Open-source infrastructure monitoring and tooling platform for corporate engineering teams https://carrtech-dev.github.io/ct-ops/
  • TypeScript 72.8%
  • Go 14%
  • JavaScript 7.7%
  • Shell 4.1%
  • Python 0.9%
  • Other 0.4%
Find a file
simon b620776b2f
All checks were successful
Release / Detect merged release PR (push) Successful in 9s
Release / Create or update release PR (push) Has been skipped
Release / Create release tags (push) Has been skipped
Release / Build agent darwin/arm64 (push) Has been skipped
Release / Build agent darwin/amd64 (push) Has been skipped
Release / Build agent linux/arm64 (push) Has been skipped
Release / Build agent windows/arm64 (push) Has been skipped
Release / Build and publish web image (push) Has been skipped
Release / Build agent windows/amd64 (push) Has been skipped
Release / Build agent linux/amd64 (push) Has been skipped
Release / Build and publish ingest image (push) Has been skipped
Release / Build and publish ansible-api image (push) Has been skipped
Release / Build ansible-api image (push) Successful in 0s
Release / Publish customer bundle (push) Has been skipped
Release / Publish agent release (push) Has been skipped
Release / Publish ansible-api release (push) Has been skipped
Release / Build web image (push) Successful in 0s
Release / Build ingest image (push) Successful in 0s
Release / Publish web release (push) Has been skipped
Release / Publish customer bundle release (push) Has been skipped
Release / Publish ingest release (push) Has been skipped
fix(host-editor): show file actions as compact toolbar
2026-06-20 08:19:49 +00:00
.codex test(e2e): fix tasks-schedules-edit-host-group-review-runs 2026-06-01 06:19:52 +00:00
.github fix(release): preserve dev component versions 2026-06-19 17:09:40 +00:00
agent chore(release): prepare main release 2026-06-13 21:58:44 +00:00
apps fix(host-editor): show file actions as compact toolbar 2026-06-20 08:19:49 +00:00
consumers feat: initial monorepo commit — Phase 0 foundation 2026-03-28 15:06:44 +00:00
deploy fix(release): preserve dev component versions 2026-06-19 17:09:40 +00:00
docs ci(images): publish development tags before production promotion 2026-06-17 08:41:05 +00:00
packages/proto-ts feat: initial monorepo commit — Phase 0 foundation 2026-03-28 15:06:44 +00:00
proto feat(docker): reuse central image scan results 2026-06-13 21:55:28 +00:00
.dockerignore feat(web): bake agent binaries into the web image (#508) 2026-04-22 19:35:06 +01:00
.env.example feat(upgrade): add development bundle channel 2026-06-17 14:06:15 +00:00
.gitignore feat(terminal): support custom SSH ports 2026-05-16 20:20:03 +00:00
.npmrc feat: initial monorepo commit — Phase 0 foundation 2026-03-28 15:06:44 +00:00
.release-please-manifest.json chore(release): prepare main release 2026-06-18 08:32:04 +00:00
AGENTS.md docs(agents): sync ct-ops dev branch guidance 2026-06-19 17:52:18 +00:00
CLAUDE.md docs: point agents at Astro docs 2026-06-14 19:45:56 +00:00
dev-stack.sh fix(dev): connect agent containers to dev network 2026-05-15 13:24:31 +00:00
docker-compose.dev-stack.yml fix(ingest): align agent update discovery with web 2026-05-21 19:09:13 +00:00
docker-compose.dev.yml chore: rename infrawatch → ct-ops across repo 2026-04-22 11:06:45 +01:00
docker-compose.single.yml fix(upgrade): pass release channel to web 2026-06-17 16:45:03 +00:00
go.work feat(checks): add cert_file check type and fix cert JSON display 2026-04-09 07:54:57 +01:00
install.sh fix(release): use portable mktemp templates 2026-05-24 07:40:15 +00:00
Makefile fix(deploy): include ct-ops in generated TLS cert SANs 2026-05-09 11:08:04 +01:00
ORGANISATION_REMOVAL_TASKS.md refactor: remove remaining organisation residue (#1411) 2026-05-13 22:38:22 +01:00
package.json build(deps-dev): bump the dev-dependencies group across 3 directories with 6 updates (#1262) 2026-05-11 15:22:12 +01:00
PENTEST.md ci(release): prove Forgejo release publishing 2026-05-17 23:35:09 +00:00
pnpm-lock.yaml feat(host-editor): add SSH-backed remote file editor 2026-06-16 06:58:52 +00:00
pnpm-workspace.yaml feat: initial monorepo commit — Phase 0 foundation 2026-03-28 15:06:44 +00:00
PROGRESS.md feat(host-workspace): add session log and fullscreen tabs 2026-06-19 09:36:29 +00:00
README.md fix(release): install Docker Hub bundle from Forgejo 2026-05-18 12:49:33 +00:00
release-please-config.json fix(releases): align displayed version with customer bundle 2026-05-24 19:00:34 +00:00
SECURITY.md fix(release): publish customer images to Docker Hub 2026-05-18 12:26:09 +00:00
SECURITY_DISCLOSURE.md ci(release): prove Forgejo release publishing 2026-05-17 23:35:09 +00:00
start.sh fix(release): support local image overrides in bundles 2026-06-05 10:52:19 +00:00
TASK.md refactor: remove remaining organisation residue (#1411) 2026-05-13 22:38:22 +01:00
turbo.json feat(docs): add Docusaurus v3 documentation site with GitHub Pages deployment 2026-04-15 21:41:26 +01:00

