[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-84004":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":17,"stars90d":15,"forks30d":15,"starsTrendScore":18,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":21,"hasPages":21,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":31,"readmeContent":32,"aiSummary":10,"trendingCount":15,"starSnapshotCount":15,"syncStatus":14,"lastSyncTime":33,"discoverSource":34},84004,"nightwatch","ninoxAI\u002Fnightwatch","ninoxAI","Open-source, local-first, read-only AI SRE: clusters alert storms, investigates root cause over your live systems, proposes human-gated fixes.","",null,"Python",98,4,2,0,5,26,36,67.7,"Apache License 2.0",false,"main",[24,25,26,27,28,29,30],"aiops","devops","incident-management","kubernetes","observability","self-hosted","sre","2026-06-12 04:01:42","\u003Cp align=\"center\">\n \u003Cimg src=\"src\u002Fninoxai\u002Fweb\u002Fstatic\u002Flogo.png#gh-light-mode-only\" alt=\"ninoxAI\" width=\"160\">\n \u003Cimg src=\"docs\u002Fassets\u002Flogo-readme-dark.png#gh-dark-mode-only\" alt=\"ninoxAI\" width=\"160\">\n\u003C\u002Fp>\n\n\u003Ch1 align=\"center\">ninoxAI\u003C\u002Fh1>\n\n\u003Cp align=\"center\">\n \u003Cb>The open-source, read-only AI SRE.\u003C\u002Fb>\u003Cbr>\n ninoxAI turns alert storms into incidents, investigates root cause over your live systems, and proposes human-approved fixes — without ever touching production.\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"LICENSE\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Apache_2.0-blue.svg\" alt=\"License: Apache 2.0\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002Fp8FSZxrBsW\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscord-join%20the%20parliament-5865F2?logo=discord&logoColor=white\" alt=\"Discord\">\u003C\u002Fa>\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fboundary-read--only-success\" alt=\"Read-only\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flocal--first-✓-success\" alt=\"Local-first\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fpython-3.11+-blue\" alt=\"Python 3.11+\">\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"#-quickstart\">\u003Cb>Quickstart\u003C\u002Fb>\u003C\u002Fa>\n · \u003Ca href=\"#-the-ai-sre-investigator\">\u003Cb>AI SRE\u003C\u002Fb>\u003C\u002Fa>\n · \u003Ca href=\"lab\u002FREADME.md\">\u003Cb>Demo lab\u003C\u002Fb>\u003C\u002Fa>\n · \u003Ca href=\"docs\u002FREADME.md\">\u003Cb>Docs\u003C\u002Fb>\u003C\u002Fa>\n · \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002Fp8FSZxrBsW\">\u003Cb>Discord\u003C\u002Fb>\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"docs\u002Fassets\u002Fninoxai-demo.gif\" alt=\"ninoxAI turning an alert storm into an incident, root-cause hypothesis, and classified fix proposal\" width=\"920\">\n\u003C\u002Fp>\n\n---\n\nYour monitoring tells you *something* broke. It pages you at 3am with fifty alerts for one outage and leaves the hard part to you:\n\n### **What broke, why did it break, and what should we do next?**\n\nninoxAI is a thin, **local-first**, **monitoring-agnostic** AI SRE layer that answers that question. It sits above Checkmk, Prometheus, Icinga2, Zabbix, webhooks, Docker, Kubernetes, AWS, Grafana, GitHub, Git and plain VMs, and:\n\n- 🌊 **Turns alert floods into incidents** — one incident per outage, *\"confirmed by N tools\"*, instead of one page per symptom.\n- 🔇 **Finds the noisy checks** — flapping, over-sensitive, never-actioned — with evidence.\n- 🤖 **Investigates root cause** — a tool-calling AI agent reads your live systems and forms a root-cause hypothesis.\n- 🧰 **Proposes classified fixes** — copy-pasteable, ranked by risk and blast radius, for a human to gate.\n\n> ### 🔒 Read-only by design\n> ninoxAI **observes, reasons, and recommends — it never executes anything.