README.md

July 3, 2026 · View on GitHub

Aurora — The open-source AI agent that investigates your incidents for you

Stars  Version  License  Discord  Book a Demo  Try Aurora Live


Try Aurora Live  •  Quick Start  •  Documentation  •  Integrations  •  Website  •  Changelog


What's New

  • Artifacts — Persistent agent-maintained documents in Monitor, continuously updated as investigations progress
  • Actions — Automated post-RCA workflows (generate postmortems, open fix PRs, notify Slack) triggered on investigation completion
  • AWS Bedrock Support — Use Claude, Titan, and other Bedrock models via IAM auth
  • Fly.io Connector — Investigate incidents on Fly.io infrastructure
  • CloudBees Enterprise — Operations Center + Feature Management connector
  • Kubeconfig Upload — Connect on-prem Kubernetes clusters without a cloud provider
  • CloudWatch Alarm Webhooks — Ingest AWS CloudWatch alarms directly as incidents
  • Extensibility Hooks — Gate LLM calls, enforce seat limits, and customize behavior with lifecycle hooks

See the full CHANGELOG for all releases.


Why Aurora?

When an alert fires at 3 AM, your on-call engineer spends 30-60 minutes doing the same thing every time: checking dashboards, running kubectl commands, reading logs, correlating deployments, and searching Slack history.

Aurora does all of that autonomously. It receives the alert, spins up AI agents that investigate across your entire stack, and delivers a structured RCA by the time you open your laptop.

Without AuroraWith Aurora
Engineer paged, context-switchesAlert auto-triaged in background
30-60 min manual investigationAI agents investigate in parallel
Knowledge siloed in individualsInvestigation reasoning captured
Postmortem written days laterPostmortem auto-generated
Same failure, different engineerKnowledge base grows over time
Aurora Demo — AI agent investigating a cloud incident

Click to watch the full demo


Features

Agentic Investigation

AI agents dynamically select from 30+ tools. They run kubectl, aws, az, and gcloud in sandboxed Kubernetes pods, query logs, check deployments, and correlate data — all autonomously.

AI agent investigating

AI Code Fixes

Aurora doesn't just find root cause — it suggests fixes and can generate pull requests with the remediation.

PR suggestion

Incident Dashboard

Ingest alerts from PagerDuty, Datadog, Grafana, New Relic, OpsGenie, incident.io and more. Every alert auto-triggers a background investigation.

Incidents dashboard

Auto-Generated Postmortems

Detailed reports with timeline, root cause, impact assessment, and remediation steps. Export directly to Confluence, Notion, or SharePoint.

Postmortem report

Infrastructure Knowledge Graph

Visualize your entire infrastructure as a dependency graph. When an incident occurs, Aurora traces blast radius across services and providers.

Infrastructure graph

More capabilities: Knowledge Base RAG • Multi-Cloud (AWS, Azure, GCP, OVH, Scaleway, Cloudflare) • Any LLM (OpenAI, Anthropic, Gemini, Vertex AI, OpenRouter, Ollama) • Terraform/IaC Analysis • MCP Server (Cursor, Claude Desktop, Windsurf) • Org-level Command Policies • SigmaHQ Guardrails • NeMo Input Rail


Quick Start

Get Aurora running locally in under 5 minutes:

git clone https://github.com/arvo-ai/aurora.git && cd aurora

make init                # Generate secure secrets
nano .env                # Add your LLM API key (OpenRouter, OpenAI, etc.)
make prod-prebuilt       # Pull prebuilt images and start

Open http://localhost:3000. The first user to register becomes admin.

Tip

Aurora works without any cloud provider accounts. The LLM API key is the only external requirement. Connectors are optional.

Vault setup (required after first start)
# Get the auto-generated root token
docker logs vault-init 2>&1 | grep "Root Token:"

# Add it to .env
echo "VAULT_TOKEN=hvs.your-token-here" >> .env

# Restart to connect services to Vault
make down && make prod-prebuilt
Pin a specific version
make prod-prebuilt VERSION=v1.2.3
Build from source
make prod-local

Deploy

MethodBest for
make prod-prebuiltLocal evaluation, single-node
Helm chartProduction Kubernetes (GKE, EKS, AKS)
Air-tight bundleAir-gapped / restricted networks

Kubernetes (Helm)

helm repo add aurora https://raw.githubusercontent.com/Arvo-AI/aurora/gh-pages
helm repo update
helm show values aurora/aurora-oss > my-values.yaml
# Edit my-values.yaml, then:
helm install aurora-oss aurora/aurora-oss -n aurora --create-namespace -f my-values.yaml

Also available via OCI: oci://ghcr.io/arvo-ai/charts/aurora-oss


Integrations

PagerDuty Datadog Grafana New Relic OpsGenie Dynatrace incident.io AWS Azure GCP Cloudflare Kubernetes Terraform Docker GitHub Jenkins Slack Google Chat Jira Confluence Notion SharePoint Bitbucket Splunk Fly.io CloudBees Tailscale

LLMs: OpenAI • Anthropic • Google Gemini • Vertex AI • AWS Bedrock • OpenRouter • Ollama (air-gapped)


Architecture

aurora/
├── server/      # Python API (Flask), Celery workers, LangGraph agents
├── client/      # Next.js frontend
├── deploy/      # Helm chart, Docker Compose, deployment scripts
├── config/      # Default configuration
├── scripts/     # CLI utilities
└── website/     # Documentation (Docusaurus)
LayerStack
AI OrchestrationLangGraph, 30+ tool definitions
BackendPython, Flask, Celery
FrontendNext.js, TypeScript
Graph DBMemgraph
Vector StoreWeaviate
SecretsHashiCorp Vault, AWS Secrets Manager
StoragePostgreSQL, Redis, S3-compatible

Security

  • Sandboxed execution — Agent commands run in isolated Kubernetes pods with NetworkPolicy, not on your control plane
  • RBAC — Three roles (Admin, Editor, Viewer) enforced at API and UI layers via Casbin
  • Closed registration — First user is admin; all others are invited
  • SigmaHQ guardrails — 37 threat detection signatures on agent command execution
  • NeMo input rail — Prompt injection detection on every turn
  • No telemetry — Zero data sent to Arvo AI. Fully self-hosted.

Data Privacy

Aurora is 100% self-hosted. Your incident data never leaves your infrastructure.

  • All data on your infrastructure (Docker or Kubernetes)
  • No telemetry or tracking to Arvo AI
  • Secrets encrypted at rest in Vault or AWS Secrets Manager
  • LLM calls go directly from your infra to your chosen provider
  • Use Ollama for fully air-gapped operation

Community

Discord   Book a Demo



License

Apache License 2.0 — free forever, no per-seat or per-incident pricing.



If Aurora helps your team, star us on GitHub

Stars