Skip to content

Gaby

An open-source AI support agent. Reads tickets from your help desk, investigates root causes against your own systems (Postgres, Keycloak, Stripe, Sentry, Redis) via MCP connectors, and writes back a grounded reply.

Apache 2.0 · Self-hostable · Runs in your infrastructure · Bring your own LLM key

Get started in 3 minutes Read the architecture

Why this exists

Gaby is built by Skycloak, a managed Keycloak-as-a-Service. We're a solo-founder shop, and "support engineer at 3am" is a job we live every week.

We built Gaby for ourselves first. It now handles real tickets against our own Keycloak SaaS, the same workflows, the same connectors, the same safety constraints any operator would need. We open-sourced it because every B2B SaaS team has the same problem and the closed-source alternatives (Intercom Fin, Forethought, Decagon, Ada) ask you to ship customer data into someone else's cloud, with someone else's LLM provider, and trust a closed audit trail.

Gaby is what we'd want to use if we were anyone else.

How it works

  • 1. Deploy

    docker compose up. SQLite by default; Postgres optional. Ships with the agent loop, the safety pipeline, the API, and the web UI bundled.

  • 2. Connect

    Add MCP connectors to your real systems: Postgres, Keycloak, Redis, Sentry, Stripe. Each is a subprocess Gaby spawns over stdio with the standard MCP initialize + tools/list handshake.

  • 3. Tickets flow in

    Help desk adapters poll for new tickets: Zoho Desk, IMAP email, or Slack via the reference MCP ticket-source. Gaby claims one and runs the agent loop.

  • 4. Resolve or escalate

    The loop walks PLANNING → RETRIEVING → SAFETY_CHK → ACTING → OBSERVING → VERDICT → WRITING_BACK. Gaby drafts a reply, the safety pipeline gates writes, and every action lands in a hash-chained audit log.

What v0.3 ships

  • Embeddable chat widget

    ~12 KB gzipped Preact bundle. Shadow-DOM isolated, authenticated install. Drop one <script> tag and visitors talk to Gaby.

  • Slack inbound

    Reference MCP server (@gaby/mcp-slack) listens for Slack events with HMAC + timestamp verification, channel allowlist, ring buffer overflow.

  • Support Lead persona

    Dashboard, playbook library (YAML), SLA board, CSAT queue, escalation rules with a tiny if <cond> then <action> DSL.

  • Read-only connectors

    Redis, Sentry, Stripe as MCP read-only servers. Stripe is structurally read-only, money-touching writes are policy-excluded from the tool surface.

  • Ask Gaby + Inbox

    Read-only Q&A console with cited answers. Unified Inbox merges tickets + widget + Slack chats into one SSE feed.

  • Escalation channels

    Fan-out alerts to Slack, email (SMTP), SMS (Twilio), Opsgenie, and SIGNL4. Per-channel test buttons, per-row failure isolation.

The boring parts that matter

Safety pipeline at 100% line + branch coverage

Scopes DSL → authz matrix → PII redaction → hash-chained audit → approval queue. Five hypothesis property tests guard the invariants: deny-by-default, deny-beats-allow, hash-chain integrity, tamper detection, redaction idempotence. The CI gate fails the build on any drop. See Safety.

Structural agent loop, not a framework

backend/src/gaby/agent/loop.py is a hand-written state machine. Working memory snapshots at every transition so a crashed investigation resumes from the last snapshot without re-running tool calls. One Python module per LLM-call purpose; prompts are versioned Markdown files.

BYOK, runs on your hardware

Anthropic + OpenAI direct SDK clients, no proxy. LiteLLM as a library only when you want to swap providers. Pre-call BudgetGuard with token + USD + wall-clock + iteration caps. No outbound telemetry beyond opt-in anonymous usage pings.

How is this "open"?

Apache 2.0. Self-host forever, no paywall, no feature gate, no "free tier." The code you read on GitHub is the code that runs on your servers.

No pricing tier exists yet. We may eventually offer a hosted SaaS or an Enterprise tier (SSO/SAML, on-prem support contracts, premium connectors), but those are open questions on a v0.5+ roadmap, not products today. See BUSINESS.md for the honest position on what's free now, what's likely to stay free, and what might one day cost money.

Where to go next

Built by Skycloak. We use it ourselves to support our customers.