** No commands run, no alerts acked, no thresholds changed, no write-back to production. Every fix is a copyable artifact a human approves. Gated, governed remediation is on the roadmap; unconditional auto-execute is not.\n\n---\n\n## ⚡ Quickstart\n\n**Try it in 60 seconds** — no LLM, no API keys, fully offline:\n\n```bash\ncp .env.example .env # set NINOXAI_SECRET_KEY (one-liner is in the file)\ndocker compose up --build # → http:\u002F\u002F127.0.0.1:8765\n\n# No live monitoring? Watch it triage synthetic alert noise:\ndocker compose exec ninoxai ninoxai generate-mocks\ndocker compose exec ninoxai ninoxai import data\u002Fmock_alerts.json\ndocker compose exec ninoxai ninoxai reprocess\n# → \u002Frecommendations now shows reasoned threshold + flapping fixes\n```\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Local Python install (for development)\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\npython -m venv .venv && source .venv\u002Fbin\u002Factivate # Windows: .venv\\Scripts\\Activate.ps1\npip install -e \".[dev,embeddings]\"\n\npython -m ninoxai generate-mocks\npython -m ninoxai import data\u002Fmock_alerts.json\npython -m ninoxai reprocess\npython -m ninoxai serve # → http:\u002F\u002F127.0.0.1:8765\n```\n\u003C\u002Fdetails>\n\n**Then light up the AI SRE:** point ninoxAI at a tool-calling LLM (Anthropic \u002F OpenAI \u002F Mistral \u002F a local Ollama) and connect your systems — either directly or via a **ninox** runner (below). The full end-to-end scenario — real monitoring tools *and* live investigator capabilities (Docker\u002FKubernetes\u002Fhost\u002FAWS\u002FGrafana\u002FGitHub) against a genuinely failing workload — lives in [`lab\u002F`](lab\u002FREADME.md).\n\n---\n\n## 🔭 How it works\n\n```\ningest → normalize → cluster → score noise → recommend → dashboard\n ↓\n agentic, read-only root-cause investigator\n```\n\n| Stage | What happens |\n|---|---|\n| **ingest** | Read-only adapters pull non-OK alerts from each source + JSON\u002FCSV import. |\n| **normalize** | Maps every source onto one schema + message fingerprint. |\n| **cluster** | Groups by host \u002F service \u002F severity \u002F time-window. Semantic embeddings optional. |\n| **noise** | Frequency, ack-rate, ticket-rate, short-recovery, flapping → one 0–1 score. |\n| **recommend** | Rule-based tuning recommendations with rationale + evidence. |\n| **investigate** | A tool-calling LLM gathers live evidence → root-cause hypothesis + classified fixes. |\n\n**Cross-tool correlation:** the same fault fires in every tool. The **Incidents** view groups clusters that share `(host, severity, time-window)` into one incident — *\"confirmed by N tools\"* — read-only, no merge.\n\n---\n\n## 🤖 The AI SRE investigator\n\nninoxAI's standout capability. A tool-calling LLM drives a typed **allowlist** of read-only capabilities (a ReAct loop on native function-calling — reason → act → observe), builds a root-cause hypothesis from live evidence, and proposes **classified** fixes a human approves.\n\n| Capability | Reads (all read-only) |\n|---|---|\n| 🐳 **Docker** | containers, logs, stats, inspect |\n| ☸️ **Kubernetes** | pods, logs, events, deployments (in-cluster RBAC) |\n| ☁️ **AWS** | CloudTrail change events, EC2, security groups, quotas (IAM read-role) |\n| 📈 **Grafana** | PromQL + LogQL over the datasource proxy |\n| 🐙 **GitHub** | CI runs, releases, PRs — change-event RCA |\n| 🌿 **Git** | mirrored repos: commits, diffs, code & history search |\n| 🖥️ **Host** | CPU \u002F mem \u002F disk \u002F processes \u002F sockets \u002F log tail (plain VMs) |\n\n- **Every action is classified** `read_only · reversible · irreversible` + a `scope` (blast radius). Unknown coerces to `irreversible` — never silently auto.\n- **Pre-grounded:** the agent starts with a compact brief of your environment, so it diagnoses instead of rediscovering.