README.md
July 3, 2026 · View on GitHub
What's New
- Artifacts — Persistent agent-maintained documents in Monitor, continuously updated as investigations progress
- Actions — Automated post-RCA workflows (generate postmortems, open fix PRs, notify Slack) triggered on investigation completion
- AWS Bedrock Support — Use Claude, Titan, and other Bedrock models via IAM auth
- Fly.io Connector — Investigate incidents on Fly.io infrastructure
- CloudBees Enterprise — Operations Center + Feature Management connector
- Kubeconfig Upload — Connect on-prem Kubernetes clusters without a cloud provider
- CloudWatch Alarm Webhooks — Ingest AWS CloudWatch alarms directly as incidents
- Extensibility Hooks — Gate LLM calls, enforce seat limits, and customize behavior with lifecycle hooks
See the full CHANGELOG for all releases.
Why Aurora?
When an alert fires at 3 AM, your on-call engineer spends 30-60 minutes doing the same thing every time: checking dashboards, running kubectl commands, reading logs, correlating deployments, and searching Slack history.
Aurora does all of that autonomously. It receives the alert, spins up AI agents that investigate across your entire stack, and delivers a structured RCA by the time you open your laptop.
| Without Aurora | With Aurora |
|---|---|
| Engineer paged, context-switches | Alert auto-triaged in background |
| 30-60 min manual investigation | AI agents investigate in parallel |
| Knowledge siloed in individuals | Investigation reasoning captured |
| Postmortem written days later | Postmortem auto-generated |
| Same failure, different engineer | Knowledge base grows over time |
Features
Agentic InvestigationAI agents dynamically select from 30+ tools. They run |
|
AI Code FixesAurora doesn't just find root cause — it suggests fixes and can generate pull requests with the remediation. |
|
Incident DashboardIngest alerts from PagerDuty, Datadog, Grafana, New Relic, OpsGenie, incident.io and more. Every alert auto-triggers a background investigation. |
|
Auto-Generated PostmortemsDetailed reports with timeline, root cause, impact assessment, and remediation steps. Export directly to Confluence, Notion, or SharePoint. |
|
Infrastructure Knowledge GraphVisualize your entire infrastructure as a dependency graph. When an incident occurs, Aurora traces blast radius across services and providers. |
|
More capabilities: Knowledge Base RAG • Multi-Cloud (AWS, Azure, GCP, OVH, Scaleway, Cloudflare) • Any LLM (OpenAI, Anthropic, Gemini, Vertex AI, OpenRouter, Ollama) • Terraform/IaC Analysis • MCP Server (Cursor, Claude Desktop, Windsurf) • Org-level Command Policies • SigmaHQ Guardrails • NeMo Input Rail
Quick Start
Get Aurora running locally in under 5 minutes:
git clone https://github.com/arvo-ai/aurora.git && cd aurora
make init # Generate secure secrets
nano .env # Add your LLM API key (OpenRouter, OpenAI, etc.)
make prod-prebuilt # Pull prebuilt images and start
Open http://localhost:3000. The first user to register becomes admin.
Tip
Aurora works without any cloud provider accounts. The LLM API key is the only external requirement. Connectors are optional.
Vault setup (required after first start)
# Get the auto-generated root token
docker logs vault-init 2>&1 | grep "Root Token:"
# Add it to .env
echo "VAULT_TOKEN=hvs.your-token-here" >> .env
# Restart to connect services to Vault
make down && make prod-prebuilt
Pin a specific version
make prod-prebuilt VERSION=v1.2.3
Build from source
make prod-local
Deploy
| Method | Best for |
|---|---|
make prod-prebuilt | Local evaluation, single-node |
| Helm chart | Production Kubernetes (GKE, EKS, AKS) |
| Air-tight bundle | Air-gapped / restricted networks |
Kubernetes (Helm)
helm repo add aurora https://raw.githubusercontent.com/Arvo-AI/aurora/gh-pages
helm repo update
helm show values aurora/aurora-oss > my-values.yaml
# Edit my-values.yaml, then:
helm install aurora-oss aurora/aurora-oss -n aurora --create-namespace -f my-values.yaml
Also available via OCI: oci://ghcr.io/arvo-ai/charts/aurora-oss
Integrations
LLMs: OpenAI • Anthropic • Google Gemini • Vertex AI • AWS Bedrock • OpenRouter • Ollama (air-gapped)
Architecture
aurora/
├── server/ # Python API (Flask), Celery workers, LangGraph agents
├── client/ # Next.js frontend
├── deploy/ # Helm chart, Docker Compose, deployment scripts
├── config/ # Default configuration
├── scripts/ # CLI utilities
└── website/ # Documentation (Docusaurus)
| Layer | Stack |
|---|---|
| AI Orchestration | LangGraph, 30+ tool definitions |
| Backend | Python, Flask, Celery |
| Frontend | Next.js, TypeScript |
| Graph DB | Memgraph |
| Vector Store | Weaviate |
| Secrets | HashiCorp Vault, AWS Secrets Manager |
| Storage | PostgreSQL, Redis, S3-compatible |
Security
- Sandboxed execution — Agent commands run in isolated Kubernetes pods with NetworkPolicy, not on your control plane
- RBAC — Three roles (Admin, Editor, Viewer) enforced at API and UI layers via Casbin
- Closed registration — First user is admin; all others are invited
- SigmaHQ guardrails — 37 threat detection signatures on agent command execution
- NeMo input rail — Prompt injection detection on every turn
- No telemetry — Zero data sent to Arvo AI. Fully self-hosted.
Data Privacy
Aurora is 100% self-hosted. Your incident data never leaves your infrastructure.
- All data on your infrastructure (Docker or Kubernetes)
- No telemetry or tracking to Arvo AI
- Secrets encrypted at rest in Vault or AWS Secrets Manager
- LLM calls go directly from your infra to your chosen provider
- Use Ollama for fully air-gapped operation
Community
- GitHub Issues — Bug reports and feature requests
- GitHub Discussions — Ideas and Q&A
- Documentation — Full deployment and configuration guides
- Blog — SRE best practices, incident management guides
- Contributing — We welcome PRs! Read the guide first.
License
Apache License 2.0 — free forever, no per-seat or per-incident pricing.