The problem

DevOps teams are drowning in toil.

Every engineering org eventually hits the same walls. Alerts multiply, runbooks rot, tools sprawl, and senior SREs burn out answering the same questions at 3 AM.

Alert fatigue

On-call rotations are buried under thousands of duplicate alerts with well-known fixes. Humans triage noise instead of doing the work.

Tribal knowledge

Senior SREs hold runbooks in their heads. When they take vacation — or leave — the knowledge walks out the door with them.

Tool sprawl

Your ops team lives across 15+ SaaS tools — Slack, Jira, Grafana, cloud consoles, docs, secrets managers. Nothing is joined up.

Off-hours blindness

Incidents happen at 3 AM. By the time a human is awake, coffeed, and logged in, the blast radius has already grown.

How it works

One agent. Three ways to run it.

Veirox gives your team a single intelligent operator backed by the same memory, tools, and knowledge — reachable through whatever path makes sense for the job.

01

Interactive

Chat with the agent in Web, Slack, Telegram, or WhatsApp. Watch it think, run tools, and stream answers live. Voice commands supported on mobile.

→ Real-time streaming responses
→ Tool calls shown inline
→ Artifact pane for code, docs, diffs

02

Scheduled

Cron-based tasks run autonomously. Nightly cluster health checks, hourly cost audits, weekly dependency scans — all logged, all auditable.

→ Standard cron syntax
→ Retries, timeouts, idempotency
→ Full session history & replay

03

Event-driven

Prometheus, AlertManager, Grafana, PagerDuty — any webhook fires a task and the agent handles it end-to-end, from triage to approval request.

→ HMAC-authenticated webhooks
→ Alert correlation & dedup
→ Auto-escalation policies

Why Veirox

Built for the reality of enterprise ops.

Not another ChatGPT wrapper. A production-grade platform with the guardrails your security team will actually approve.

Omnichannel agent

Same agent, same memory, across Web, Slack, Telegram, WhatsApp — plus voice input on mobile.

Safe autonomy

Human approval on every risky action. must_always / must_never rules enforced at runtime.

Compounding memory

Filesystem-backed RAG: runbooks, service facts, past incidents. Your institutional knowledge stops walking out the door.

40+ integrations

Google Workspace, Microsoft 365, Jira, Confluence, Git, cloud APIs. Extensible via Model Context Protocol (MCP).

Whitelabel & multi-tenant

Your brand, your colors, your domain. Database-enforced project isolation for multi-team deployments.

Built on Claude

Powered by Anthropic's most capable and safety-first models. Configurable model selection, context window, reasoning budget per project.

Solutions

Eight ready-to-deploy agents.

Ship with pre-configured use cases out of the box. Customize them to your stack, or build your own from scratch.

01

Auto-Remediator

Detects CrashLoopBackOff, memory pressure, expired certs, queue backlogs — proposes pre-approved fixes for human sign-off.

02

Incident Detector

Scans error rates, latency, logs, saturation, DB health — correlates anomalies with deploys and creates incidents automatically.

03

Change Correlator

Links incidents to recent infra or code changes — ArgoCD syncs, image tags, ConfigMaps — and recommends rollbacks with confidence scores.

04

Cost Monitor

Finds over-provisioned workloads and idle resources. Ranks top 5 savings candidates with cost estimates and rightsizing plans.

05

Predictive Alerter

Projects disk fills, memory leaks, cert expiries, capacity limits with confidence intervals — before they page anyone.

06

Alert Investigator

Webhook-driven triage: dedupes alerts, reads runbooks, searches memory, executes remediation or escalates to on-call.

07

Cluster Health Monitor

Full K8s audit on demand: nodes, pods, resources, networking, storage, firing alerts. Reports clean or detailed findings.

08

Memory Extractor

Mines past sessions for structured facts — episodic, semantic, procedural — and upserts them into long-term agent memory automatically.

Feature catalog

Everything your ops team needs, in one platform.

Fourteen capability areas, hundreds of features, all project-scoped and multi-tenant.

Conversational AI Operations

Real-time streaming chat powered by SSE. See the agent think, run tools, and respond as it happens.

◆Multi-turn sessions with full history and fork-from-checkpoint
◆Inline file attachments — logs, configs, screenshots
◆Artifact pane for code, markdown, HTML previews, diffs
◆Permission cards for inline approval of risky actions
◆Question cards — agent asks, user answers mid-flow
◆Command palette and keyboard shortcuts
◆Session pinning, tagging, full-text search
◆Exact USD cost and token usage per message

Webhooks

Wire up any alerting system in under 60 seconds.

