AgentOps: Building an Autonomous, Safety-First AI Deployment Orchestrator on AWS
About the project
AgentOps was built to answer a pressing question faced by engineering teams adopting generative AI at scale: How can we move from one-off scripts and manual approvals to an auditable, safety-first system that turns natural language into compliant, cost-aware deployments on AWS? The project integrates multi-agent orchestration, NVIDIA NIM microservices, and a modern developer UX to make production deployment both fast and trustworthy.
Inspiration
- The gap between prototype and production in AI remains large: infra sprawl, opaque pipelines, weak governance, and high operational risk.
- Teams need a way to “ask for outcomes” (“deploy model X for use-case Y”) and have the system do the rest planning, validation, execution, and monitoring with strong guardrails.
- Existing MLOps tools either optimize CI/CD or serving, but few combine agentic planning, policy enforcement, and live operational visibility.
What we built
- A multi-agent orchestrator (Planner, Executor, Monitor, Retriever) that transforms natural language into deployment plans, validates them against policy and budget, and executes safely on AWS SageMaker.
- A safety framework with three layers: schema/policy/budget guardrails, human-in-the-loop approvals, and immutable auditing via DynamoDB + CloudTrail + S3 Object Lock.
- NVIDIA NIM-powered reasoning and RAG for grounded decision-making and explainable planning.
- A React dashboard that visualizes workflows, streaming execution steps, and operational metrics in real time.
- A clean FastAPI backend, typed schemas, and structured logs/counters for observability and downstream automation.
What we learned
- Agentic planning improves correctness and explainability. Plans that explain “why” outperform ad-hoc pipelines when production policies evolve.
- RAG quality is about retrieval, not just models. Two-stage retrieval (embedding + rerank) dramatically increases policy grounding fidelity.
- Safety must be first-class and layered. Validations catch most issues; approvals protect high-risk actions; immutable audit makes compliance straightforward.
- Developer experience is decisive. A coherent API and a responsive dashboard shorten feedback loops and increase operator confidence.
How we built it
- Backend: FastAPI (
orchestrator/) exposes REST endpoints for commands, plans, deployments, and live events. Pydantic models define schemas for plans, steps, and agent outputs. - Agents:
- Planner Agent: Converts natural language into an execution plan with chain-of-thought reasoning and explicit constraints.
- Executor Agent: Applies the plan to AWS via a SageMaker tool, with idempotency and error handling.
- Monitor Agent: Configures CloudWatch alarms and tracks health/status.
- Retriever Agent: Implements RAG over policies/docs using NeMo Retriever (embedding + reranking).
- Safety:
- Guardrails: Schema validation, budget checks, and policy validation before execution.
- Approvals: Optional human-in-the-loop step for production or high-cost changes.
- Audit: Writes immutable logs to DynamoDB with CloudTrail and S3 Object Lock for forensic integrity.
- NVIDIA NIMs:
- LLM for planning and reasoning.
- NeMo Retriever for embedding and reranking to ground decisions in policy.
- Frontend:
- React + Vite app visualizes the workflow graph, execution logs, metrics, approvals, and status.
- Live streaming via SSE for real-time step updates.
- Testing:
- Unit tests for schemas and pricing/guardrail logic.
- Integration tests for serialization, SSE behavior, and guarded execution paths.
Technical highlights
- Natural language to plan translation with explicit constraints and cost awareness.
- Guardrails pipeline: schema → budget → policy. Each step can block or route to approval.
- Deterministic pricing with support for live AWS Pricing or environment-provided tables.
- Streaming updates via SSE for immediate feedback and operator confidence.
- Structured logs and simple counters suitable for dashboards and alerting.
- Frontend workflow designer and execution panel built for clarity and speed.
Cost and policy reasoning
We model deployment feasibility using a simple bound on hourly cost: Let ( C = \sum_i p_i \cdot n_i ), where ( p_i ) is the price per instance type and ( n_i ) the count. Plans must satisfy ( C \le B ), where ( B ) is the user or environment budget constraint.
- Policy validation is treated as a retrieval-and-verify step, where each constraint must be supported by retrieved policy evidence before execution.
Challenges
- Reconciling agent autonomy with enterprise safety: The system must propose but not overreach; we solved this with layered checks and optional approvals.
- Grounding plans in policy: Retrieval quality and deterministic reranking were critical to avoid “plausible-but-wrong” decisions.
- Live feedback at scale: SSE-backed logs and counters required clear, compact event schemas to ensure frontend responsiveness.
- Non-fast-forward updates and content conflicts: We resolved README and documentation conflicts with a canonical, comprehensive artifact and adopted rebase-first workflows.
Results
- End-to-end flow from natural language intent to a validated, explainable, and auditable deployment.
- Significant reduction in operational friction: guardrails catch issues before execution; approvals enable governance; dashboards give real-time clarity.
- The architecture scales with organizational complexity while remaining operator-friendly.
What’s next
- Role-based access control (RBAC) and project/workspace scoping.
- Policy authoring UI and versioned policy packs.
- Deeper cost forecasting (spot, autoscaling policies) and SLA-aware planning.
- Expanded integration matrix (ECS, EKS, Bedrock, Vertex) behind the same agentic interface.
- Pluggable memory with retrieval adapters for domain-specific knowledge.
How to use
- Configure
.envfor AWS, SageMaker endpoints (LLM, embedding, reranking), and execution mode. - Start the backend (
uvicorn orchestrator.main:app --reload). - Start the frontend (
npm run devinfrontend/). - Submit natural language intents via UI or API and watch live step updates.
- Enable approvals and immutable audit for production-grade operations.
Conclusion
AgentOps demonstrates that safe, compliant AI deployment can be both autonomous and controlled. By unifying multi-agent planning, NVIDIA NIM reasoning, policy-grounded validation, and auditable execution on AWS, the project turns “deploy this model for this purpose” into a reliable, governed production outcome—without sacrificing speed, clarity, or control.
Built With
- api-key-auth
- app-runner/lambda/ecs-fargate
- aws-pricing-api
- black
- boto3
- cloudtrail
- cloudwatch
- dynamodb
- fastapi
- flake8
- hmac
- mypy
- nemo-retriever-(rag)
- node.js/npm
- nvidia-nim-(llm)
- pydantic
- pytest
- python-3.11+
- react-flow
- react-query
- rest
- s3
- sagemaker
- sse
- tailwind
- typescript/react
- uvicorn
- vite
Log in or sign up for Devpost to join the conversation.