{"id":50965706,"url":"https://github.com/sourcehawk/triagent","last_synced_at":"2026-06-18T20:02:08.996Z","repository":{"id":360783562,"uuid":"1240227445","full_name":"sourcehawk/triagent","owner":"sourcehawk","description":"An agent driven incident investigation platform","archived":false,"fork":false,"pushed_at":"2026-06-17T21:51:38.000Z","size":5276,"stargazers_count":3,"open_issues_count":6,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-17T23:22:52.786Z","etag":null,"topics":["agentic","incident-analysis","incident-investigation","investigation-tool","sre"],"latest_commit_sha":null,"homepage":"https://sourcehawk.github.io/triagent/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sourcehawk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-15T22:41:05.000Z","updated_at":"2026-06-17T21:50:27.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/sourcehawk/triagent","commit_stats":null,"previous_names":["sourcehawk/triagent"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/sourcehawk/triagent","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcehawk%2Ftriagent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcehawk%2Ftriagent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcehawk%2Ftriagent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcehawk%2Ftriagent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sourcehawk","download_url":"https://codeload.github.com/sourcehawk/triagent/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcehawk%2Ftriagent/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34505423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-18T02:00:06.871Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic","incident-analysis","incident-investigation","investigation-tool","sre"],"created_at":"2026-06-18T20:02:05.767Z","updated_at":"2026-06-18T20:02:08.989Z","avatar_url":"https://github.com/sourcehawk.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Triagent\n\n\u003e An AI teammate for cloud incident triage, driven from your browser.\n\nTriagent is a web app you run on your own machine. You hand it a symptom, and an AI assistant (powered by [Claude](https://claude.com/claude-code)) investigates it the way you would, working across your infrastructure to check the surfaces where the answer usually hides. When it's done, it hands back a written diagnosis you can paste straight into a ticket.\n\nIt connects to the places you already look: Kubernetes, AWS, and GCP (all read-only), Prometheus, Slack, GitHub, and incident.io, plus anything else you wire up via [MCP](https://modelcontextprotocol.io) (the open standard for plugging AI assistants into tools).\n\nEvery step it takes is shown live, so you can follow its reasoning, check its work, or interrupt it at any point. Its access to your clusters and cloud accounts is read-only; the only changes it makes beyond your own machine are Git pull requests you review before merging (a new playbook, a wiki entry, a saved investigation). You run it on your own machine, and teams share those playbooks, wiki, and investigations through Git, so whoever's on call next picks up where you left off instead of at the original alert.\n\n**📚 [Read the full documentation →](https://sourcehawk.github.io/triagent/)**\n\n![Live investigation: sidebar of past sessions, the agent's diagnosis in the main pane, and the activity panel streaming every tool call on the right.](docs/images/session-screenshot.png)\n\n## What it does\n\nCloud incident triage isn't a single command. It's a multi-tab scramble across half a dozen tools: dashboards, logs, the cloud console, Slack, the incident tracker, the runbook nobody can find. Triagent collapses that scramble into one conversation with one trail you can read back later:\n\n- **It follows your procedures instead of guessing.** The troubleshooting know-how lives in **playbooks**: step-by-step procedures written as YAML that the assistant loads when it runs, not baked into the AI model itself. Teaching it to diagnose something new is a text edit, not a code change or an expensive model retrain.\n- **It can only use the tools you give it.** The assistant doesn't get a shell or free rein on your infrastructure. Every action it can take is one specific, pre-defined tool with a known input. You decide exactly what it's allowed to do, and that list of tools doubles as documentation.\n- **Every investigation makes the next one faster.** When it's done, the assistant can save what it learned: a new playbook (a procedure) or a **wiki** entry (a fact about your systems). Next time, recalling that is a single lookup instead of an archaeology dig through old Slack threads.