Nine first-class providers with signature verification, alert correlation, field-level redaction, and replay — all out of the box. Everything else drops into the generic HTTP provider with HMAC-SHA256 or a shared token.

AlertManager

Correlation on by default

Grafana

Native signature verified

Datadog

Monitor webhook integration

Sentry

HMAC-SHA256

PagerDuty

Incidents webhook

GitHub

X-Hub-Signature-256

GitLab

System + project hooks

Stripe

Timestamp anti-replay

Generic HTTP

HMAC or bearer token

What happens after the POST

Provider POST Signature verify Redact PII Correlate alerts Route to task Agent runs

curl -X POST "https://ops.example.com/api/webhooks/<task_id>" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your-token>" \
  -d '{"alertname": "HighLatency", "severity": "critical"}'

receivers:
  - name: veirox
    webhook_configs:
      - url: https://ops.example.com/api/webhooks/<task_id>
        send_resolved: true
        http_config:
          authorization:
            type: Bearer
            credentials: <your-token>

{
  "name": "veirox",
  "type": "webhook",
  "settings": {
    "url": "https://ops.example.com/api/webhooks/<task_id>",
    "httpMethod": "POST"
  },
  "secureSettings": {
    "authorization_credentials": "<your-token>"
  }
}

# repo → Settings → Webhooks → Add webhook
Payload URL:  https://ops.example.com/api/webhooks/<task_id>
Content type: application/json
Secret:       <shared-secret>     # verified via X-Hub-Signature-256
Events:       push, pull_request, workflow_run, …

# Service → Integrations → Webhook V3
URL:        https://ops.example.com/api/webhooks/<task_id>
Headers:    X-Webhook-Token: <your-token>
Events:     incident.triggered, incident.acknowledged, incident.resolved

# HMAC-SHA256 — any source
POST /api/webhooks/<task_id> HTTP/1.1
Host: ops.example.com
Content-Type: application/json
X-Webhook-Signature: sha256=<hex(hmac_sha256(secret, raw_body))>
X-Idempotency-Key: <unique-request-id>

{"event":"cost_spike","service":"payments","delta_pct":240}

Enterprise-grade controls — included, not upsold

Routing rules + fan-out

Priority-ordered expressions (payload.alerts[0].labels.severity == "critical") dispatch to different tasks. First-match or fan-out to many. Validated at save time.

Approval-gated dispatch

Flag a rule as requires_approval — matching events open a human Approval instead of running the agent. Operator reviews, then replays to dispatch. Production-safe automations, by default.

PII redaction + purge

Path-glob redaction rules applied at ingest — payload.user.email never touches disk. Per-webhook retention, metadata-only storage, bulk purge for GDPR/DSR requests.

Rate limit + dedupe

Precise sliding-window rate limit per webhook with a Retry-After header. Identical payloads within your dedupe window count as one — no alert storms.

Token rotation + replay

Rotate shared-token or signing secrets with a configurable grace window — old token keeps working while you update integrations. Replay single events or bulk-backfill up to 50 at once.

Stripe replay protection

Timestamp-tolerance verification on Stripe-Signature (t=…,v1=…). Late replays rejected at the edge. Works the same for GitHub, Grafana, Datadog, Sentry.

Live event feed + SSE

Watch events arrive in real time from any provider — filter by status, redact on the fly, or jump straight to the agent session that ran. Debug integrations in the same pane, not another tool.

Test Console + Signature playground

Fire synthetic payloads and watch the full pipeline — or paste a failing request, get the exact reason your 401 happened. Zero-downtime debugging.

Status badge + starter templates

Embed an SVG badge in your runbook READMEs — 24h success rate, public, cache-friendly. Start from curated templates: AlertManager triage, GitHub PR gatekeeper, Stripe event logger.

Security by default

HMAC-SHA256

constant-time comparison, multiple header formats

Timestamp tolerance

configurable replay window per scheme

Per-project isolation

every row is project-scoped — no cross-tenant leaks

Idempotency keys

duplicate delivery never double-dispatches

Create a webhook in the console See the full integration list

Veirox Connect

Reach your private infrastructure — without opening a single port.

Private Kubernetes clusters, on-prem databases, air-gapped networks — Veirox reaches them through a tiny outbound-only agent you install once. No firewall rules, no VPN provisioning, no IP allowlists.

