CompTech AIOps - overview
What the comptech-aiops repository is for, what it is not, and how the work is being tracked.
comptech-aiops is the operating repository for CompTech’s agentic AIOps platform, GitHub governance, secret custody, declarative deployment work, and public-safe documentation mirror.
The important point is scope: this is not an OpenShift-specific project. The platform is intended to manage company development, datacenter systems, OpenShift/Kubernetes clusters, hypervisors, bare-metal servers, network devices, power and cooling systems, and software platforms through governed agent workflows.
The current target is a custom portal and agentic control plane on ze-tower. Open WebUI and Ollama are not target platform components.
Source Repositories
| Repository | Purpose |
|---|---|
comptech-lab/comptech-aiops | Canonical operating memory, ADRs, changelog, service skeletons, deployment source, RAG source notes, and GitOps direction. |
zeshaq/comptech-lab | Blog and documentation site that publishes this public-safe mirror. |
Current Work
The foundation established the operating memory model:
- A root
AGENTS.mdincomptech-aiopsso future agents know how to work. docs/memory/for stable project context.docs/adr/for architecture decisions.docs/infra/for host and runtime facts.docs/tools/for tool inventory.docs/operations/for change control and phases.CHANGELOG.mdfor strict history.
Governance requires:
- Every repository-changing execution needs a GitHub issue.
- Every issue needs a milestone.
- Every execution needs a phase.
- Every material change needs an ADR reference.
- Every change set updates the changelog.
The current Phase 1 control plane is deployed to ze-tower through a manual GitHub Actions workflow and Docker Compose. The baseline includes a custom operator portal MVP, Go/Gin API, React/Vite frontend, Temporal, OPA, LiteLLM, Qdrant, Postgres, Keycloak, NetBox, observability services, placeholder agent/MCP processes, and a RAG ingestion service with durable metadata and a first semantic indexing path.
The old rag-open-webui container from the superseded local RAG experiment has been removed from the active host state. Legacy data paths were preserved for recoverability.
The first encrypted ze-tower control-plane backup and restore drill has completed. A conservative Restic retention policy is also defined with dry-run by default and explicit apply mode. The public record only names the toolchain and validation outcome; private endpoint values, credentials, and raw evidence remain out of the blog.
The first service contract baseline is now defined for the portal API, agent orchestrator, MCP gateway, RAG service, evidence records, event stream, and health/readiness checks. The baseline keeps operator traffic at the portal API and infrastructure tool execution behind internal service, policy, approval, and evidence boundaries.
The first operator portal MVP is deployed. It exposes existing safe Phase 1 workflows for readiness, task tracking, approval decisions, knowledge search with citations, inventory targets, evidence lookup, and task event history through the portal API only.
The portal is now being exposed through a single trusted-LAN ingress path on ze-tower. Internal services remain Docker-internal, and this access change does not enable production-changing agent authority.
The RAG service now generates deterministic local embeddings for reviewed chunks, writes vectors to Qdrant when the index is healthy, and keeps keyword fallback for availability. This is a bootstrap semantic retrieval baseline, not the final model-backed embedding service.
The first reviewed RAG knowledge pack and retrieval evaluation fixture are now defined in the canonical repo. The fixture uses public-safe control-plane knowledge and checks that representative operator questions return expected citations before deployment.
The first operator chat console is now implemented in the portal. Chat messages create tracked tasks, query reviewed RAG through the portal API, show citations and proposed plan steps, and keep execution-seeking work approval-gated. This is a planning-only console; it does not execute tools or mutate target infrastructure.
Non-Negotiables
- No secrets in Git.
- No secret values in issues, PRs, changelogs, docs, or logs.
- GitHub is the collaboration and custody control plane for now.
- Runtime desired state should be declarative wherever practical.
- GitHub Actions should validate and orchestrate; long-term deployments should move toward pull or reconcile patterns.
- Public blog docs mirror the canonical repo only after a public-safety review.