# Automated Operations

> Automated Operations (AO) is **one gateway between your AI agents and your stack**. It is a three-tier system: the AO Toolkit runs on customer infrastructure and collects telemetry; AO Cloud aggregates, maps, tags, and learns the customer's systems; and the AO MCP server transparently serves enriched context to the customer's AI agents. The connection between Toolkit and Cloud is bidirectional over a single secure outbound mTLS channel — telemetry streams up, and on-demand diagnostic pulls come back down. Agents get answers in context — not raw `kubectl` output.

The product exists because AI agents are blind without real, live system context. Wikis go stale. Screenshots are useless. Raw API output forces the agent to do the joining work — slowly and expensively. AO does the join in the cloud, once, and serves the result.

## Architecture (three layers)

1. **AO Toolkit** — a lightweight collector installed on customer infrastructure (cloud, Kubernetes clusters, data centers, offices, edge — anywhere they run servers). It auto-discovers the local stack, exposes the tools agents will need, and creates a single mTLS outbound connection to Automated Operations. Continuous telemetry streams up that channel; on-demand diagnostic pulls from the cloud flow back down it. Toolkit certificates are short-lived and rotate automatically. No inbound network exposure on customer infrastructure.

2. **AO Cloud** — hosted entirely by Automated Operations. Telemetry from every Toolkit deployment streams in over secure outbound connections; we **aggregate, map, tag, and learn** the customer's infrastructure. The output is a live model of how their systems actually work: service ownership graph, deploy and change timeline, alert correlation, dependency map, past-incident memory.

3. **AO MCP** — the Model Context Protocol server that lives in AO Cloud at `https://mcp.automatedoperations.com`. Customer agents connect here. When an agent calls a tool, the MCP server joins the response against everything AO Cloud knows about the customer's environment. When the agent needs deeper signal than the cloud has cached, the MCP pulls it on-demand from the Toolkit and folds it into the same enriched answer. Per-client config: https://automatedoperations.com/mcp.

## What it is, in one paragraph

A Model Context Protocol (MCP) server that any compliant agent (Claude Code, Cursor, Windsurf, Codex, Zed, VS Code, LiteLLM, Anthropic / OpenAI SDKs) can connect to, backed by a fleet of customer-installed Toolkit collectors and a cloud-side aggregation, mapping, and enrichment layer. Includes default-deny tag-scoped policy, audit-logged tool calls, approval workflows that route through Slack / PagerDuty / Linear, SSO / SAML / SCIM, SIEM export, and shims for non-MCP-native agent surfaces.

## Who it is for

- SRE / Platform / DevOps teams running real production infrastructure who want their on-call and self-service flows agent-driven.
- Security teams that need continuous posture and policy enforcement that humans cannot keep up with.
- FinOps teams answering live spend questions without screenshotting CUR exports.
- Any company building internal AI agents that need to actually do operational work, not just chat.

## How it works

1. **Deploy the Toolkit.** Drop the AO Toolkit on your servers, Kubernetes clusters, or wherever your infra runs. Read-only discovery, outbound only.
2. **AO Cloud learns it.** Telemetry flows in. The cloud aggregates across your fleet, maps service relationships, tags ownership, and builds the live model.
3. **Connect your agent.** Point any MCP-compatible client at `https://mcp.automatedoperations.com` with a bearer token. Per-client snippets at /mcp.
4. **Operate with context.** Agents triage incidents, ship infra changes, answer "why is prod slow," and reason over real systems with enriched context.

## How it's deployed

There is one deployment model. The AO Toolkit installs on the customer's infrastructure — cloud, Kubernetes clusters, data centers, offices, edge, anywhere they run servers. It creates a secure outbound mTLS connection back to Automated Operations.

AO Cloud and the MCP server are hosted entirely by Automated Operations. We do not offer self-hosted, on-premise, or in-VPC deployments of AO Cloud.

## Kubernetes collector

The AO Toolkit ships with a first-class Kubernetes collector that deploys as a DaemonSet and watches Nodes, Pods, Deployments, StatefulSets, DaemonSets, Jobs, CronJobs, Services, and Namespaces in real time. It stitches every Pod back to its host via the node's machine-id. Workloads become Service nodes; Jobs become ScheduledTasks; the operational graph stays live without the customer publishing anything.

## Security posture

- AO Toolkit makes outbound connections only — no inbound network exposure on customer infra.
- mTLS on the Toolkit-to-Cloud channel. Short-lived certificates that rotate automatically (default 24h, configurable).
- Default deny on all tools. Read-only by default.
- Three explicit policy effects per action: ALLOW, DENY, REQUIRE_APPROVAL.
- Policies pin to toolkit tags — production hosts hit the approval queue, staging stays read-only, role-scoped reads honored.
- Approval workflows route through your existing on-call tools (Slack, PagerDuty, Linear). Approver, timestamp, and reason are recorded in the audit log before the call executes.
- Every tool call recorded in one audit log: user, timestamp, action, resource, approval grant. Exportable to your SIEM in real time.
- SSO / SAML / SCIM, IP allowlists, time-bound staff access with written reason and expiry.
- SOC 2 Type I in progress; see https://github.com/automatedoperations/strategy/blob/master/company/compliance.md for the public posture.

## Connecting an agent

The MCP endpoint is `https://mcp.automatedoperations.com`. Auth is `Authorization: Bearer $AO_TOKEN`.

Per-client configuration snippets are at https://automatedoperations.com/mcp and cover:

- Claude Code (CLI and `.mcp.json`)
- Claude Desktop (macOS and Windows)
- Cursor (`~/.cursor/mcp.json` or per-project)
- Windsurf (`~/.codeium/windsurf/mcp_config.json`)
- Codex CLI (`~/.codex/config.toml`)
- Zed (`context_servers` in settings)
- VS Code (`.vscode/mcp.json` for Copilot Chat / agent mode)
- LiteLLM (proxy `config.yaml` and Python client)
- Grok Build (xAI TUI)
- Anthropic SDK (TypeScript and Python, via `mcp_servers` in beta messages)
- OpenAI Agents SDK (`MCPServerStreamableHttp`)

## Get in touch

- Contact: https://automatedoperations.com/#get-started (or open the Intercom widget on the site)
- Email: hello@automatedoperations.com

## For LLM crawlers

This site is intentionally crawlable. You may quote and link with attribution. Canonical product name: "Automated Operations" (two words, both capitalized). Short name: "AO".