\n\nIt can also watch for trouble on its own. Point it at Slack channels or GitHub issue queries (more sources on the way), and it triages new items as they land and proposes investigations without being asked. Turn on **auto mode** and it runs the routine ones start to finish before you've even read the page. You can take over at any moment.\n\n## What's in the box\n\nFour surfaces, each documented in depth on the [docs site](https://sourcehawk.github.io/triagent/):\n\n- **[Investigations](https://sourcehawk.github.io/triagent/investigations/)**: the live triage view. Hand the assistant a symptom and some context (cluster, Slack thread, incident.io link, notes), watch it work through the diagnosis step by step, and ship the summary as markdown.\n- **[Playbooks](https://sourcehawk.github.io/triagent/playbooks/)**: the step-by-step troubleshooting procedures the assistant follows, defined as YAML. Write and edit them right in the browser, with an AI assistant helping.\n- **[Wiki](https://sourcehawk.github.io/triagent/wiki/)**: the team's lasting knowledge base of failure patterns and prior fixes, which the assistant can search.\n- **[Watches](https://sourcehawk.github.io/triagent/watches/)**: rules that turn Slack messages, GitHub issues, or alerts into proposed investigations on their own.\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\" valign=\"top\"\u003e\n\n![Tool catalog](docs/images/tool-catalog.png)\n\n**The assistant works from a fixed list of tools, not a shell.** Every action it can take is one specific, pre-defined tool. The same catalog the assistant works from is the one you edit.\n\n\u003c/td\u003e\n\u003ctd width=\"50%\" valign=\"top\"\u003e\n\n![Playbook editor](docs/images/playbook-editor.png)\n\n**Playbooks are just data.** Troubleshooting procedures written as YAML, edited in the browser with an AI assistant helping, and shipped as pull requests to your playbooks repo.\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\" valign=\"top\"\u003e\n\n![Wiki editor](docs/images/wiki-editor.png)\n\n**A wiki that compounds.** Every finished investigation can leave behind an entry, so tomorrow's recall is a single lookup instead of an archaeology dig through old Slack threads.\n\n\u003c/td\u003e\n\u003ctd width=\"50%\" valign=\"top\"\u003e\n\n![Watches](docs/images/watches-screenshot.png)\n\n**Watches close the loop.** Slack channels and GitHub queries become triaged signals. Routine ones kick off an investigation on their own, before the pager fires.\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n## Quick start\n\n### Requirements\n\nThe only thing triagent needs to launch is the Claude Code CLI. What it can reach during an investigation is set by your [profile](#customising-the-profile); the default profile is wired for Kubernetes, so the rest of these requirements cover that path. Cloud providers, Prometheus, Slack, GitHub, and incident.io attach through the profile too.\n\n- The [Claude Code](https://claude.com/claude-code) CLI (`claude`) on your `$PATH` and signed in. Triagent drives Claude Code to do the reasoning, so what it reads during an investigation (logs, resource state, the surfaces it checks) is sent to Claude. Claude Code is a separate Anthropic product with its own account and pricing; its docs cover sign-in and which model it uses.\n- A working kubeconfig with read access to the namespace you want to triage. Triagent talks to the cluster directly, so `kubectl` doesn't need to be installed.\n- `tsh` if you use [Teleport](https://goteleport.com)-backed cluster discovery (optional).\n- Kubernetes permissions to read pods/logs in the namespaces you investigate. Triagent does **not** create RBAC; its cluster tools are read-only and surface a permission error if your access falls short.\n\n### Install\n\n**macOS / Linux:**\n\n```sh\ncurl -fsSL https://sourcehawk.github.io/triagent/install.sh | sh\n```\n\n**Windows (PowerShell):**\n\n```powershell\nirm https://sourcehawk.github.io/triagent/install.ps1 | iex\n```\n\n**Homebrew (macOS):**\n\n```sh\nbrew install --cask sourcehawk/tap/triagent\n```\n\n**Manual download:** grab the archive for your OS/arch from [the latest release](https://github.com/sourcehawk/triagent/releases/latest) and put `triagent` + `triagent-mcp` somewhere on your `$PATH`.\n\nThe install script downloads both `triagent` (the launcher) and `triagent-mcp` (the MCP multiplexer) to `~/.local/bin` (or `%LOCALAPPDATA%\\Programs\\triagent` on Windows); make sure that directory is on your `$PATH`. The launcher locates `triagent-mcp` adjacent to itself or anywhere on `$PATH`. The Next.js frontend is embedded in the launcher, so the runtime ships as a single executable per binary.