\n- **Hardened:** untrusted logs\u002Fdiffs are injection-shielded, secrets are one-way scrubbed, and a grounding gate caps confidence when claims aren't backed by evidence.\n\nRun it live-streaming in the **agent console** (`\u002Fagent`) or from the CLI. → [Investigator internals](docs\u002Farchitecture\u002Finvestigator-internals.md)\n\n---\n\n## 🦉 Distributed ninoxes — the agent's eyes, anywhere\n\nThe agent can investigate systems it can't reach directly. A **ninox** is a thin, **outbound-only** runner that lives *inside* one environment (cluster, VPC, on-prem segment), holds that environment's credentials **locally**, and dials home to the brain — **no inbound firewall hole**. It advertises a read-only capability surface the brain calls as if local.\n\n```\n ┌────────────────────┐ ┌────────────────────┐\n │ ninoxAI brain │ ◀── outbound only ─── │ ninox runner │\n │ dashboard · API │ (the ninox dials │ inside k8s\u002FDocker\u002F │\n │ incidents · RCA │ home; no inbound │ AWS\u002Fon-prem\u002FVM │\n │ AI SRE investigator│ firewall hole) │ credentials stay │\n └────────────────────┘ ◀── read-only evidence │ local │\n └────────────────────┘\n```\n\nCapabilities self-select by environment — one binary, the right tools for the box it lands on. Connected ninoxes show up in the **Parliament of Owls** (`\u002Fparliament`). → [Deployment & on-prem](docs\u002Farchitecture\u002Fninox-deployment-and-onprem.md)\n\n---\n\n## 🔌 Connectors\n\nAll adapters are **read-only** — no ack, no downtime, no write-back. Configured in the UI (`\u002Fconnections`), credentials Fernet-encrypted.\n\n| Checkmk | Prometheus Alertmanager | Icinga2 | Zabbix | Generic Webhook | PRTG |\n|:--:|:--:|:--:|:--:|:--:|:--:|\n| ✅ | ✅ | ✅ | ✅ | ✅ | ⛔ stub |\n\nWant to teach the AI SRE to read **your** stack (Jira, Sentry, Postgres…)? Point it at any **MCP server**, write a Python **capability plugin**, or expose tools via the **runner protocol** — every external tool runs through the same safety shell (namespaced, injection-scanned, classification-coerced). → [Extending capabilities](docs\u002Farchitecture\u002Fextending-capabilities.md)\n\n---\n\n## 🧠 LLM providers\n\nDefault is **`template`** — fully **offline**: no LLM, no network, no API keys, no tracking. It works out of the box for summaries\u002Frecommendations but deliberately can't drive the agent (that needs tool-calling). Pick a remote per role — a cheap model for high-volume summaries, a strong one for the rare investigation:\n\n| Provider | Notes |\n|---|---|\n| **template** | offline — no LLM, no network. Default. |\n| **mistral** | cost-efficient, EU-hosted |\n| **anthropic** | strong tool-calling — default for the investigator |\n| **openai** | OpenAI, Azure, and **local LLMs** (vLLM \u002F Ollama \u002F LM Studio) via base URL |\n\n**Redaction + secret-scrubbing run before every remote call** — hostnames, IPs, UUIDs, emails, paths become deterministic placeholders, restored only in proposed commands; credentials are one-way scrubbed and never returned. → [Technical architecture](docs\u002Farchitecture\u002Ftechnical-architecture.md)\n\n---\n\n## 🛠️ Development\n\nFull CLI reference, test setup, and lint rules live in **[docs\u002Fdevelopment.md](docs\u002Fdevelopment.md)**.\n\n---\n\n## 🤝 Contributing\n\nEvery contributor is an Owl. 🦉 Pull requests, connector adapters, capability providers, and bug reports are all welcome — see [CONTRIBUTING.md](CONTRIBUTING.md).\n\n**Community:** [Join the parliament on Discord](https:\u002F\u002Fdiscord.gg\u002Fp8FSZxrBsW).\n\n## 📜 License\n\nninoxAI is **fully open source** under the [Apache License 2.0](LICENSE) — free to use, self-host, fork, and build on, in open or closed projects alike.\n\n\u003Cp align=\"center\">\u003Ci>The owl observes; the human decides.\u003C\u002Fi> 🦉\u003C\u002Fp>\n","2026-06-11 04:12:01","CREATED_QUERY"]