◆Outbound-only — the connector opens a persistent WebSocket to Veirox; your firewall sees only outgoing TLS
◆Every command auditable — tunneled commands are logged end-to-end with project, user, and timestamp
◆Tenant-verified at three layers — agent, broker, and executor each verify project ownership independently
◆Denylist + policy engine — destructive commands blocked at the connector before ever leaving your perimeter
◆One-line install — systemd installer, Docker image, or Helm chart

How to install Talk to an engineer

What a connected command looks like

Agent decides Policy + approval Tunnel to connector Denylist check Runs in your VPC Streamed back

# one-line install on any Linux host in your private network
curl -fsSL https://veirox.com/install.sh | sh
veirox-connector enroll --code ABC123
# → Connector online · accepting tunneled commands from project <id>

Veirox CLI

Drive Veirox from your terminal.

One Go binary, 36 commands, pipe-friendly JSON. Bootstrap a project, run agent sessions, tail live logs, mint API keys, manage approvals — every operator workflow from your shell, your CI, or your editor.

◆Profile-aware — switch between work, personal, and customer workspaces with a flag; one keyring entry per profile
◆Layered MCP install — wires Claude Code, Cursor, Codex, Continue, and Claude Desktop in one command via deeplinks + native CLIs
◆OAuth device flow login — works on headless boxes, SSH sessions, WSL, and behind corporate firewalls
◆Live SSE streams — veirox tail follows the latest active session; --plain emits ndjson for jq
◆Cross-platform — Homebrew, Scoop, winget, curl|sh, and a distroless Docker image — all cosign-signed

Install the CLI Open the guide

~/projects/payments-api

$ brew install veirox-cloud/veirox/veirox

→ /opt/homebrew/bin/veirox · 18 MB

$ veirox login

→ open https://console.veirox.com/cli-grant?user_code=7QHB-K2VR

✓ authenticated as msrashed@example.com · profile: work

$ veirox init

→ detected: 2 git remotes, kubectl ctx, AWS profile

→ project payments-api created · seeded 4 starter runbooks

→ wired MCP: Claude Code, Cursor, Codex

✓ ready in 28s

$ veirox tail

[tool] kubectl get pods -n prod-payments

[text] payment-api-7c8d9 is OOMKilled, restarting…

[approval] rollback to v2.3.0 — awaiting

Same agent your team uses on Slack, in the browser, and over WhatsApp — driven from stdout.

Integrations

Six ways to wire Veirox into your stack.

Meet your team where they already work and reach the systems they already run. Every integration surface ships with signature verification, tenant isolation, audit trails, and fine-grained policies.

01 · Chat channels

Talk to the agent where your team lives

Same agent, same memory, across every conversation surface your team uses — with streaming replies, inline approvals, and voice.

→Slack — native AI Assistant API, Block Kit, inline approval buttons
→Telegram — inline buttons, topic threads, voice notes
→WhatsApp — QR device pairing, group + DM support
→Web chat — full SSE streaming, artifact pane
→Voice — 12+ languages, mobile-friendly

Slack Telegram WhatsApp Web

02 · Webhooks

Receive any alert with one click

Nine first-class providers with verified signatures out of the box — plus a generic HMAC-SHA256 receiver for anything else.

→Observability: AlertManager, Grafana, Datadog, Sentry, PagerDuty
→Dev: GitHub, GitLab
→Revenue: Stripe with timestamp replay protection
→Generic HMAC-SHA256 for everything else
→Routing rules, fan-out, approval-gated dispatch

AlertManager Grafana Datadog Sentry PagerDuty GitHub GitLab Stripe

See webhook capabilities →

03 · Tool integrations

40+ tools, OAuth in seconds

One-click OAuth connections with encrypted credential storage. The agent reads, writes, and acts — with the same permissions your team has.

→Google Workspace: Gmail, Calendar, Drive (full CRUD)
→Microsoft 365: Outlook, Teams, OneDrive, SharePoint, Planner
→Jira (JQL + transitions) · Confluence pages + spaces
→Git (GitHub, GitLab, Bitbucket): HTTPS + SSH, encrypted
→Cloud CLIs (AWS, GCP, Azure) via secrets vault

Google Microsoft Jira GitHub AWS GCP Azure

04 · Veirox Connect

Reach private infrastructure

Secure outbound-only tunnel that lets the SaaS agent reach your private Kubernetes clusters, on-prem databases, and air-gapped networks without opening a single firewall rule.

