Quell watches your logs, investigates the incident in a Docker sandbox, and ships a root-cause report with a proposed fix to your inbox — before your phone buzzes.
Tail your logs locally, detect a new error signature, spawn the IncidentCommander, run sandboxed tools, finish in seconds. No cloud, no telemetry.
From raw log line to draft report — and a Slack / Discord / Telegram ping — is usually under 30 seconds.
Tail a log file, poll an HTTP endpoint, or stream Vercel / Sentry events.
Signature + 24h rolling baseline — flag what's new, spiking, or critical.
IncidentCommander reads logs, greps code, traces git history, and reasons.
Structured root-cause + draft PR; fanned to Slack / Discord / Telegram in parallel.
Draft-PR-only, sandboxed by default, model-agnostic. Opinionated where it matters, flexible where it doesn't.
Quell produces a structured report and draft PR. Humans always ship the fix. No silent changes, no 3am surprises.
Every tool that touches code runs inside a Docker container with your workspace mounted read-only. Bearer-token auth per sandbox.
LiteLLM under the hood — OpenAI, Anthropic, Google, Ollama, anything. Swap models with one line of TOML.
The IncidentCommander spawns specialist subagents (log analyst, code detective, git historian) that work in parallel.
Markdown + YAML runbooks for Stripe, OpenAI, DNS, SSL, memory, disk, deadlocks, Django/Flask/Rails/Spring/Express, Postgres, Redis, Docker, Kubernetes — auto-injected when triggers match.
Your code, your logs, your infrastructure — nothing leaves your machine unless you explicitly configure a remote endpoint.
Fan an investigation summary out to every channel in parallel the moment the agent finishes. Verify webhooks with quell notifier test.
quell dashboard boots a local Next.js + FastAPI UI; quell incident replay <id> prints the same event timeline in your terminal. Read-only.
Per-model rate card across Anthropic / OpenAI / Google / Ollama. Every run records tokens + USD; max_cost_usd halts a runaway investigation before it lights money on fire.
Each skill is a markdown + YAML runbook. The detector matches an incident's signature against trigger globs; matched skills are appended to the agent's system prompt for that investigation.
Detects two transactions blocking each other; pulls the deadlock graph + offending statements; drafts a retry-with-backoff patch.
Replays the last 50 failed webhook deliveries, classifies signature vs handler errors, and proposes the missing endpoint or signing-secret rotation.
Correlates dmesg OOM lines with cgroup limits and process RSS history; identifies the leaking allocator and suggests a memory-limit bump or fix.
Probes every public endpoint for cert chain + expiry; spots near-expiry certs, points to the renewal job, and drafts a one-line cron fix.
Runs kubectl describe/logs/events across the failing pod; isolates the failing container, surfaces the readiness probe diff, and drafts a manifest patch.
Spots 429-burst patterns; correlates with deploy windows; suggests a token-bucket + provider-failover patch grounded in your existing client.
Pick whatever matches your environment. All five channels install the same binary.
curl -fsSL https://raw.githubusercontent.com/bhartiyaanshul/quell/main/install.sh | bashProbes for a prebuilt binary, falls back to pipx + source. Today's default.
After install: quell init · quell doctor · quell watch.
Monitors emit RawEvents. Detector fingerprints. Commander investigates via tools in a Docker sandbox, persists every run, fans the result to Slack / Discord / Telegram, and surfaces it in a local dashboard.
Quell is Apache-2.0, built on LiteLLM, and designed so your code never leaves your machine. Install in under a minute.