Skip to main content

Castellan AI CLI (Upcoming)

We’re building a Castellan AI CLI (with an optional TUI) aimed at DevOps/SRE workflows.

It’s designed for on‑prem deployments where the Worker runs locally and mediates everything (events, correlations, evidence, actions, and agent health).

Status

This is an upcoming feature. The interfaces described here are the intended direction and may change as we iterate.

What it’s for

  • On-call visibility: see high-risk signals without opening a browser
  • Fast investigation: search events, pivot into correlations, pull an evidence bundle
  • Safe response: “dry-run → execute → rollback” patterns (guardrails and policy)
  • Automation-friendly: every command can output JSON for runbooks and CI/CD

How it connects (Worker‑mediated)

The CLI talks only to the local Worker:

  • REST API: queries + actions (e.g. search, investigate, execute/rollback)
  • SignalR streaming: live alerts/correlation updates (for TUI and tail)

Agents remain remote; the Worker is the control plane.

Quick examples (planned)

TUI mode (default)

Launch a live terminal UI (think “k9s for events/correlations”):

castellan

Live alerts (stream)

castellan alerts tail --risk high,critical --correlated-only

Search events (scriptable)

castellan events search --since 1h --host WEB-02 --json

Investigate a correlation

castellan investigate correlation C-0182

Configuration (planned)

Defaults (on‑prem):

  • Worker base URL: http://localhost:5000
  • Admin auth: CASTELLAN_ADMIN_API_KEY

The Worker URL will be configurable (config file or env override), so you can run the Worker on a different port/host.

Where it plugs into automation

  • CI/CD: GitHub Actions, GitLab CI, Azure DevOps (attach evidence bundles, gate releases, post summaries)
  • Runbooks: PowerShell/Bash scripts, Jenkins, Ansible
  • Orchestration: n8n workflows for enrichment/dispatch
  • Incident tooling: PagerDuty/Opsgenie + Slack/Teams for chatops