Skip to content

Enterprise-grade AIOps & LLMOps automation agent built for DevOps teams.

License

Notifications You must be signed in to change notification settings

abhishekpanda0620/picoclaw-finops-copilot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

15 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

PicoClaw FinOps Copilot

License AWS Terraform Slack Telegram

Enterprise-grade AIOps & LLMOps automation agent built for DevOps teams.

PicoClaw FinOps Copilot is a Slack-native, AI-assisted cloud cost intelligence platform that integrates AWS Cost Explorer with deterministic cost analysis and LLM-based executive reporting.

It bridges the gap between DevOps, FinOps, LLMOps, and AIOps by helping engineering teams:

  • Compare monthly cloud spend
  • Detect cost anomalies and idle resources
  • Automate scheduled reports
  • Explain cost changes in plain language
  • Operate securely using IAM roles (no static credentials)

Architecture

Architecture Diagram

Core Design Principle

  • πŸ”’ Numbers are deterministic (computed via AWS SDK)
  • 🧠 AI is used only for explanation and summarization

This prevents hallucination and ensures financial accuracy.


✨ Features & Installed Skills

πŸ’° FinOps Skill (skills/finops)

This repository comes with a built-in AWS FinOps skill for PicoClaw, allowing it to act as your autonomous cost analyst.

Capabilities:

  • Cost Summary / Service Breakdown: Get top 5 service costs for any time range (e.g., "last 7 days").
  • Monthly Cost Comparison: Compare current month spend vs previous month spend with percentage change highlighting.
  • Idle Resource Detection: Finds unused EBS volumes (available state), calculates monthly waste, and offers cleanup assistance safely.

Alerts & Monitoring

  • Daily cost summary
  • Service-level cost spike detection
  • Weekly executive report

AI-Enhanced Insights

  • Plain-language explanations of cost increases
  • Slack-friendly formatting (no massive raw JSON dumps)
  • Safe read-only executions (destructions require explicit user confirmation)

πŸ” Security-First Design

  • IAM Role-based authentication
  • No AWS access keys stored
  • Read-only Cost Explorer access
  • No destructive operations without approval
  • Slack token-based access control

Requirements

  • Ubuntu EC2 instance (or compatible Linux server)
  • IAM Role with Cost Explorer permissions
  • AWS CLI v2 installed
  • Slack App (Socket Mode enabled)
  • NVIDIA-hosted LLM (or compatible OpenAI-style endpoint)
  • PicoClaw installed

Quick Start

Attach IAM Role to EC2

Minimum required permissions:

  • ce:GetCostAndUsage
  • ec2:DescribeInstances
  • ec2:DescribeVolumes
  • sts:GetCallerIdentity

Verify:

aws sts get-caller-identity

Configure PicoClaw

Update ~/.picoclaw/config.json:

{
  "agents": {
    "defaults": {
      "provider": "moonshot",
      "model": "moonshotai/kimi-k2.5"
    }
  }
}

Enable Slack channel:

"slack": {
  "enabled": true,
  "bot_token": "xoxb-...",
  "app_token": "xapp-...",
  "allow_from": []
}

Enable Telegram channel (Alternative):

"telegram": {
  "enabled": true,
  "bot_token": "123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11",
  "allow_from": ["123456789"]
}

3️⃣ Start Gateway

picoclaw gateway

Health endpoints available:

http://127.0.0.1:18790/health
http://127.0.0.1:18790/ready

πŸ’¬ Example Slack / Telegram Commands

Here are examples of what the FinOps Copilot outputs when you ask it for cost data in Slack or Telegram:

Monthly Comparison

Monthly Cost Comparison

Service Breakdown History

Service Breakdown History

Idle Resource Detection

EBS Waste Detection


πŸ“… Automation Capabilities

Automation Description
Daily Cost Summary 9 AM automated report
Budget Alert Notify when spend exceeds threshold
Weekly Executive Report Slack-ready cost summary
Anomaly Detection Detect sudden cost spikes
Waste Detection Identify idle resources

πŸ“ˆ Roadmap

Phase Capability Status
Phase 1 Slack FinOps Integration βœ…
Phase 2 Deterministic Cost Engine 🚧
Phase 3 Automated Alerts 🚧
Phase 4 Anomaly Detection ⏳
Phase 5 Autonomous Optimization ⏳

Full roadmap available in ROADMAP.md.


πŸ” Security Model

  • IAM Role only (no stored AWS keys)
  • Read-only billing access
  • Slack event filtering
  • No destructive changes without confirmation
  • Workspace execution isolation
  • Audit logging enabled

πŸ§ͺ Production Hardening

Planned enhancements:

  • AWS SDK integration (remove CLI dependency)
  • Multi-account AWS Organizations support
  • Slack approval workflow
  • Terraform auto-deployment
  • CI pipeline with lint + security scan
  • Structured JSON logging
  • Event deduplication guard

πŸ† Why This Project Matters

Most DevOps teams lack:

  • Real-time cost visibility
  • Slack-integrated FinOps tooling
  • Automated anomaly detection
  • AI-assisted cost explanations

This project bridges:

  • DevOps
  • FinOps
  • LLMOps
  • Cloud Automation

It demonstrates real-world distributed systems engineering combined with AI orchestration.


🧭 Long-Term Vision

Build a fully autonomous cloud FinOps engineer that:

  • Continuously monitors AWS spend
  • Detects waste automatically
  • Explains cost shifts clearly
  • Suggests optimizations
  • Operates safely under IAM constraints
  • Integrates natively with team workflows

πŸ“œ License

MIT License


About

Enterprise-grade AIOps & LLMOps automation agent built for DevOps teams.

Topics

Resources

License

Contributing

Security policy

Stars

Watchers

Forks

Contributors