Open source AI-powered pre-flight risk analysis for Kubernetes. Self-hosted with your own AI API keys. Stop production incidents before they happen with intelligent guardrails, security scanning, and real-time recommendations.
AI-powered guardrails, real-time monitoring, and intelligent recommendations in one platform
Block risky changes before production. AI analyzes every PR/MR with 10 guardrails, security scanning, and explainable decisions backed by concrete evidence.
Hybrid AI + rule-based scoring provides accurate risk assessment. Get AI recommendations, incident predictions, and cost optimization suggestions with every change.
Lightweight Kubernetes agent provides real-time cluster intelligence. WebSocket updates deliver instant notifications as decisions are made.
Native GitHub & GitLab integration with Slack, Teams, Email, and PagerDuty notifications. Interactive approval workflows and comprehensive API for CI/CD pipelines.
Comprehensive dashboards with risk trends, decision history, and team performance metrics. Export data to CSV/JSON, generate reports, and track improvements over time.
Self-hosted on your infrastructure with audit logs, RBAC, encrypted communications, and zero API key leakage. Your data stays private and secure.
Use your own API keys with OpenAI, DeepSeek, Claude (Anthropic), or Google Gemini. No vendor lock-in, full control over your AI costs and data.
Export decisions to CSV or JSON format. Generate comprehensive analytics reports with guardrail statistics, risk trends, and decision summaries for compliance and analysis.
Configure webhooks for outbound notifications. Integrate with Teams, Email, PagerDuty, and custom systems. Event-based triggers with custom headers and secret verification.
Manual approval workflow for high-risk decisions. Approve or reject decisions with comments, track approvers, and maintain full audit trail of manual actions.
Perform bulk operations on multiple decisions. Approve, reject, or delete decisions in batch with comments. Save time on administrative tasks and mass approvals.
Compare two change events side-by-side. Analyze file differences, risk score changes, and get automated recommendations. Track risk evolution over time.
Complete audit trail of all decisions and actions. Filter by date range, track manual approvals/rejections, and export for compliance. Full transparency and accountability.
Pre-configured policy templates for common use cases. Choose from Strict, Balanced, Permissive, or Compliance policies. Customize guardrails and enforcement modes to match your needs.
Automate report generation with scheduled reports. Daily, weekly, or monthly reports delivered automatically. Export analytics, decision summaries, and risk trends on your schedule.
Track change history across repositories. View repository statistics, risk trends, and decision patterns. Analyze change frequency, risk distribution, and improvement over time.
Kubernetes-native enforcement with validating/mutating admission webhooks. Block risky resources at deploy time or annotate in advisory mode. Prevents incidents when someone kubectl applys at 3am.
Versioned policy bundles with OPA/CEL support, rollout/rollback, and per-namespace overrides. Signed bundles with hash verification. Compliance-ready with full version history and audit trails.
Every decision includes a complete evidence pack: diff hunks, matched rules, signals queried, timestamps, and score explanations. Exportable as JSON and human-readable reports. Full traceability.
Real-time cluster intelligence with correlation. Collects events, workload snapshots, and SLO signals (restarts, OOMKills, CrashLoops). Context-aware risk scoring during incidents.
Supply chain security with SBOM (CycloneDX/SPDX), signature verification (cosign), and SLSA provenance attestation. Block unsigned images or critical CVEs. Tamper-proof verification.
Interactive approvals with full context: risk score, reasons, diff snippets, impacted resources. Approve once, approve for repo/branch, or time-bound exceptions. Secure signature verification prevents replay attacks.
Enterprise-grade multi-tenancy with per-tenant policies, data retention, and strict RBAC. Complete data isolation between tenants. Audit logs with tenant_id, actor, action tracking.
Built specifically for Kubernetes with native admission webhooks, CRDs, and operator patterns. Seamlessly integrates with your existing K8s infrastructure and workflows. No external dependencies required.
See how PatchPulse analyzes changes, runs AI analysis, and makes decisions in real-time
Git integration detects PRs/MRs. AI analyzes diffs, cluster state, and historical patterns to assess risk.
Get security scans, recommendations, incident predictions, and cost optimization suggestions with every change.
Block risky changes automatically or log for review. Get Slack notifications with interactive approvals and full explainability.
100% open source. Self-host on your infrastructure with your own AI API keys.
Clone the repository and deploy manually. Full control over your infrastructure.
View on GitHub βProduction-ready Helm charts for scalable, high-availability deployments.
View Architecture βUse any AI provider you prefer. PatchPulse works with OpenAI, DeepSeek, Claude, Gemini, or any OpenAI-compatible API.
Self-host PatchPulse on your infrastructure with your own AI API keys
Get Started on GitHub β