rocketplaneIO

agent
Security Audit
Warn
Health Pass
  • License — License: Apache-2.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 122 GitHub stars
Code Warn
  • network request — Outbound network request in apps/web/app/(app)/clusters/[id]/alerts/page.tsx
Permissions Pass
  • Permissions — No dangerous permissions requested

No AI report is available for this listing yet.

SUMMARY

Self-hosted AI SRE for Kubernetes — zero-instrumentation eBPF observability plus a copilot that fixes issues through guardrailed, self-verifying actions. BYO-LLM, air-gapped capable.

README.md
rocketplaneIO

An AI SRE for your Kubernetes cluster —
that can actually fix things, safely.

Self-hosted · Apache-2.0 · bring your own LLM · air-gapped capable

Status
License
Go

Quick start · Is it safe? · Under the hood


The Copilot investigating a latency spike: evidence-based root cause, then a scale action waiting for one-click approval
You ask “why is checkout slow?”. The Copilot reads the service map and the logs itself, names the root cause with evidence, and proposes one fix — which runs only after you approve it, as a pipeline that verifies itself or rolls back.

Alpha. The full loop works end-to-end today, developed against minikube. APIs and schemas
still change without notice — don't point it at production yet.

Three things you don't get anywhere else

1 · An AI SRE with a safety catalog — not an AI with kubectl

The Copilot investigates on its own: eBPF traces, logs, PromQL metrics, the live service map and
the full Kubernetes inventory (Services, Ingress, ConfigMaps, policies — everything). But it
can only change the cluster through ~30 named, reversible action pipelines. No shell, no
kubectl, no YAML it could hallucinate.

Every action is risk-graded — and you set the approval rule per level:

Level Examples Default approval
◎ read-only debug bundle, rollout history, drain preview runs automatically
↺ reversible scale up, restart, set image, config edits one click
◇ disruptive evict pod, rollout undo, cleanup one click
△ destructive drain, scale-to-0, NoExecute taint type the target's name to arm

Risk is parameter-aware (scale replicas=3 is reversible; replicas=0 is destructive), scope is
enforced server-side (a namespace-scoped session cannot touch nodes or other namespaces), and
every level can be set to auto, click, confirm or off.

The model proposes. Deterministic pipelines execute, verify at pod level, and roll back.
The LLM never touches the cluster directly.

Bring any Anthropic- or OpenAI-compatible model — including a fully local, air-gapped one. Your
telemetry never leaves your infrastructure either way.

2 · Traces for services you never instrumented

One outbound-only agent plus an eBPF DaemonSet
(OTel eBPF Instrumentation, née Grafana Beyla). HTTP/gRPC
spans with cross-service context propagation — including compiled Go binaries — plus SQL,
Redis and Kafka client spans. No SDKs, no sidecars, no code changes.

A real 500 investigated: the failure cascades across three services, correlated error logs on the right
A real 500 on GET /checkout: the failure cascades frontdoor → checkout → catalog, the exact ERROR log lines are correlated on the right. No SDK in any of these services. An ERROR log line is two clicks away from this view. PromQL runs on the real Prometheus engine, embedded, on ClickHouse.

3 · Every change proves itself — or undoes itself

Actions aren't fire-and-forget kubectl calls. Each one is a pipeline —
trigger → observe → verify — that only reports success when the cluster actually converged:
old pods gone, new pods Ready, stable. Cancel, timeout or a failed verify triggers automatic
rollback from a snapshot taken before the mutation.

The Runs audit trail: every execution as an expandable row with its full pipeline, and a one-click revert
Runs — the audit trail. Who ran what, the full step timeline, and ↺ revert: one click re-applies the exact state captured before the change. Cancel always terminates — a reaper finalizes anything a dead agent leaves behind, and force-cancel never waits.

Quick start

No published container images yet — you run the platform from source (that's the alpha part).
With Go 1.25+, Node 22+/pnpm and Docker installed:

git clone https://github.com/olemeyer/rocketplaneIO && cd rocketplaneIO

# 1 — data stores + OTLP collector (Postgres, ClickHouse — defaults just work)
docker compose -f deploy/compose/docker-compose.yml up -d

# 2 — control plane on :8090
go run ./services/controlplane/cmd/controlplane &

# 3 — web UI on :4173
pnpm install && pnpm dev

Open http://localhost:4173, create the owner account, hit Connect cluster — it hands you
one copy-paste kubectl command that installs the agent and the Beyla DaemonSet. When the service
map draws your namespaces and spans appear under Traces, you're live — without touching a line of
your code.

Copilot: open it from the top bar and connect any LLM provider — the key stays on your
instance, requests go straight from your control plane to the provider you chose.

Demo workload: a Python + Redis shop behind nginx that generates real traffic, errors and
slow queries — the workload every screenshot here was taken from:

kubectl apply -f deploy/dev/shop-realistic.yaml -f deploy/dev/frontdoor.yaml

Alpha gap: the agent image isn't on a public registry yet. For a local minikube:
docker build -t rocketplane/agent:dev -f agent/Dockerfile . && minikube image load rocketplane/agent:dev,
then set RP_AGENT_IMAGE=rocketplane/agent:dev on the control plane.

Is it safe?

