Siclaw is an open-source AI agent for DevOps and SRE teams. It is built for read-only infrastructure diagnostics: gather evidence, form hypotheses, validate them, and return a clear root-cause analysis without changing your environment directly. Describe a problem in plain language and Siclaw investigates it from the terminal, the web UI, or your team's chat channels.
Features
Deep Investigation — A 4-phase workflow for evidence gathering, hypothesis testing, and root-cause analysis
Investigation Memory — Learns from past incidents to improve future investigations
Read-Only by Default — Investigates and recommends next steps without changing your environment directly
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
Team Workflows — Shared web UI, credentials, channels, triggers, and scheduled patrols
Reusable Skills — Turn repeated diagnostic playbooks into reviewable runbooks
Extensible — Connect external tools and data sources through MCP
Multi-Channel Access — Use Siclaw from the terminal, web UI, or chat channels
Architecture
Three deployment modes share one agent core: TUI (single-user terminal),
Local Server (Gateway + SQLite, multi-user), Kubernetes (isolated AgentBox pod per user).
The Knowledge System feeds the agent with accumulated investigation experience (IM Phase 0–1 ✓)
and team-wide knowledge via Qdrant (KR0 — in progress).
kubectl — Optional, only needed if you want Siclaw to investigate Kubernetes clusters
Quick Start
Siclaw supports three deployment profiles. For local usage, start from a dedicated working directory because Siclaw stores most runtime data in .siclaw/ relative to where you launch it.
mkdir -p ~/siclaw-work
cd ~/siclaw-work
1. TUI Mode — Personal, local, lowest barrier
Run the agent directly in your terminal. No server, no database. All operations are read-only by default — safe to run on your workstation.
# Install globally
npm install -g siclaw
# Run (interactive — prompts for LLM provider on first launch)
siclaw
# Single-shot
siclaw --prompt "Why is pod nginx-abc in CrashLoopBackOff?"
# Continue last session
siclaw --continue
git clone https://github.com/scitix/siclaw.git && cd siclaw
npm ci && npm run build:web && npm run build
npm link # register `siclaw` command globally
siclaw # TUI mode
siclaw --prompt "..." # single-shot mode
# Uninstall: npm unlink siclaw -g
Tip: Any OpenAI-compatible endpoint works — swap baseUrl for DeepSeek, Qwen, Kimi, or a local Ollama server.
2. Local Server — VM or laptop, recommended for daily use
A lightweight web UI backed by SQLite. No MySQL, no Docker required.
npm install -g siclaw
# Start the server
siclaw local
# Open http://localhost:3000
# Login: admin / admin (default credentials)
# Configure providers in Models
# Import kubeconfigs in Credentials
git clone https://github.com/scitix/siclaw.git && cd siclaw
npm ci && npm run build:web && npm run build
npm link # register `siclaw` command globally
siclaw local # start local server
# Uninstall: npm unlink siclaw -g
On first startup, Siclaw creates a local admin account:
Username: admin
Password: admin
Set SICLAW_ADMIN_PASSWORD before first launch if you want a different bootstrap password.
3. Kubernetes — Team / enterprise
Production deployment uses Helm plus three container images: gateway, agentbox, and cron.
Build and push images if you are using your own registry:
make docker REGISTRY=registry.example.com/myteam TAG=latest
make push REGISTRY=registry.example.com/myteam TAG=latest
A Claude Code plugin that automatically captures everything Claude does during your coding sessions, compresses it with AI (using Claude's agent-sdk), and injects relevant context back into future sessions.