\n\n**Build from source** (requires Node 20+ and Go; see `.tool-versions`):\n\n```sh\nmake build\n```\n\n### Run\n\n```sh\ntriagent start\n```\n\nThis boots a localhost HTTP server, prints its URL with a per-launch token, and opens your browser to it. Press `Ctrl-C` to stop. It works out of the box on the embedded `default` profile; see [Customising the profile](#customising-the-profile) below to teach the assistant your stack and wire upstream repos.\n\nIn the browser:\n\n1. **Pick a cluster** from the dropdown (sourced from your kubeconfig by default; Teleport if your profile uses it).\n2. **Log in** if prompted (SSO/2FA prompts go to the launcher terminal).\n3. **Add context** (all optional): a sentence on the symptom, a Slack channel, or an incident URL. The assistant narrows down the namespace itself.\n4. **Investigate**: the assistant works through the playbook, uses its tools, and writes a summary you can copy or push upstream as a PR (once you've wired an upstream repo; see below).\n\n### A few useful commands\n\n```sh\ntriagent help                              # full command and flag reference\ntriagent start                             # boot the launcher\ntriagent start --profile /path/to/profile  # boot with a custom profile\n```\n\n### Customising the profile\n\nA profile is the deployment-specific config that fits triagent to your platform: which playbooks the assistant follows, which tool integrations attach, what the new-investigation form asks for, and what the assistant already knows about your stack before it starts. The embedded `default` runs as-is but is platform-neutral. **Customising the profile is the highest-leverage step in a triagent setup.** Two overrides matter most:\n\n- **`architecture.md`**: the briefing the assistant reads before every triage. Teach it your platform's CRDs, namespace conventions, dependency direction, and recurring failure modes. Every investigation starts informed instead of rediscovering your stack.\n- **Upstream repos** (`defaults.playbooks_repo`, `defaults.wiki_repo`, `defaults.sessions_repo`): the GitHub repos backing the playbook set, team wiki, and committed session transcripts. Wiring these enables sync-from-upstream and push-as-PR; without them, edits stay local-only. Each repo is independent; wire any subset.\n\nThe recommended setup is a tiny overlay that inherits from `default` and only spells out what you're overriding:\n\n```sh\nmkdir -p ~/.config/triagent/profile\ncat \u003e ~/.config/triagent/profile/profile.yaml \u003c\u003c'YAML'\nname: my-team\nbase: default\n\ndefaults:\n  playbooks_repo: my-org/triagent-playbooks   # GitHub OWNER/REPO\n  wiki_repo:      my-org/triagent-wiki\n  sessions_repo:  my-org/triagent-sessions\n\nprompt_files:\n  architecture.md: architecture.md\nYAML\n\n$EDITOR ~/.config/triagent/profile/architecture.md     # describe your platform\ntriagent start --profile ~/.config/triagent/profile\n```\n\nEverything you leave out (paths, other prompts, investigation inputs, `kinds.json`, extra MCPs, Prometheus, model selection, auth) is inherited from `default`. See [Profiles](https://sourcehawk.github.io/triagent/profiles/) for the full schema, alternative layouts (full fork via `triagent create-profile`, air-gapped mode), and the longer narrative on each block.\n\n## Contributing\n\nPRs welcome. See [DEVELOPER_GUIDE.md](DEVELOPER_GUIDE.md) for the full contributor setup, [CLAUDE.md](CLAUDE.md) for the durable conventions, and [open issues](https://github.com/sourcehawk/triagent/issues) for ideas worth picking up.\n\nCI gates the tests, the linter, and the frontend typecheck, so run all three before opening a PR:\n\n```sh\nmake test                          # Go race tests + frontend vitest\nmake lint                          # Go lint\ncd frontend \u0026\u0026 npm run typecheck   # frontend types\n```\n\n`make build` rebuilds the embedded frontend bundle and both binaries. For the UI dev loop (no Go rebuild for frontend changes):\n\n```sh\ngo run ./cmd/triagent start          # terminal 1\ncd frontend \u0026\u0026 npm run dev           # terminal 2, proxies /api/* to :8080\n```\n\n## License\n\n[Apache 2.0](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcehawk%2Ftriagent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsourcehawk%2Ftriagent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcehawk%2Ftriagent/lists"}