An open source agent that lives on your machines 24/7, keeps your apps running, and only pings when it needs a human.
Install Stakpak -> Run /init
curl -sSL https://stakpak.dev/install.sh | sh
Hey everyone! we really appreciate your support reaching 1.2K stars on GitHub
Open-source self-driving infra is here! We didn’t build this to monitor your apps. We built Stakpak Autopilot to resolve 3am incidents AUTONOMOUSLY, and SAFELY!
We're killing this loop: You spend hours setting up alerts, You get an alert, You wake up, You fix it yourself.
So we built something to babysit your apps in production:
Stakpak Autopilot doesn’t just watch your infra, it sets up its own alerts, and actually fixes issues in production. And when something really needs a human, it escalates, pings you on Whatsapp/Telegram/Slack.
No 5+ observability tools, No manual setup, No dashboards, No alerts waking you up for things that could’ve fixed themselves.
1) install stakpak (single Rust Binary) 2) run /init
Open-source, single binary, and state of the art network guardrails with a Cedar policy engine.
Report
hey @georgefahmy congrats on the launch and for Open Source of such a product.
but just from security point of view how secure is this to be used in production ?
and with all critical workloads is there any allowed rule for these agents to do specific actions , can we define some boundaries so that in case it goes wrong then disruption will be minimal.....
We built Stakpak because we kept seeing the same pattern: teams either give full production access to AI tools (scary) or don't use them for infra at all (wasteful). We wanted a middle ground.
Stakpak Autopilot is an open-source Rust agent that runs as a system service on your machines — systemd on Linux, launchd on macOS. It watches your infrastructure on a cron schedule, runs pre-flight check scripts, and only spins up the AI agent when something actually needs attention.
What makes it different:
Security-first: secrets are automatically redacted using gitleaks patterns before they ever reach the LLM. Tool execution happens inside Docker sandboxes. mTLS by default.
No lock-in: works with Claude, GPT, Gemini, or any OpenAI-compatible endpoint. Your infra stays yours.
Connects where your team already is: Slack, Telegram, Discord — the agent reports what it found and asks for approval when it needs to do something risky.
Profile system: define different behavior profiles (what tools are allowed, what gets auto-approved, which model to use) for different jobs — monitoring vs. deployment vs. debugging.
We've been dogfooding this on our own infrastructure and the shift from "get paged, SSH in, diagnose, fix" to "get a Slack message with the fix already applied" has been huge.
Would love your feedback — especially around what checks/automations you'd want to schedule first!
Report
How does the Cedar policy engine handle edge cases where the fix itself could be destructive, for instance restarting a service that has in memory state? Really cool that this is open source.
Replies
Stakpak
Hey everyone! we really appreciate your support reaching 1.2K stars on GitHub
Open-source self-driving infra is here! We didn’t build this to monitor your apps. We built Stakpak Autopilot to resolve 3am incidents AUTONOMOUSLY, and SAFELY!
We're killing this loop: You spend hours setting up alerts, You get an alert, You wake up, You fix it yourself.
So we built something to babysit your apps in production:
Stakpak Autopilot doesn’t just watch your infra, it sets up its own alerts, and actually fixes issues in production. And when something really needs a human, it escalates, pings you on Whatsapp/Telegram/Slack.
No 5+ observability tools, No manual setup, No dashboards, No alerts waking you up for things that could’ve fixed themselves.
1) install stakpak (single Rust Binary)
2) run /init
Open-source, single binary, and state of the art network guardrails with a Cedar policy engine.
Stakpak
@georgefahmy @randhir_kumar7
We have stakpak warden it will prevent the agent from doing any destructive actions
Or in other words it wont be able to delete your db
Stakpak
@randhir_kumar7 we built a state of the art L7 guardrail called "Warden", you can read the detailed threat model and security layers in this post https://georgebuilds.dev/blog/agent-security/
Stakpak
Hi Everyone👋🏻
Stakpak Autopilot watches your app like a dev would, fixes what’s safe, and only pulls you in when it actually matters.
So you can keep shipping.
Install Stakpak and run /init
www.stakpak.dev
Stakpak
Hey everyone 👋
We built Stakpak because we kept seeing the same pattern: teams either give full production access to AI tools (scary) or don't use them for infra at all (wasteful). We wanted a middle ground.
Stakpak Autopilot is an open-source Rust agent that runs as a system service on your machines — systemd on Linux, launchd on macOS. It watches your infrastructure on a cron schedule, runs pre-flight check scripts, and only spins up the AI agent when something actually needs attention.
What makes it different:
Security-first: secrets are automatically redacted using gitleaks patterns before they ever reach the LLM. Tool execution happens inside Docker sandboxes. mTLS by default.
No lock-in: works with Claude, GPT, Gemini, or any OpenAI-compatible endpoint. Your infra stays yours.
Connects where your team already is: Slack, Telegram, Discord — the agent reports what it found and asks for approval when it needs to do something risky.
Profile system: define different behavior profiles (what tools are allowed, what gets auto-approved, which model to use) for different jobs — monitoring vs. deployment vs. debugging.
We've been dogfooding this on our own infrastructure and the shift from "get paged, SSH in, diagnose, fix" to "get a Slack message with the fix already applied" has been huge.
Install with one command: curl -sSL https://stakpak.dev/install.sh | sh
Would love your feedback — especially around what checks/automations you'd want to schedule first!
How does the Cedar policy engine handle edge cases where the fix itself could be destructive, for instance restarting a service that has in memory state? Really cool that this is open source.