI · and [14 more](docs/INTEGRATIONS.md) |\n| **Extensibility** | Add new integrations as skills and scripts — no code changes needed |\n\n### General Platform\n\n- **[Web Console](docs/FEATURES.md)**: Dashboard for managing agents, viewing investigations, configuring tools and prompts per team.\n- **[Multi-Tenant Config](docs/FEATURES.md)**: Hierarchical org/team configuration with deep merge, RBAC, and audit logging.\n- **[Model Flexibility](docs/FEATURES.md)**: 24 LLM providers supported (Claude, OpenAI, Gemini, DeepSeek, Mistral, Ollama, and more) — no vendor lock-in.\n- **[Sandboxed Execution](docs/FEATURES.md)**: Each investigation runs in an isolated gVisor Kubernetes sandbox. Credentials never touch the agent (Envoy proxy injects secrets at request time).\n- **[Webhook Routing](docs/FEATURES.md)**: Orchestrator routes GitHub, PagerDuty, Incident.io, Blameless, and FireHydrant events to the right team's agent.\n- **[Self-Hosting](docs/DEPLOYMENT.md)**: Deploy on your own infrastructure with Helm. Air-gapped support available.\n\n## Getting started\n\nCheck out the [Docs](docs/FEATURES.md) to learn more.\n\n| Use IncidentFox Cloud | Deploy on your infrastructure |\n| --- | --- |\n| The fastest and most reliable way to \u003cbr\u003e get started with IncidentFox is adding it \u003cbr\u003e to [Slack](https://slack.com/oauth/v2/authorize?client_id=9967324357443.10323403264580\u0026scope=app_mentions:read,channels:history,channels:join,channels:read,chat:write,chat:write.customize,commands,files:read,files:write,groups:history,groups:read,im:history,im:read,im:write,links:read,links:write,metadata.message:read,mpim:history,mpim:read,reactions:read,reactions:write,usergroups:read,users:read\u0026user_scope=) or signing up at [incidentfox.ai](https://incidentfox.ai). | View all [deployment options](docs/DEPLOYMENT.md) |\n\n### Run IncidentFox locally\n\n\u003ca href=\"https://youtu.be/teWvgdgBqow\"\u003e\n  \u003cimg src=\"https://img.youtube.com/vi/teWvgdgBqow/maxresdefault.jpg\" width=\"600\" alt=\"How to set up \u0026 run IncidentFox locally\" /\u003e\n  \u003cbr\u003e\n  \u003csub\u003eWatch: How to set up \u0026 run IncidentFox locally\u003c/sub\u003e\n\u003c/a\u003e\n\u003cbr\u003e\u003cbr\u003e\n\nTo set up and run IncidentFox locally, make sure you have Git and Docker installed on your system:\n\n```console\ngit clone https://github.com/incidentfox/incidentfox \u0026\u0026 cd incidentfox \u0026\u0026 cp .env.example .env \u0026\u0026 make dev\n```\n\nThen edit `.env` to add your `ANTHROPIC_API_KEY` (or any other LLM provider — see `.env.example` for options).\n\nThat's it. IncidentFox starts Postgres, config-service, sre-agent, and the web console. Migrations run automatically.\n\n**Want to test via Slack?** [Create a Slack app](https://api.slack.com/apps?new_app=1) using the [manifest](slack-bot/slack-manifest.json), add `SLACK_BOT_TOKEN` and `SLACK_APP_TOKEN` to `.env`, and run `make dev-slack`. [Full Slack setup guide](docs/SLACK_SETUP.md).\n\n## Open-source vs. paid\n\nThis repo is available under the [Apache License 2.0](LICENSE), with the exception of the production security layer (sandbox isolation, credential proxy) which is under the [Business Source License 1.1](LICENSE-ENTERPRISE). See [LICENSING.md](LICENSING.md) for details.\n\nThe open-source agent is **fully featured** — same AI, same integrations, same intelligence. Enterprise adds the production security layer and management features for organizations with multiple teams.