Skip to main content

Platform
Architecture
Workflows
Observability
Docs
GitHub

Star on GitHub Deploy CortexOps →

Documentation

Getting Started
Installation
Architecture
Platform Components
Infrastructure
Operations Overview
↳ Incident Response
↳ Remediation
↳ Temporal Recovery
↳ Chaos Operations
↳ Backup & Restore
Security & Governance
Reference
Engineering
Deployment

CortexOps

© CortexOps 2026
Deterministic Infrastructure Intelligence.

Platform

Architecture
Platform Overview
Feature Matrix
Workflows

Resources

Documentation
Production Readiness
Deployment Guide
Security

Community

GitHub
LinkedIn
Engineering Decisions
Load Test Results

Star us on GitHub

Help us build the future of infrastructure operations.

Infrastructure

The core distributed systems that back the CortexOps platform.

NATS JetStream

Acts as the distributed event log for all incoming telemetry.

Why? Provides replayable, ordered streams. Essential for crash recovery without data loss.
Guarantees: Exactly-once delivery semantics using message IDs.

Temporal Workflows

The orchestration engine responsible for executing remediations.

Why? Provides durable execution. Workflows can sleep for days awaiting human approval or safely retry upon network partition.
Guarantees: Replay safety. If a worker dies mid-execution, a new worker resumes exact state without duplicating prior activities.

PostgreSQL

The persistent storage layer for the Topology Graph, Audit logs, and Temporal state.

Why? Relational guarantees are required for the audit trail of autonomous actions.
Failure Mode: If PG goes down, CortexOps halts autonomous execution safely (fails closed).

Qdrant Memory Layer

A vector database storing historical incidents, runbooks, and past remediation outcomes.

Why? Allows the RCA engine to perform semantic search to find similar past outages.
Failure Mode: If unavailable, the RCA engine degrades to deterministic heuristics instead of Retrieval-Augmented Generation.

OPA Governance

The Open Policy Agent (OPA) enforces security constraints before any infrastructure mutation occurs.

Why? Decouples security logic from workflow code. Ensures that even if the AI or Correlator hallucinations an incorrect fix, OPA will block it if it violates policy (e.g., "Never restart kube-system pods").
Guarantees: Fail-closed execution. No action is taken unless explicitly allowed by a loaded rego policy.