Built a free, self-hosted M365 reporting/alerting tool — would value feedback from people who run tenants
▲ 2 r/MSSP+3 crossposts

Built a free, self-hosted M365 reporting/alerting tool — would value feedback from people who run tenants

We all know the gap: the M365 admin center is fine for daily ops, but it won't proactively tell you when a sign-in looks off, when app secrets are about to expire, when license allocation drifts, or when risky users show up. You end up manually pulling the same Graph reports over and over.

I built an open-source tool called Argus to close that gap, and I'm sharing it here because this is the crowd that actually lives with the problem.

What it does
- Scheduled report jobs (hourly/daily/weekly/cron) across Identity, Security, and Infrastructure — sign-in anomalies, risky users, MFA status, license utilization, app secret expiry, device compliance, and more
- Conditional delivery — it only emails you when something matters (count over a threshold, an anomaly is detected, or data changed since last run), so you're not training yourself to ignore a daily noise report
- Baseline anomaly detection (z-score vs. historical) for catching unusual spikes
- HTML email reports from editable templates, sent from a single least-privilege scoped mailbox

How it's built / why it might fit a managed environment
- Self-hosted, single Docker container. Your tenant data never leaves your infrastructure — no SaaS, no third party
- Connects to Microsoft Graph with least-privilege, app-only permissions (e.g. read-only IdentityRiskyUser.Read.All, AuditLog.Read.All; no broad Mail.Send — Exchange RBAC scoped to one mailbox)
- Credentials are AES-256-GCM encrypted at rest; the only thing in the environment is a master key
- Stack: Bun + Next.js + SQLite + TypeScript. docker compose up and it's running

It's free and open source (not a product, nothing to buy, no signup). I'd genuinely value feedback from people who manage real tenants:
- Does the report catalog cover what you'd actually want alerts on, or what's missing?
- Is the least-privilege permission model what you'd expect before pointing it at a production tenant?
- Would conditional/anomaly-based delivery actually cut noise for you, or do you want everything logged regardless?

Repo: https://github.com/RohiRIK/argus

Happy to answer anything about the architecture or the permission model in the comments.

u/Comfortable_Cat_6207 — 12 days ago
▲ 4 r/ITManagers+4 crossposts

[Beta] Argus — self-hosted Microsoft 365 reporting & alerting for IT/security teams

Hey everyone 👋

I've been building a project called Argus for the past few weeks, and I'd love for people to try it and tell me where the user experience breaks down.

What it is
Argus is a self-hosted notification & reporting platform for Microsoft 365 tenants. If you manage M365, you know the pain — manually checking sign-in anomalies, risky users, MFA status, license usage, expiring app secrets, device compliance. The admin center is fine for daily ops but it never proactively tells you when something matters. Argus does.

It connects to Microsoft Graph with least-privilege app-only permissions, runs report jobs on a schedule (hourly/daily/weekly/cron), applies baseline anomaly detection (z-score), and emails you an HTML report — but only when a condition is met (count > N, anomaly detected, something changed). Your tenant data never leaves your infra. No SaaS.

Stack: Bun + Next.js 16 + SQLite/Drizzle + TypeScript. Single Docker container — docker compose up and you're running. The only required secret is a master key; everything else is entered in the UI and stored AES-256-GCM encrypted.

Who I'm looking for
- IT admins / MSPs / security folks who run a real M365 tenant (or a test tenant)
- Anyone comfortable spinning up a Docker container

What I want feedback on
This is where I really need you. The backend is solid — the part I'm least sure about is the UX:
- Is the setup flow clear? Master key → Entra credentials → first job. Where did you get stuck?
- The catalog → template → create-job flow — does it make sense, or is it confusing?
- Are the report names and descriptions self-explanatory, or did you have to guess what they do?
- HTML email reports — readable? Too much, too little?
- Anything that made you go "wait, what do I do now?"

Honest / negative feedback is exactly what I want — better now than after launch. Be direct, I won't take it personally 🙂

Try it
GitHub: https://github.com/RohiRIK/argus
git clone, then ./install.sh (local) or ./install.sh docker → http://localhost:8100

Happy to answer anything in the comments or help you get it running. Thanks 🙏

u/Comfortable_Cat_6207 — 12 days ago
▲ 6 r/foss+2 crossposts

I built Argus — a self-hosted Microsoft 365 notification system for IT admins (open source)

Hey everyone,

I've been working on a tool I think a lot of you might find useful. It's called **Argus** — a self-hosted notification and reporting platform for Microsoft 365 tenants.

The problem

If you manage M365 tenants, you know the pain of manually checking sign-in anomalies, risky users, license utilization, DLP alerts, etc. The Microsoft 365 admin center is great for daily ops, but it doesn't proactively notify you when things matter.

