VigilAI reads the logs you already have, finds the root cause, cites the evidence, and opens a validated fix PR — only as far as you allow. Your infra, your engine, your autonomy. No account, no agents in your code, nothing leaves the box except to the engine you pick.
npx skills add guptaprakhariitr/vigil --all
Paste into Claude Code or Cursor — it clones the repo, reads the docs, and sets VigilAI up for you.
Tiered cognition
Cheap work stays cheap. The deterministic core runs hot at zero tokens; the engine is one constrained, cited hop — only when a real incident is novel.
Tier 0
Parse, template-mine, correlate and detect on every line — sub-millisecond, no model, fully on box.
Tier 1
A per-project mute / watch / escalate table the engine authors once and refines from feedback. Runs hot, zero tokens, auditable.
Tier 2
One grounded call on a novel escalation → a cited root cause + a validated patch. Claude · Cursor · API · local.
Why it's different
Evidence is assembled by code, not narrated by a prompt. The engine proposes; the engine validates.
The deterministic engine assembles cited evidence and validates patches. The model suggests — it never decides.
Every claim links back to the log cluster, stack frame, or diff it came from. Thin evidence → it abstains, with a reason.
Fixes are applied in a throwaway git worktree off your deployed SHA, tested, and secret-scanned — never your working copy.
Thousands of log lines and hundreds of recurrences collapse to one incident and a couple of engine calls. Healthy services cost nothing.
Accept/reject teaches the policy; eval-gated calibration sharpens it on a schedule and can never weaken detection recall.
Read-only data plane, resource-capped, sandboxed validation. Its credential ceiling is a scoped git token — it never deploys.
Quickstart
A project is one system; add its containers as sources. Pick an engine, set the autonomy, let it run.
Self-hosted · BYO engine · Apache-2.0 · no code changes, no account.
Get started