\n\n| Feature | Open Source | Enterprise |\n|---------|:----------:|:----------:|\n| All 45+ integrations | Yes | Yes |\n| Auto-investigation on alerts | Yes | Yes |\n| Codebase \u0026 Slack history learning | Yes | Yes |\n| Knowledge base (RAPTOR) | Yes | Yes |\n| Alert correlation \u0026 anomaly detection | Yes | Yes |\n| Web console | Yes | Yes |\n| Bring your own LLM keys | Yes | Yes |\n| Self-hosted deployment | Yes | Yes |\n| Multi-team management \u0026 RBAC | - | Yes |\n| SSO / OIDC | - | Yes |\n| SOC 2 compliance | - | Yes |\n| Approval workflows | - | Yes |\n| Dedicated support \u0026 SLAs | - | Yes |\n\nIf you are interested in managed IncidentFox Cloud or Enterprise, take a look at [our website](https://incidentfox.ai) or [contact us](mailto:founders@incidentfox.ai).\n\n## Security\n\nPlease do not file GitHub issues or post on our public forum for security vulnerabilities, as they are public!\n\nIncidentFox takes security issues very seriously. If you have any concerns about IncidentFox or believe you have uncovered a vulnerability, please get in touch via the e-mail address security@incidentfox.ai. In the message, try to provide a description of the issue and ideally a way of reproducing it. The security team will get back to you as soon as possible.\n\nNote that this security address should be used only for undisclosed vulnerabilities. Please report any security problems to us before disclosing it publicly.\n\n## Contributing\n\nWhether it's big or small, we love contributions. Check out our guide to see how to [get started](DEVELOPMENT_KNOWLEDGE.md).\n\nNot sure where to get started? You can:\n\n- Join our \u003ca href=\"https://join.slack.com/t/incidentfox/shared_invite/zt-3ojlxvs46-xuEJEplqBHPlymxtzQi8KQ\"\u003eSlack\u003c/a\u003e, and ask us any questions there.\n- Look for issues labeled **good first issue** on [GitHub](https://github.com/incidentfox/incidentfox/issues).\n\n---\n\n## License\n\nIncidentFox uses a dual-license model:\n\n- **Core platform** (agent, Slack bot, config service, orchestrator, Helm chart, local dev tooling) is licensed under the [Apache License 2.0](LICENSE).\n- **Security layer** (sandbox isolation, credential proxy) is licensed under the [Business Source License 1.1](LICENSE-ENTERPRISE).\n\nEnterprise features automatically convert to Apache 2.0 on the Change Date (February 18, 2030). You can use them freely for development, testing, and evaluation.\n\nSee [LICENSING.md](LICENSING.md) for the complete breakdown of which directories are under which license.\n\n---\n\n## See Also\n\n**[Claude Code Plugin](local/claude_code_pack/)** — Standalone SRE tools for individual developers using Claude Code CLI. Not connected to the IncidentFox platform above.\n\n---\n\n## Connect with Us\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://join.slack.com/t/incidentfox/shared_invite/zt-3ojlxvs46-xuEJEplqBHPlymxtzQi8KQ\"\u003e\u003cimg src=\"https://img.shields.io/badge/Slack-Community-611f69?style=for-the-badge\u0026logo=slack\" alt=\"Slack\"\u003e\u003c/a\u003e\n  \u0026nbsp;\n  \u003ca href=\"https://www.linkedin.com/company/incidentfox/\"\u003e\u003cimg src=\"https://img.shields.io/badge/LinkedIn-Company-0077B5?style=for-the-badge\u0026logo=linkedin\" alt=\"LinkedIn\"\u003e\u003c/a\u003e\n  \u0026nbsp;\n  \u003ca href=\"https://x.com/jimmyweiiiii\"\u003e\u003cimg src=\"https://img.shields.io/badge/X-@jimmyweiiiii-000000?style=for-the-badge\u0026logo=x\" alt=\"X - Jimmy\"\u003e\u003c/a\u003e\n  \u0026nbsp;\n  \u003ca href=\"https://x.com/LongYi1207\"\u003e\u003cimg src=\"https://img.shields.io/badge/X-@LongYi1207-000000?style=for-the-badge\u0026logo=x\" alt=\"X - LongYi\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cem\u003eBuilt with ❤️ by the IncidentFox team\u003c/em\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fincidentfox%2Fincidentfox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fincidentfox%2Fincidentfox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fincidentfox%2Fincidentfox/lists"}