How NirikshaAI stacks up

No-code eBPF (DaemonSet per node)

Single DaemonSet per node — no app restarts, no SDK changes, no environment variables to set

OTLP-native (any SDK / Collector)

Accepts OTLP/gRPC (:4317) and OTLP/HTTP (:4318) — any OpenTelemetry SDK or Collector works out of the box

TLS decryption without cert changes

Uprobes on OpenSSL · BoringSSL · GnuTLS · Go crypto/tls — captures plaintext before encryption, no MITM proxy

eBPF protocol coverage

NirikshaAI: 30+ protocols (HTTP/1.1, HTTP/2, gRPC, MySQL, PostgreSQL, Redis, Kafka, MongoDB, DNS, AMQP…) — broadest coverage across all eBPF-capable platforms

Custom business attributes

Attach arbitrary key-value pairs to spans via SDK or OTLP resource attributes — queryable in traces, logs, and dashboards

Cloud metadata (AWS/GCP/Azure/Hetzner)

Instance ID, region, availability zone, machine type auto-injected as resource attributes from cloud IMDS

WAL spool — offline buffering + replay

Agent writes to a local write-ahead log when the backend is unreachable; replays in order once connectivity restores

Distributed Traces

Full W3C TraceContext propagation; waterfall + flame views, span filtering, service/operation drilldown

Structured Logs

JSON + logfmt + plain-text; full-text search, field filters, trace-to-log correlation via trace_id

Metrics

Counter, gauge, histogram via OTLP or eBPF; ClickHouse-backed — no Prometheus scrape required

Service Map

Auto-drawn from eBPF traffic or OTLP spans — shows p99 latency, error rate, and request volume per edge

Dashboard Builder

Drag-and-drop panels: time-series, bar, heatmap, table, stat tile — mix metrics, logs, and traces on one canvas

Alerting

Threshold + anomaly rules; delivery via Slack, PagerDuty, email, and generic webhook

SLOs / Error Budgets

Define availability/latency SLOs on any metric or trace query; burn-rate alerts on remaining error budget

Self-hosted / Private Cloud

Full single-binary deployment; license-key model, no data leaves your network, offline activation supported

Kubernetes events as structured logs

Pod scheduling, OOMKill, backoff, node pressure — all forwarded as structured log entries with metadata

Workload state (pod phase, restarts, readiness)

Live phase, restart count, readiness/liveness probe results, owner (Deployment/StatefulSet/DaemonSet) shown per pod

Crash root-cause capture (last N log lines)

Captures last 100 log lines from a crashed container before it exits — no kubectl logs --previous needed

GenAI workload auto-detection

Identifies vLLM, Ollama, TGI, LiteLLM, Triton, SGLang by container image/port patterns; enriches spans automatically

GPU telemetry + AI model attribution

DCGM/NVML metrics (utilization, memory, temp, power) linked to the model and workload running on each GPU

Cost attribution by team / cost-center

CPU/memory/GPU usage mapped to Kubernetes labels (team, cost-center, env) — exportable as cost reports

Pod Security Standards (PSS) compliance

Flags privileged containers, hostNetwork/hostPID, writable root filesystems, missing seccompProfile

HPA right-sizing recommender

Analyzes historical CPU/memory P95 vs requests/limits and suggests minReplicas, maxReplicas, and resource adjustments

Image-digest drift detection

Alerts when a running pod's image digest differs from what was deployed — catches accidental tag mutations

TLS certificate expiry monitoring

Tracks expiry of Kubernetes TLS secrets and Ingress certificates; alerts at configurable thresholds (e.g. 30 / 7 days)

LLM Request Tracing

Every prompt → completion captured as an OTLP span: model, provider, latency, status, input/output token count

Token Usage & Cost Tracking

Per-request token counts + cost in USD; rolled up by model, project, user, and time — billed or reported per org

Conversation Threading

Groups multi-turn exchanges under a single conversation ID; view full dialogue history with per-turn latency and cost

RAG Observability

Tracks retrieval queries, chunk counts, similarity scores, and retriever latency alongside the LLM span

Tool Call & Agent Flow

Waterfall view of agent reasoning steps: tool invocations, sub-agent calls, retry loops, and their latencies

MCP Session Tracking

Records Model Context Protocol sessions: client, tool calls made, token usage, and session duration

Evals (rule + LLM-judge + human)

Run automated evals on recorded traces: regex/threshold rules, LLM-as-judge scoring, or human review queues

Prompt Management & Versioning

Store, version, and A/B test prompt templates; link each version to its eval results and cost metrics

Prompt Playground

Run prompts against any configured LLM provider directly from the UI; compare outputs side-by-side across models

LLM SLOs

Define P95 latency and error-rate objectives per model/provider; burn-rate alerts on remaining budget

Prompt Injection Detection

7 named rules: instruction-override, delimiter injection, role-reset, indirect payload, translate-then-execute

Jailbreak Detection

8 rules: DAN mode, evil-persona roleplay, developer-mode bypass, token smuggling, many-shot bypass, training override

Toxic Content Detection

Covers threats of violence, hate speech, doxxing intent, self-harm promotion, CSAM indicators

Data Leakage in Model Output

Catches API key echo (OpenAI/AWS/NAI), env-var disclosure, system-prompt leakage, internal IP exposure in responses

PII Detection in Model Output

Detects SSN (XXX-XX-XXXX), credit card numbers (Visa/MC/Amex/Discover), email addresses in model responses

Real-time Threat Feed

Critical + high threats from the last 24 h, captured inline at span ingestion — pull via REST or forward to SIEM/webhook

AI Chat Assistant

Ask questions about your infra in plain English — the assistant queries logs, metrics, and traces using tool-calling

Anomaly Detection

IQR-based statistical detection on metrics time series; runs on a background worker, no manual threshold tuning

Root Cause Analysis

LLM-driven investigation worker correlates anomalies, errors, and deployment events to surface a likely root cause

Incident Prediction

Forecasts metric trends (CPU, memory, error rate) and fires pre-alerts before thresholds are breached

Predictive Forecasting (neural model)

Neural time-series model predicts CPU, memory, latency, and error-rate trends — fires pre-alerts before thresholds are breached

Alert Clustering into Incidents

Dedup worker groups related alerts by service + fingerprint into a single incident; suppresses repeat noise

SAML / OIDC / OAuth2

SAML via crewjam/saml; OIDC: Okta, Auth0, Azure AD; OAuth2: Google, GitHub, GitLab — all configurable per org

RBAC

Four built-in roles: Admin › Operator › Developer › Viewer; enforced on every API endpoint via Casbin

Multi-org SaaS

Each org is fully isolated: own ClickHouse, own LLM config, own billing plan, own user pool

Audit Logging

Every mutating API call logged with actor, action, resource, and timestamp — queryable and exportable

Data Retention Policies

Per-signal retention rules (logs, traces, metrics) executed by a background worker with configurable schedules

Per-project API Keys

Keys are project-scoped (nai_ prefix); plain key shown once at creation, only SHA-256 hash stored; 30 s gateway cache

MCP Server (connect AI clients)

Exposes observability tools via Model Context Protocol — Claude, Cursor, and other MCP clients can query your infra