How It Works

Something breaks. If you’re lucky, your observability stack tells you exactly what happened. Most teams aren’t that lucky. The telemetry covers half the services, the engineer who configured it left, and the real debugging tool is grep.

So someone starts digging. Logs, timestamps, config files, trying to piece together what happened. It takes hours, and it happens every time. Then you get to do it all over again in a post-mortem writeup.

What if you never had to read logs again?

Fawdy reads them for you. Point it at an incident and it observes, forms a hypothesis, runs read-only diagnostics to test it, and loops until it has an answer.

Pass 1

Observe

Reason

Act

No runbooks. No tribal knowledge. Just a structured investigation that runs in minutes instead of hours.

Is it safe?

Diagnosing incidents means running commands on your infrastructure. Every one passes through ShellGuard, a deterministic parser that checks each command against an allowlist. Pass or block. No LLM, no judgment calls, no probability. Try it for yourself.

Speed

Safe commands

Dangerous commands

Sneaky attempts

Parse

awaiting command

Validate

awaiting parse

Goals

0/3

Run a safe command and watch it pass
Try a dangerous command and see it get blocked
Find a command blocked by a specific flag(hint: tail -f)

ShellGuard is Open Source

You don’t have to trust us. Read the code.

View on GitHub

Why bash?

Most AI agents talk to servers through custom tool APIs. Check disk usage? Build a tool. Read logs? Build another. Restart a service? Another one. Before long you are maintaining dozens of brittle abstractions that still cannot handle the task the LLM has not seen before.

LLMs already know bash. Trained on millions of shell sessions and man pages, they can compose commands for nearly any sysadmin task out of the box. One interface instead of fifty.

Custom Tools

Fawdy

Supports any stack.

General-purpose LLMs hallucinate commands, reference deprecated flags, and mix up syntax between similar tools. Fawdy ships with a library of skills. Curated reference documents for specific technologies, each containing verified commands, correct flags, and known failure modes. When an investigation starts, Fawdy scans the server, detects what’s running, and loads the relevant skills. Documentation, not guesswork.

fawdy

$ fawdy scan

fawdy@demo ~ scanning server...

scanning processes... 47 running

listening on 8 ports

found PostgreSQL 17.2

found nginx 1.27

found Java 23.0.1

3 technologies detected

ready. 3 skills active

MySQL

Redis

Docker

RabbitMQ

Kafka

PostgreSQL

## Lock Contention
Identify blocked queries:
  SELECT pid, wait_event_type,
    query FROM pg_stat_activity
  WHERE wait_event IS NOT NULL;

Kubernetes

Elastic

HAProxy

nginx

## 502 Bad Gateway
Upstream is not responding.
- verify `proxy_pass` target
- check `proxy_read_timeout`
- error log: "upstream timed out"
  means backend is too slow

Memcached

MongoDB

Tomcat

Prometheus

Java

## Thread Dump
Capture without restart:
  jstack <pid> > dump.txt
Look for BLOCKED threads.
Deadlock info is printed at
the bottom of the output.

Consul

Fawdy ships with skills for the most common server technologies out of the box, with more being added regularly. Need coverage for a legacy system or internal tooling? Custom skills can be written for any stack.