# How It Works > Think of Opsera Agents like a senior DevOps engineer who never sleeps, one who knows your entire codebase, understands your compliance requirements, and can run a full security review, generate a deployment pipeline, or map your architecture the moment you ask. From inside the IDE you already use. ## A developer pushes code. Here's what Opsera does. Follow a single moment from your prompt to a result in plain English. {% stepper %} {% step %} ### You type a natural language promptInside Claude Code, Cursor, or VS Code No new tool to learn. You describe what you need in plain English. * "Run a security scan on this repository" * "Analyze the architecture of my payment service" * "Check compliance for SOC2 and show gaps {% endstep %} {% step %} ### Agent Gateway The agent receives your request and understands contextVia the Model Context Protocol (MCP), the agent connects to your workspace. It reads your codebase, infrastructure config, and dependencies understanding the full picture before doing anything. * Reads your repo structure, file types, and languages * Detects your infrastructure (k8s, Terraform, Docker) * Loads your org's compliance policies and rules {% endstep %} {% step %} ### It decides the best approach Opsera's intelligent decision engine figures out which agents to run, in what order, and with what tools. You don't configure this — it infers it from your codebase. * Selects the right agent for the task (Security, Architecture, Compliance, SQL) * Determines which of your 150+ connected tools to use * Builds an execution plan and checks for risks before starting {% endstep %} {% step %} #### Agents run across your entire stack in parallel Multiple specialist agents execute simultaneously — scanning, analyzing, generating — while enforcing your policies automatically. No bottlenecks. No manual steps. * SAST scan, dependency audit, and secrets detection run in parallel * Compliance checks happen automatically at every step * Self-heals on minor issues without interrupting you {% endstep %} {% step %} #### You get actionable results — right in your IDE Results come back directly in your editor with specific findings, severity levels, file locations, and remediation steps. A full report is also saved to your Opsera portal. * Exact file paths and line numbers for every finding * Remediation steps generated for each issue * Full audit trail stored automatically for compliance {% endstep %} {% endstepper %} ### Before and after Opsera Agents

### Core Architecture #### System Architecture Diagram ``` ┌─────────────────────────────────────────────────────────────────┐ │ TRIGGER EVENTS LAYER │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ Git Events │ │ Schedules │ │ Webhooks │ │ │ │ (push, PR) │ │ (cron, etc) │ │ (external) │ │ │ └──────────────┘ └──────────────┘ └──────────────┘ │ └────────────────────────┬─────────────────────────────────────────┘ │ ┌────────────────────────▼─────────────────────────────────────────┐ │ AGENT GATEWAY (Event Router) │ │ • Event normalization and routing │ │ • Authentication and authorization │ │ • Rate limiting and queue management │ └────────────────────────┬─────────────────────────────────────────┘ │ ┌────────────────────────▼─────────────────────────────────────────┐ │ CONTEXT COLLECTION & ANALYSIS LAYER │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ Code Analysis│ │ Config Parse │ │ Dependency │ │ │ │ (AST, lang) │ │ (YAML, JSON) │ │ Detection │ │ │ └──────────────┘ └──────────────┘ └──────────────┘ │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ Env Scan │ │ Policy Check │ │ Historical │ │ │ │ (infra, k8s)│ │ (rules, iam) │ │ Analysis │ │ │ └──────────────┘ └──────────────┘ └──────────────┘ │ └────────────────────────┬─────────────────────────────────────────┘ │ ┌────────────────────────▼─────────────────────────────────────────┐ │ INTELLIGENT DECISION ENGINE │ │ ┌────────────────────────────────────────────────────────────┐ │ │ │ • ML Model: Predict optimal deployment strategy │ │ │ │ • Rules Engine: Apply organizational policies │ │ │ │ • Template Matching: Select best practices │ │ │ │ • Risk Assessment: Evaluate deployment risks │ │ │ │ • Dependency Resolution: Build execution order │ │ │ └────────────────────────────────────────────────────────────┘ │ └────────────────────────┬─────────────────────────────────────────┘ │ ┌────────────────────────▼─────────────────────────────────────────┐ │ AGENT SELECTOR & ORCHESTRATOR │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ CI/CD Agent │ │ Security Ag. │ │ Compliance │ │ │ │ │ │ │ │ Agent │ │ │ └──────────────┘ └──────────────┘ └──────────────┘ │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ Databricks │ │ Kubernetes │ │ Deployment │ │ │ │ Agent │ │ Agent │ │ Agent │ │ │ └──────────────┘ └──────────────┘ └──────────────┘ │ └────────────────────────┬─────────────────────────────────────────┘ │ ┌────────────────────────▼─────────────────────────────────────────┐ │ AGENT EXECUTION LAYER │ │ ┌─────────────────────────────────────────────────────────────┐│ │ │ Agent 1: Run Pre-checks & Validation ││ │ │ ├─ Code quality scan (SonarQube) ││ │ │ ├─ Dependency check (security) ││ │ │ ├─ Policy compliance (IaC validation) ││ │ │ └─ Environmental sanity checks ││ │ └─────────────────────────────────────────────────────────────┘│ │ │ │ ┌─────────────────────────────────────────────────────────────┐│ │ │ Agent 2: Generate Artifacts ││ │ │ ├─ Compose Dockerfile with security ││ │ │ ├─ Create k8s manifests (Helm/Kustomize) ││ │ │ ├─ Generate IaC (Terraform) ││ │ │ └─ Build CI pipeline configuration ││ │ └─────────────────────────────────────────────────────────────┘│ │ │ │ ┌─────────────────────────────────────────────────────────────┐│ │ │ Agent 3: Execute Build & Test ││ │ │ ├─ Compile/Build application ││ │ │ ├─ Run unit & integration tests (parallel) ││ │ │ ├─ Security scanning (SAST/Container) ││ │ │ └─ Performance benchmarking (optional) ││ │ └─────────────────────────────────────────────────────────────┘│ │ │ │ ┌─────────────────────────────────────────────────────────────┐│ │ │ Agent 4: Deploy to Environment ││ │ │ ├─ Provision infrastructure (if needed) ││ │ │ ├─ Deploy application (blue-green/canary) ││ │ │ ├─ Execute smoke tests ││ │ │ └─ Configure monitoring & logging ││ │ └─────────────────────────────────────────────────────────────┘│ │ │ │ ┌─────────────────────────────────────────────────────────────┐│ │ │ Agent 5: Validation & Compliance ││ │ │ ├─ Health check verification ││ │ │ ├─ Compliance auditing (POL, SOC2, etc) ││ │ │ ├─ Security assessment (DAST) ││ │ │ └─ Final gate approval (if required) ││ │ └─────────────────────────────────────────────────────────────┘│ │ │ │ ┌─────────────────────────────────────────────────────────────┐│ │ │ Agent 6: Reporting & Feedback ││ │ │ ├─ Generate deployment report ││ │ │ ├─ Collect metrics (DORA, performance) ││ │ │ ├─ Create notification payload ││ │ │ └─ Update dashboard / SLA tracking ││ │ └─────────────────────────────────────────────────────────────┘│ └────────────────────────┬─────────────────────────────────────────┘ │ ┌────────────────────────▼─────────────────────────────────────────┐ │ INTEGRATION & OUTPUT LAYER │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ GitHub/GitLab│ │ Slack/Teams │ │ Datadog/New │ │ │ │ Status API │ │ Notifications│ │ Relic │ │ │ └──────────────┘ └──────────────┘ └──────────────┘ │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ AWS/Azure │ │ Jira/Linear │ │ Compliance │ │ │ │ Deployments │ │ Issue Updates│ │ Dashboard │ │ │ └──────────────┘ └──────────────┘ └──────────────┘ │ └─────────────────────────────────────────────────────────────────┘ ▼ ┌─────────────────────────────────────────────────────────────────┐ │ STATE & TELEMETRY PERSISTENCE │ │ • Deployment history & artifacts │ │ • Execution logs & audit trails │ │ • Metrics & performance data │ │ • Compliance & security findings │ │ • ML model training data │ └─────────────────────────────────────────────────────────────────┘ ``` ### The Agent Lifecycle #### Detailed State Machine ``` ┌──────────────────┐ │ INITIALIZATION │ │ • Validate input│ │ • Auth check │ │ • Setup logging │ └────────┬─────────┘ │ ▼ ┌──────────────────┐ ┌─────────────────┐ │ ANALYZING │ │ (Error: Invalid │ │ • Parse code │─────>│ config found) │ │ • Scan infra │ └─────────────────┘ │ • Extract cfg │ │ └────────┬─────────┘ │ │ │ ▼ │ ┌──────────────────┐ │ │ PLANNING │ │ │ • Build strat │─────┐ │ │ • Dependency │ │ │ │ ordering │ │ │ └────────┬─────────┘ │ │ │ │ │ ▼ │ │ ┌──────────────────┐ │ │ │ GENERATING │ │ │ │ • Create Docker │ │ │ │ • IaC configs │ │ │ │ • Deploy manifests │ │ └────────┬─────────┘ │ │ │ │ │ ▼ │ │ ┌──────────────────┐ │ │ │ VALIDATING │ │ │ │ • Syntax check │─────┤ │ │ • Security scan │ │ │ │ • Policy compl. │ │ │ └────────┬─────────┘ │ │ │ │ │ ▼ │ │ ┌──────────────────┐ │ │ │ EXECUTING │ │ │ │ • Build app │ │ │ │ • Run tests │ │ │ │ • Push artifacts│ │ │ └────────┬─────────┘ │ │ │ │ │ ▼ │ │ ┌──────────────────┐ │ │ │ DEPLOYING │ │ │ │ • Infra provision │ │ │ • App deployment │ │ │ │ • Config setup │ │ │ └────────┬─────────┘ │ │ │ │ │ ▼ │ │ ┌──────────────────┐ │ │ │ CONFIRMING │◄────┘ │ │ • Health checks │ (Retry if │ │ • Run smoke tests failed) │ │ • Verify config │ │ └────────┬─────────┘ │ │ │ ▼ │ ┌──────────────────┐ │ │ COMPLETED │ │ │ • Generate rep. │ │ │ • Send notif. │ │ │ • Store telemetry │ └────────┬─────────┘ │ │ │ ▼ │ SUCCESS │ (Store │ logs & │ metrics) │ │ ▼ ┌──────────────────┐ │ FAILED │ │ • Log errors │ │ • Notify team │ │ • Suggest fixes │ │ • Offer rollback│ └──────────────────┘ ``` ### Real-World Industry Examples #### Example 1: Fintech Startup (Payment Processing) ``` COMPANY: Example company (startup processing $10M/month) REQUIREMENTS ├─ Process payments 24/7 with 99.99% uptime ├─ Sub-100ms latency for transactions ├─ Regulatory compliance (PCI-DSS, SOC2) ├─ Process code changes multiple times daily ├─ Scale from 10 to 1000 transactions/second OPSERA DEPLOYMENT │ ├─ ARCHITECTURE │ ├─ Node.js API (payment processing) │ ├─ Python backend (fraud detection ML) │ ├─ PostgreSQL (transaction ledger) │ ├─ Redis (cache & rate limiting) │ └─ Stripe integration (payment gateway) │ ├─ AGENT USAGE │ │ │ ├─ CI/CD Agent │ │ ├─ Run 500+ unit tests in parallel │ │ ├─ SAST scan for payment vulnerabilities │ │ ├─ Integration test against Stripe sandbox │ │ ├─ Performance test (1000 req/sec load test) │ │ └─ PCI-DSS compliance scan │ │ │ ├─ Security Agent │ │ ├─ Scan for hardcoded API keys │ │ ├─ Check for SQL injection vulnerability │ │ ├─ Verify encryption of sensitive data │ │ ├─ Penetration test in staging │ │ └─ Audit compliance checker │ │ │ ├─ Kubernetes Agent │ │ ├─ Deploy to AWS EKS (multi-AZ) │ │ ├─ Blue-green deployment │ │ ├─ Auto-scaling to handle traffic spikes │ │ ├─ Persistent volumes for ledger │ │ └─ Network policies for isolation │ │ │ └─ Monitoring Agent │ ├─ Datadog integration │ ├─ Transaction success rate monitoring │ ├─ Latency percentile tracking (p99.99) │ ├─ PagerDuty integration for incidents │ └─ Automated rollback on error rate > 0.5% │ └─ RESULTS ├─ Deployment frequency: 5x per day ├─ Lead time: 8 minutes (code → production) ├─ Change failure rate: < 2% ├─ MTTR: 5 minutes ├─ Uptime: 99.99% (maintained) ├─ Latency: p99 = 45ms (improved from 250ms) ├─ Auto-remediation: 80% of issues self-heal └─ Compliance: 100% automated audit trail ``` #### Example 2: Healthcare Company (HIPAA-Regulated) ``` COMPANY: HealthTech Sample company (10,000 patient records) REQUIREMENTS ├─ HIPAA compliance (encryption, audit logs) ├─ Data residency restrictions (US-only) ├─ 30-day audit trail (immutable) ├─ Controlled access with role-based secrets ├─ Strict change control process OPSERA DEPLOYMENT │ ├─ COMPLIANCE AGENTS │ │ │ ├─ Compliance Agent │ │ ├─ Pre-deployment: Verify all HIPAA controls │ │ ├─ Check: Data encrypted at rest (TLS 1.3) │ │ ├─ Check: Audit logging enabled │ │ ├─ Check: Access controls validated │ │ ├─ Check: Data location (US-only) │ │ └─ Block: Any policy violation │ │ │ ├─ Audit Agent │ │ ├─ Record every code change │ │ ├─ Log all deployments (who/what/when) │ │ ├─ Track all database access │ │ ├─ Immutable audit log (in S3 with MFA delete) │ │ └─ Generate compliance reports monthly │ │ │ └─ Security Agent │ ├─ Scan for PHI (personally identifiable health info) │ ├─ Verify encryption for all patient data │ ├─ Check access controls on sensitive fields │ ├─ Monitor for unauthorized access attempts │ └─ Alert on any potential breaches │ ├─ DEPLOYMENT PROCESS (ENHANCED) │ │ │ ├─ Standard CI/CD │ │ └─ SAST, SCA, tests pass │ │ │ ├─ Compliance approval gate │ │ ├─ Compliance officer reviews changes │ │ ├─ Verifies no PHI exposure │ │ ├─ Approves deployment (digitally signed) │ │ └─ Max 4-hour approval window │ │ │ ├─ Staged deployment │ │ ├─ Dev (isolated, test data only) │ │ ├─ Staging (copy of prod with fake data) │ │ ├─ Production (careful monitoring) │ │ └─ Each stage requires approval │ │ │ └─ Post-deployment audit │ ├─ Verify deployment succeeded │ ├─ Run HIPAA control audit │ ├─ Generate deployment report │ ├─ Store digitally signed approval record │ └─ Immutable archive in S3 + Glacier │ └─ RESULTS ├─ Deployment frequency: 2x per week (controlled) ├─ Compliance score: 100% (all controls passing) ├─ Audit readiness: Always 100% ready ├─ Mean audit time: 2 hours (vs. 2 weeks before) ├─ Change failures caught: 100% pre-deployment ├─ Security incidents: 0 in past year ├─ Audit findings: 0 critical, 0 high └─ Customer trust: Improved (transparent compliance) ``` ## Agent Command Cheat Sheet ```bash # Deploy to cloud opsera deploy --app myapp --target aws:prod # Multi-cloud deployment opsera deploy --multi-cloud --targets aws:prod,azure:dr # Validate compliance opsera validate compliance --org healthcare --framework hipaa # View deployment history opsera history --limit 10 # Rollback deployment opsera rollback --deployment-id abc123 # Trigger security scan opsera security-scan --app myapp --type full # View metrics opsera metrics dora --period 90 # List available agents opsera agents list ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.agents.opsera.ai/how-it-works.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.