What Argus does

- 26 built-in report types — sign-in anomalies, risky users, MFA status, security alerts, license utilization, app secrets expiry, device compliance, and more
- Scheduled jobs — hourly, daily, weekly, or custom cron with conditional logic (only send if count > N, if anomaly detected, if new items)
- HTML email reports — rendered from customizable templates, sent from a least-privilege shared mailbox
- Baseline comparison — tracks historical data, detects anomalies via z-score, surfaces trends
- Encrypted vault — all credentials stored AES-256-GCM, only one secret needed (master key)
- Webhook support — notify Slack, Teams, SIEM when jobs are suppressed or fail

Stack

Bun + Next.js 16 + SQLite/Drizzle + TypeScript. Single Docker container, `docker compose up` and you're running.

Why self-hosted

Your tenant data never leaves your infrastructure. No SaaS, no external dependencies beyond Microsoft Graph API.

Quick start

```bash
git clone https://github.com/RohiRIK/argus.git
cd argus
export ARGUS_MASTER_KEY=$(openssl rand -hex 32)

# startbun server
bun install && bun run db:migrate && bun run db:seed
bun run dev

# → http://localhost:8100

# Or with Docker:
docker compose up
```

Links
- GitHub: https://github.com/RohiRIK/argus

I'd love feedback on the architecture, the report catalog, or anything else. Happy to answer questions.

reddit.com
u/Comfortable_Cat_6207 — 21 days ago

I built Argus — a self-hosted Microsoft 365 notification system for IT admins (open source)

Hey everyone,

I've been working on a tool I think a lot of you might find useful. It's called Argus — a self-hosted notification and reporting platform for Microsoft 365 tenants.

The problem

If you manage M365 tenants, you know the pain of manually checking sign-in anomalies, risky users, license utilization, DLP alerts, etc. The Microsoft 365 admin center is great for daily ops, but it doesn't proactively notify you when things matter.

What Argus does

  • 26 built-in report types — sign-in anomalies, risky users, MFA status, security alerts, license utilization, app secrets expiry, device compliance, and more
  • Scheduled jobs — hourly, daily, weekly, or custom cron with conditional logic (only send if count > N, if anomaly detected, if new items)
  • HTML email reports — rendered from customizable templates, sent from a least-privilege shared mailbox
  • Baseline comparison — tracks historical data, detects anomalies via z-score, surfaces trends
  • Encrypted vault — all credentials stored AES-256-GCM, only one secret needed (master key)
  • Webhook support — notify Slack, Teams, SIEM when jobs are suppressed or fail

Stack

Bun + Next.js 16 + SQLite/Drizzle + TypeScript. Single Docker container, docker compose up and you're running.

Why self-hosted

Your tenant data never leaves your infrastructure. No SaaS, no external dependencies beyond Microsoft Graph API.

Quick start

git clone https://github.com/RohiRIK/argus.git
cd argus
export ARGUS_MASTER_KEY=$(openssl rand -hex 32)

# startbun server
bun install && bun run db:migrate && bun run db:seed
bun run dev

# → http://localhost:8100

# Or with Docker:
docker compose up

Links

reddit.com
u/Comfortable_Cat_6207 — 21 days ago

GitHub - RohiRIK/argus: Argus — the all-seeing eye for Microsoft 365. Self-hosted, Dockerized notification & reporting for IT admins and security teams.

Hey everyone,

I've been working on a tool I think a lot of you might find useful. It's called Argus — a self-hosted notification and reporting platform for Microsoft 365 tenants.

The problem

If you manage M365 tenants, you know the pain of manually checking sign-in anomalies, risky users, license utilization, DLP alerts, etc. The Microsoft 365 admin center is great for daily ops, but it doesn't proactively notify you when things matter.

What Argus does

  • 26 built-in report types — sign-in anomalies, risky users, MFA status, security alerts, license utilization, app secrets expiry, device compliance, and more
  • Scheduled jobs — hourly, daily, weekly, or custom cron with conditional logic (only send if count > N, if anomaly detected, if new items)
  • HTML email reports — rendered from customizable templates, sent from a least-privilege shared mailbox
  • Baseline comparison — tracks historical data, detects anomalies via z-score, surfaces trends
  • Encrypted vault — all credentials stored AES-256-GCM, only one secret needed (master key)
  • Webhook support — notify Slack, Teams, SIEM when jobs are suppressed or fail

Stack

Bun + Next.js 16 + SQLite/Drizzle + TypeScript. Single Docker container, docker compose up and you're running.

Why self-hosted

Your tenant data never leaves your infrastructure. No SaaS, no external dependencies beyond Microsoft Graph API.