→One-line installer — deb, rpm, Helm chart, Nomad job
→Outbound WebSocket — no inbound firewall holes
→Three-layer tenant verification per command
→Denylist + policy engine enforced at the connector
→Full end-to-end audit of every tunneled command

See how Connect works →

05 · Veirox CLI

Drive everything from the terminal

A 36-command Go binary covering every operator workflow: bootstrap projects, tail live sessions, manage approvals, mint API keys, wire MCP. Pipe-friendly JSON for CI; pretty Charm UI for humans.

→OAuth device flow — works on headless / SSH / WSL
→Profile-aware — multi-org, multi-workspace
→SSE live streams — tail, logs --follow, watch
→Layered MCP install — Cursor, Claude Code, Codex, Continue
→Brew · Scoop · winget · curl|sh · Docker · cosign-signed

macOS Linux Windows ARM64

See the CLI in action →

06 · Custom tool servers

Give the agent your proprietary tools

100+ first-party tools out of the box, plus the MCP-EXT REST auto-bridge that turns every tagged FastAPI route into an MCP tool — over 200 tools available to external agents in total. Bring your own MCP servers — Python, Node, Go — with full audit, approval gating, and secrets vault.

→Model Context Protocol — open standard, no SDK lock-in
→REST auto-bridge — tag a route, get an MCP tool
→External agents — Claude Code / Cursor / Codex over MCP
→Two-axis access — scopes & per-key tool allow-list
→Inherits approvals, audit, redaction, secrets

MCP REST bridge Python · Node · Go stdio · streamable-http

Need something we haven't listed? Ask us — most new integrations land in under two weeks.

Why not the alternatives

How Veirox is different.

vs. Runbook automation (Rundeck, StackStorm)

Traditional runbook tools make you author every branch in YAML. Veirox reasons about the situation, reads your existing runbooks, and learns from every incident.

vs. AIOps platforms (Moogsoft, BigPanda)

Legacy AIOps is a closed vendor stack with six-figure procurement. Veirox is open, integration-first, and priced for mid-market teams. You bring your data; we bring the brain.

vs. Generic coding assistants (Claude Code, Cursor)

Coding assistants live in your IDE. Veirox lives in your infrastructure — Slack, webhooks, cron, voice — with ops-specific tools for incidents, runbooks, and approvals.

vs. Building it yourself

You could roll a custom agent, then spend months on memory, retrieval, permissions, channels, approvals, audit logs, and multi-tenancy scaffolding — and keep maintaining it. Buy the platform and ship outcomes instead.

Security & compliance

Built for teams that ship under audit.

Data protection, access control, and observability designed to pass your security review on the first round.

Data encryption

TLS 1.3 in transit. AES-256 at rest. Per-project encryption keys for secrets, tokens, and integration credentials.

Tenant isolation

Strict project-level separation enforced at the database layer, not application logic. Cross-tenant access is unreachable by construction. Agent subprocesses run in a Linux mount namespace — other tenants' data and the host filesystem are hidden at the OS level.

Identity & access

OAuth SSO on every plan. SAML SSO, SCIM provisioning, and role-based access control on Business and Enterprise. MFA supported via your IdP.

Human-in-the-loop guardrails

Every destructive action runs through an approval workflow. must_always / must_never rules enforced at runtime. Full reasoning captured with every approval.

Audit & observability

Every tool call, approval, notification, and state change is logged. Session transcripts exportable as Markdown or PDF. SIEM-ready audit-log export on Business and above.

PII protection

Field-level redaction applied before payloads touch disk. Per-webhook retention bounds (7–365 days). Metadata-only mode for high-sensitivity sources. One-click payload purge for DSR/GDPR requests.

Secrets vault

Credentials never appear in model context, UI, or logs. The agent references secrets by friendly name; the raw value is read at runtime and discarded. Every access is audited.

Data residency

US and EU hosting regions on Enterprise. Private-cloud or on-prem deployment available for regulated workloads and air-gapped environments.

Compliance program

SOC 2 Type II in progress. GDPR-ready controls shipped. HIPAA BAA available under Enterprise. Our latest trust report and pentests are available under NDA.

SOC 2 Type II — in progress

GDPR-ready

HIPAA BAA — Enterprise

99.9% SLA — Business

Pricing

Start free. Scale when you're ready.

