A new open-source project called OpenDevOps is challenging the assumption that incident investigation at scale requires expensive managed services from cloud vendors. The agent, developed by Ahmad Hammad21 and posted to GitHub on June 13th, handles AWS and Azure incidents autonomously—finding root causes and delivering actionable mitigation plans without routing your data through vendor infrastructure.
Benchmarks That Actually Mean Something
The project doesn't just demo—it benchmarks. Running on a reproducible 10-incident test suite with real AWS and Azure resources (scored against ground truth), OpenDevOps running gpt-oss-120b found root causes in 9 out of 10 cases. The median investigation took roughly 52 seconds at approximately $0.03 per run. Compare that to the AWS DevOps Agent's ~$0.43 per investigation, or the ~$50 worth of engineer triage time that manual investigation typically consumes.
Any LLM, Your Infrastructure
OpenDevOps connects to any LiteLLM-compatible model—OpenAI, Anthropic direct, OpenRouter, Groq, Gemini, Mistral, or Ollama for air-gapped and regulated environments. If you're already on a Claude Max or Pro plan, the agent auto-detects your existing subscription so you pay zero incremental LLM cost. The entire investigation pipeline runs against your own Postgres or SQLite instance—your VPC, your retention, your encryption—which matters significantly for HIPAA, PCI, FedRAMP, and EU AI Act compliance.
Multi-Cloud Out of the Box
While AWS-only agents hit their perimeter quickly, OpenDevOps handles AWS and Azure investigations in a single conversation. The 21 read-only AWS tools span CloudWatch (6), CloudTrail (2), ECS (4), Lambda (4), EC2 (2), RDS (2), and IAM (1). Azure support comes through the az CLI plus kubectl for AKS, backed by runbook skills covering AKS debugging, App Service errors, Azure Monitor/KQL, and VM diagnostics. No separate SDK tools required.
Event-Driven Detection With Full Auditability
The agent connects to AWS EventBridge via SQS with nine pre-built rules covering CloudWatch alarms, ECS task failures, Lambda async errors, RDS events, EC2 state changes, CodePipeline failures, and AWS Health events. Every prompt, tool call (with args and results), and token count streams live to the UI—nothing hidden. A dead-letter queue plus database-backed incident claims prevents duplicate investigations.
Built-In MCP Server Opens Doors
The agent ships as an MCP server, making it accessible from Claude Desktop, Cursor, or any MCP-compatible client. The CLI brings three commands: investigate (for specific incidents), ask (freeform Q&A against your cloud environment), and report (daily ops health summaries). All three use the same underlying agent logic.
Security Hardening in Place
The bash execution tool runs only whitelisted read-only AWS CLI, Azure CLI, kubectl, and docker commands as a last resort when structured tools fall short. Commands are validated against an allowlist—no shell=True anywhere—and enforce a hard 30-second timeout. Tool responses exceeding the context window get truncated automatically (configurable via TOOL_RESPONSE_MAX_CHARS).
Getting Started
Setup requires Python dependencies, AWS credentials with read-only IAM access (a least-privilege policy is documented), and a storage backend choice: memory for testing, SQLite for local development, or PostgreSQL for production. Docker Compose handles the full stack including the React frontend and FastAPI backend. The Web UI includes session history, live incident monitoring via SSE push, dashboard analytics, user management with JWT auth, and settings for SQS queue configuration.
Key Takeaways
- OpenDevOps achieves 90% root cause identification in ~52 seconds at $0.03 per investigation versus AWS DevOps Agent's ~$0.43
- Supports both AWS and Azure simultaneously; no vendor lock-in to Bedrock-managed models
- Data stays local—Postgres or SQLite with your own encryption, retention policy, and VPC
- Event-driven detection via nine EventBridge rules auto-investigates Lambda errors, ECS failures, RDS events, and more
- MCP server integration enables use from Claude Desktop, Cursor, or any MCP client without the AWS Console
The Bottom Line
If you're fully committed to AWS and need zero infrastructure overhead, Amazon Q Developer remains a solid choice. But for everyone else—multi-cloud shops, regulated industries, teams that want audit trails without blind spots, or organizations already paying for Claude Code subscriptions—OpenDevOps delivers the same autonomous investigation capability at a fraction of the cost and with none of the vendor captivity.