Quick start

git clone https://github.com/RohiRIK/argus.git
cd argus
export ARGUS_MASTER_KEY=$(openssl rand -hex 32)

# startbun server
bun install && bun run db:migrate && bun run db:seed
bun run dev

# → http://localhost:8100

# Or with Docker:
docker compose up

Links

github.com
u/Comfortable_Cat_6207 — 21 days ago
▲ 8 r/OpenAssistant+3 crossposts

I treated my cron jobs like a corporation and built a Hermes skill around it. Curious if the “department” mental model actually helps or just adds ceremony.

I've been running an experiment for a while and wanted to get opinions from people actually deploying Hermes in production, not just theorizing.

The premise is simple: instead of a single agent doing everything, I structured a project as a full company — CEO, CTO, CISO, R&D, UX/UI, DevOps, QA, etc. Each department is just a cron-scheduled Hermes agent with a specific identity, a mandatory pipeline, and an inbox for cross-department tasks. A shared `state.json` acts as the company brain.

The skill is called Corporate on Demand. It's a Hermes Agent skill that scaffolds this entire structure.

What actually happens:
- Departments run every 2 hours. R&D must go research → pitch → spec → build. No skipping.
- A "C-Suite" layer inspects twice daily and grades departments A-F. Consecutive D/F grades trigger corrective directives.
- Morning reports hit Telegram at 08:00. You wake up to a changelog written by your own project.
- There's an "anti-slop contract" — banned words like "leverage" and "streamline," no `// TODO` placeholders, no vague changelogs.
- Sprint mode, pivoting gates, incident response (P1/P2/P3), and an R&D lab for unstructured experimentation.

Does this actually work?

I have a live case study running: a browser-based arcade platform (7 games, 16 departments, Docker in my homelab). R&D autonomously built 4 extra games beyond the initial scope. QA has 17+ clean cycles. The board self-governs and applies pressure before the CEO even inspects.

The repo: https://github.com/RohiRIK/corporate-on-demand

My honest questions for you:

  1. Does forcing agents into rigid "corporate" roles improve output, or does it just create overhead?
  2. Is the C-suite grading layer useful, or would a flat structure of specialized agents work better?
  3. Has anyone else tried strict pipeline enforcement (no skipping steps) with Hermes? Did it reduce slop or just slow things down?

I started this as a philosophical exercise — treating software projects like living organizations rather than static repos. Curious whether others find that framing useful or just unnecessarily theatrical.

What do you think — is there something to the "autonomous corporation" model, or is it just Cron Jobs with Extra Steps?

u/Comfortable_Cat_6207 — 28 days ago
▲ 20 r/coolgithubprojects+6 crossposts

I built OpenLTM: An open-source long-term memory layer for AI coding agents (Bun & SQLite)

Hey r/opensourceAi,

I wanted to share a project I've been working on recently called OpenLTM.

What is it?

OpenLTM is a persistent, semantic memory layer for AI coding agents like Claude Code, OpenCode, and Pi. It gives your AI agent a long-term memory graph that survives every session, every update, and every compaction.

Why did I build it?

I was frustrated by a simple problem: You explain your auth layer to the AI once, but why does it ask again tomorrow? I was tired of constantly re-explaining my codebase, gotchas, and architecture every single time I started a new session. I couldn't find a fully local, zero-config solution, so I decided to build my own. What started as a private "stop re-explaining things" plugin is now fully open source under the MIT license.

Key Features:

  • 🧠 Automatic Memory: Memory should be automatic. Background hooks extract patterns when you end a session, and inject the top context back when you start a new one. You don't have to remember to remember.
  • Importance-Weighted Decay: A bug you fixed 6 months ago shouldn't clutter your AI's context. Stale memories fade naturally, while critical knowledge lives forever.
  • 🔍 Semantic Recall: FTS5 full-text search combined with vector embeddings. You search by meaning, finding the right memory even if you didn't use the exact keywords.
  • 🔒 100% Local & Private: No cloud, no account, no telemetry. Your memory lives securely in a local SQLite DB that you own entirely.
  • 🕸 Visual Graph: Includes a browser-based explorer to traverse relationships between memories and reasoning chains.

Tech Stack:

Built with Bun and SQLite It utilizes the Model Context Protocol (MCP) and is fully provider-agnostic, though it currently works seamlessly as a drop-in Claude Code plugin.

I'd love to get your feedback, hear your thoughts on the code/architecture, or see if this speeds up your own AI-assisted workflows. Since we are in r/opensource, if anyone finds the project interesting and wants to contribute, issues and PRs are very welcome! If you like the philosophy behind it, a star on GitHub would mean the world to me.

🔗 Github Link: https://github.com/RohiRIK/OpenLtm

Thanks!

u/Comfortable_Cat_6207 — 28 days ago