The section every platform team reads first:

  • Outbound-only. The agent dials out over HTTPS; nothing connects into your cluster, nothing
    listens. Actions are claimed by the agent — never pushed in.
  • Enumerated RBAC, two blocks (deploy/install.yaml): observe is
    read-only; act holds exactly the write verbs the action catalog needs. Delete the act block
    (or set rbac.actions=false in Helm) for a strictly observe-only agent. No wildcards, no
    cluster-admin.
  • Secrets: the inventory shows names, types and key counts — never values. That restraint is
    enforced in agent code; if you'd rather enforce it with RBAC too, delete the one secrets rule
    and the agent degrades gracefully.
  • The LLM is caged. It reads through the same authenticated APIs you use, and mutates only
    via the whitelisted, validated, risk-gated action catalog. Every proposal, approval and result
    lands in the audit trail.
  • eBPF: Beyla runs as a privileged DaemonSet (kernel ≥ 5.8 with BTF). The capture layer is
    upstream OpenTelemetry tooling — rocketplaneIO is the investigation-and-action loop on top.

What else is in the box

Live service map · alerts with auto-remediation · PromQL on ClickHouse · full K8s inventory · Starlark workflows · more screens
Live service map with automatic technology detection Service map — topology from real eBPF traffic flows; tech logos matched from container images; live-updating.



Alert rule firing and dispatching an auto-remediation workflow Alerts — typed checks or PromQL conditions with for-durations and sparklines. A firing rule can dispatch a remediation workflow: once per transition, fully audited, still subject to verify-or-rollback.



PromQL editor on ClickHouse PromQL — the actual Prometheus evaluation engine, embedded and pointed at ClickHouse (internal/promqlx); editor built on codemirror-promql. Custom metrics are named PromQL expressions, validated at save.



Full Kubernetes inventory, tabbed by resource kind Resources — the complete cluster inventory (Services, Ingress, ConfigMaps, batch, policies, volumes, quotas), synced every 60s. The same data the Copilot reads via list_resources.



Actions catalog, grouped by category with risk levels Actions — the catalog, searchable and risk-graded. Every built-in is also readable, forkable Starlark: automate what an operator does by hand, with typed parameters that render as forms. Deterministic, compiled at save.



Log stream with severity histogram Logs — severity histogram, brushing, and the two-click path to the distributed trace.



Node infrastructure with kubelet stats Nodes — kubelet-level stats; cordon/drain are verified actions, with a read-only drain preview that shows the blast radius first.



The UI follows a strict instrument-panel design system (RETICLE) — healthy is calm, only
anomalies speak.

Under the hood

 YOUR CLUSTER   agent (Go, outbound-only, enumerated RBAC)      beyla eBPF DaemonSet
                topology · logs · inventory · action pipelines   HTTP/gRPC/Go · SQL/Redis/Kafka
                        │ HTTPS                                          │ OTLP
                        ▼                                                ▼
 CONTROL PLANE  control plane (Go, single binary)                OTel collector → ClickHouse
                API · auth/orgs · alert evaluator · action queue · Copilot loop
                embedded Prometheus engine (PromQL → ClickHouse) · SSE broker
                        │
 DATA           PostgreSQL (state, rules, runs, chats)  ·  ClickHouse (logs, traces, metrics)
 ACCESS         web (Next.js) — service map · copilot · logs · traces · metrics · alerts · actions · runs

The Copilot is a tool-calling loop inside the control plane: 16 read tools (logs, traces —
including single-trace waterfalls and trace↔log correlation — PromQL, service map, inventory,
debug bundles) plus exactly one mutating tool, run_safe_action, which pauses the stream for
human approval. The same toolbox is exposed as an MCP server,
so Claude Code or Cursor can operate your cluster through the identical guardrails.

Monorepo layout
├── agent/                      # in-cluster agent (Go): sync, logs, inventory, action pipelines + revert snapshots
├── services/controlplane/      # control plane (Go): API, auth, alerts, Copilot loop, PromQL engine
│   └── internal/
│       ├── api/                #   REST + SSE + copilot_* (loop, guardrails, approval gate)
│       ├── promqlx/            #   embedded Prometheus engine on ClickHouse
│       ├── alerts/ · telemetry/ · events/ · store/ · migrations/
│       └── ../cmd/mcp/         #   MCP server — same tools for external agents
├── apps/web/                   # Next.js UI (RETICLE design system)
└── deploy/                     # compose (dev stores), helm chart, install.yaml, demo shop

Status

Works end-to-end today Not yet
Copilot: BYO-LLM investigation → guardrailed fixes Published container images
eBPF traces incl. compiled Go, log→trace correlation Hosted demo
~30 safe actions with verify, rollback and revert Measured overhead numbers
Runs audit trail, guaranteed-terminating cancel Multi-user RBAC hardening
Alerts with auto-remediation dispatch Server-side LLM key vault
PromQL + custom metrics on ClickHouse, full K8s inventory

Contributing

Reports from real clusters are the contribution we want most —
open an issue. See
CONTRIBUTING.md. If this resonates, a star helps others find it.

License

Apache-2.0.


Built with Go, Next.js, eBPF and ClickHouse · rocketplaneIO

Reviews (0)

No results found