Predictable SaaS pricing with a generous free tier. Usage caps reset monthly — no overage surprises.

Free

Try it out

Everything you need to evaluate — free forever, no credit card.

$0/mo

✓1 project, up to 3 users
✓500 webhook events / month
✓50 agent sessions / month
✓All 9 webhook providers
✓Slack, Telegram, Web chat
✓Community support

Start free

For growing teams

Everything in Free, plus full integrations and production usage headroom.

$99/mo

per seat, billed annually

✓Unlimited projects
✓10K events + 1K sessions / month
✓All 40+ integrations
✓WhatsApp + voice channels
✓OAuth SSO (Google, Microsoft)
✓Whitelabel (brand + domain)
✓Email + in-app support

Start free trial

Business

For scaling orgs

Advanced security, SLAs, and usage for multi-team operations.

$499/mo

starting, volume-based

✓Everything in Pro
✓100K events + 10K sessions / month
✓SAML SSO + SCIM provisioning
✓Role-based access control
✓Audit log export (SIEM)
✓Veirox Connect (private tunnel)
✓99.9% uptime SLA

Contact sales

Enterprise

Custom-tailored

Data residency, dedicated support, and optional private deployment.

Custom

✓Unlimited usage
✓Data residency (US / EU)
✓HIPAA BAA available
✓Custom tool integrations
✓Private-cloud or on-prem option
✓Dedicated solutions engineer
✓Custom MSA + SLA

Talk to us

Need more sessions or events? Usage bundles available on every paid tier. Claude API costs passed through at Anthropic list price — no markup.

FAQ

Questions, answered.

Yes — because Veirox is designed for human-in-the-loop autonomy. Every destructive action runs through an approval workflow with full reasoning and evidence. You configure must_always and must_never rules at the project level, and the runtime enforces them. Signed approval links, cryptographic webhook verification, and full audit logs round out the guardrails.

TLS 1.3 in transit, AES-256 at rest, per-tenant encryption keys. Every project is isolated at the database layer — cross-tenant access is blocked by construction, not by middleware. Secrets live in an encrypted vault and never appear in model context, UI, or logs. PII can be auto-redacted on webhook ingest. For regulated workloads, Business and Enterprise tiers add SSO/SAML, audit-log export to your SIEM, and optional data residency.

Veirox is a SaaS platform hosted by us — sign up and you're running in minutes. To work with private resources (internal Kubernetes clusters, on-prem databases, air-gapped networks), install Veirox Connect: a tiny agent that opens an outbound-only tunnel to our platform. No inbound firewall holes. Your VPC stays closed. Every command the agent executes is auditable end-to-end. Enterprise customers can also opt for dedicated-region or private deployment.

General-purpose AI tools don't know your services, can't execute tools in your cluster, have no memory of past incidents, and have no audit trail. Veirox does all of those — on a purpose-built platform with ops-specific primitives (incidents, runbooks, approvals, findings, correlation) and deep integrations with your existing stack.

Veirox reads your existing runbooks — Markdown, Confluence pages, or whatever format you use — and executes them intelligently. It doesn't replace your runbooks; it understands them, improves them based on what works, and handles the ambiguous 80% that scripted automation can't.

40+ out of the box: Slack, Telegram, WhatsApp, Google Workspace, Microsoft 365, Jira, Confluence, GitHub, GitLab, Bitbucket, AWS, GCP, Azure, Kubernetes (EKS, GKE, AKS, on-prem), Prometheus, AlertManager, Grafana, PagerDuty, Datadog, Sentry, Stripe, and more. For proprietary or in-house tools, you can register custom tool servers — the agent uses them like any other integration.

Plan price is a flat per-seat subscription. Claude API usage (tokens consumed by the agent) is passed through at Anthropic's list price with no Veirox markup — visible in your console per session and per project. You can set monthly budget caps and require approval on any session that would exceed them.

Sign up free and you're in the console in under a minute. Wire up your first webhook in 60 seconds with our starter templates. Full production rollout with Slack, Git, observability stack, and custom runbooks typically takes a couple of weeks for Pro-tier teams, with a solutions engineer guiding every Business and Enterprise customer.

Free forever tier · no credit card

Ready to automate your operations?

Start free in the console in under a minute — or book a 30-minute walkthrough with an engineer who'll show Veirox handling an incident end-to-end.

Start free Book a demo

No credit card. No lock-in. Upgrade when you're ready.

The AI operator for your infrastructure.