Skip to content

Noctuary Documentation

Noctuary is an AI incident context platform that sits alongside your existing observability stack and pre-builds the evidence trail for every incident — before the alert fires.

When PagerDuty wakes your engineer at 2am, they arrive with a specific hypothesis and cited evidence, not a blank terminal.

How it works

Your infrastructure (Kubernetes, VMs, bare metal)
    │  OTel log streams
Noctuary Agent  ──── fingerprints log lines ──── WASM vendor plugins
    │                                            (ArgoCD, Postgres, k8s)
    │  ContextEvents (structured, tiny JSON)
Noctuary Cloud  ──── correlates across services ──── state window (Redis)
    │  when PagerDuty fires…
Enriched incident with hypothesis + evidence trail

Raw logs, credentials and PII never leave your infrastructure. Only structured ContextEvent objects (typically 15MB/month per customer) are transmitted.

  • Getting Started

    Install the agent and send your first context event in under 10 minutes.

    Get started

  • UI Guide

    Navigate the dashboard — incidents, services, agents and settings.

    Explore the UI

  • API Reference

    Full HTTP API documentation with request and response examples.

    View the API

  • Agent Configuration

    All configuration options for the Noctuary Agent YAML file.

    Agent config

Key concepts

Term Description
ContextEvent A single structured signal emitted by a vendor plugin: a deploy, restart, config change, or saturation event
Agent The lightweight process running in your infrastructure that receives OTel streams and emits ContextEvents
State window A rolling TTL-keyed Redis window of recent events per service — the raw material for incident correlation
Incident A correlated cluster of ContextEvents with an LLM-generated hypothesis and recommended action
Vendor plugin A WASM module that parses raw log lines for a specific vendor (ArgoCD, Kubernetes, Postgres)

Supported vendors

Vendor Events detected
ArgoCD Sync start/success/failure, health transitions, auto-sync triggers
Kubernetes OOMKill, CrashLoopBackOff, probe failures, FailedScheduling, node events
Postgres Slow queries, autovacuum, deadlocks, connection exhaustion, WAL events

Additional vendors can be added via the WASM plugin interface.