CT-Ops

Infrastructure monitoring built for engineering teams that can't phone home.

CT-Ops is an open-source monitoring and operations platform designed to run entirely on your own infrastructure — no SaaS dependencies, no telemetry, no licence servers. Deploy it in five minutes on a single Docker host or scale it to a Redpanda-backed HA cluster. Either way, it works in an air-gapped environment out of the box.

Documentation →


Features

  • Agent-based host monitoring — lightweight Go agent, single binary, communicates over gRPC/mTLS on port 9443. Browser traffic terminates TLS on 443 via a bundled nginx container.
  • Real-time metrics — CPU, memory, disk, and network graphs backed by TimescaleDB, visible seconds after agent enrolment.
  • Alerting & notification routing — rule-based alerts with configurable thresholds and multi-channel notification delivery.
  • Certificate lifecycle management — inspect, validate, and track X.509 certificates from URL or file upload. Expiry alerts built in.
  • Network inventory — CIDR-based network management with a live topology graph view.
  • Directory user lookup — query LDAP/Active Directory in real time, no sync job required. Community tier (no paywall).
  • Service account & identity tracking — inventory SSH keys, API tokens, and service identities across your estate.
  • Host groups & tagging — flexible key:value tags on any resource, group-based access control for teams.
  • Terminal workspace — split-pane browser terminal for ad-hoc investigation without leaving the dashboard.
  • Air-gap agent bundles — download a self-contained zip (binary + config + install script) for hosts that can't reach the internet.
  • Instance-scoped RBACsuper_admininstance_adminengineerread_onlyagent role hierarchy.
  • Three deployment profilessingle (one host), standard (Redpanda), ha (clustered) — same codebase, different docker-compose files.

Quick Start

Requirements: Docker, curl, unzip, openssl. Do not run as root.

# Download and unpack the latest release
# The installer verifies the published SHA-256 checksum before unpacking.
curl -fsSL https://forgejo.carrtech.dev/carrtech/ct-ops/raw/branch/main/install.sh | bash

cd ct-ops

# First run creates .env from the example file
./start.sh

# Set your domain and credentials
$EDITOR .env

# Boot the stack
./start.sh

Open https://localhost (or the domain you configured) to complete setup. Your browser will warn about the self-signed certificate on first visit — accept it, or drop a real cert into deploy/tls/server.{crt,key} and restart the nginx container.

To pin a specific version:

curl -fsSL https://forgejo.carrtech.dev/carrtech/ct-ops/raw/branch/main/install.sh \
  | CT_OPS_VERSION=v0.3.0 bash

Enrol your first agent

Once the stack is running, go to Administration → Agents → Enrolment in the UI. Copy the one-line install command or download an offline bundle for air-gapped hosts.


Documentation

Full docs — installation, configuration, architecture, deployment profiles, and feature guides — are at:

https://forgejo.carrtech.dev/carrtech/ct-ops


Deployment Profiles

Profile When to use
docker-compose.single.yml Single host, in-process queue, up to ~50 agents
docker-compose.standard.yml Single Redpanda node, production workloads
docker-compose.ha.yml Redpanda cluster, multiple ingest and web nodes, HAProxy

All profiles produce a self-contained tarball suitable for air-gap deployment via deploy/scripts/airgap-bundle.sh.


Licence

Component Licence
Core platform & web app Apache 2.0
Agent Apache 2.0
Enterprise features (apps/web/enterprise/) Proprietary (source-available)

The agent is always open source — security teams need to audit what runs on their hosts.


Contributing

Issues and PRs are welcome. See CLAUDE.md for architecture decisions and conventions.