Read-only investigation copilot for SRE teams, leveraging multi-agent collaboration to automate root-cause analysis across Kubernetes, networking, and OS-level infrastructure.
Positioning#
Siclaw addresses the challenge of infrastructure troubleshooting in SRE/DevOps teams where diagnosis heavily relies on individual experience and lacks standardization. It provides automated, secure, and auditable diagnostic capabilities focused on "read-only investigation" and "root-cause analysis" without directly modifying production environments.
Core Capabilities#
Deep Investigation Engine#
4-stage workflow: Evidence Collection → Hypothesis Formation → Parallel Verification → Root Cause Conclusion, with 3 parallel sub-agents.
Multi-Agent Workspace#
- k8s-agent: Investigates Pods, Deployments, cluster events via K8s API / kubectl / K8s Playbooks
- network-agent: Tracks latency, packet loss, DNS and routing issues
- system-agent: Checks CPU, memory, disk and kernel-level failures
Security & Compliance#
Read-only access by default; controlled execution via Credential management.
Knowledge & Continuous Learning#
- Skill System: Reusable diagnostic scripts/Playbooks, require review before activation
- Knowledge Library: Each agent has an independent versioned knowledge Wiki
- Investigation Memory: Results stored in memory (SQLite + FTS5 + bge-m3 embeddings) for continuous learning
Interaction & Automation#
- Multi-channel: TUI, Web UI (Portal), Slack / Discord / Telegram / Lark
- Cron Patrols: Natural language scheduled health checks (e.g., "Check GPU every 6h")
MCP Extensions#
Connects to external tools via Model Context Protocol: Prometheus, Grafana, Elasticsearch, Loki, PagerDuty, Alertmanager, GitHub, GitLab, etc.
Architecture#
Layers#
- Control Plane: Portal + Gateway + shared DB for agent configuration and bound resources
- AgentBox: Session-isolated (one Pod per user in K8s, one process locally), runs Deep Investigation Engine
Data Layer#
- Portal DB: MySQL (production) / node:sqlite (local), single DDL with DATABASE_URL scheme switching
- Memory DB: node:sqlite + FTS5 + bge-m3 embeddings
Frontend & Communication#
React + Vite + Tailwind CSS; real-time via WebSocket (ws).
Container Deployment#
Helm Chart with 3 container images: runtime / portal / agentbox.
Runtime#
- Node.js ≥ 22.12.0 (ESM-only), TypeScript 5.9
- Dependencies: pi-coding-agent, @kubernetes/client-node, @modelcontextprotocol/sdk
Deployment Modes#
TUI (local): npm install -g siclaw && siclaw
Local Server: siclaw local launches lightweight Web UI with SQLite backend at http://localhost:3000
Kubernetes (team/enterprise): Helm Chart deployment with MySQL backend support
Configuration#
- LLM Provider: Any OpenAI-compatible endpoint (OpenAI, DeepSeek, Qwen, Kimi, Ollama, etc.)
- K8s credentials: Import kubeconfig via Web UI Clusters page
- SSH hosts/credentials: Manage via Web UI Hosts page
- Data storage:
.siclaw/data/portal.db,.siclaw/local-secrets.json,.siclaw/traces/
Unconfirmed Items#
- scitix organization background not specified in README
- pi-coding-agent framework repo and capabilities not publicly detailed
- bge-m3 embeddings implementation details not specified
- Currently v0.1.4; long-term roadmap not published