Open source · Apache-2.0

What the CLI does today

A terminal tool that investigates a firing alert like an on-call engineer would, and hands you back a report you can check line by line.

Two ways to start an investigation

Pipe in a FiringAlert JSON (or a webhook/Alertmanager-shaped payload) on stdin, or skip the alert and describe the problem with --query. Either way, the CLI streams a live timeline as it works.

Ordered-evidence reports

Every report has the same shape: a root cause (or an honest "not determined"), hypotheses ranked by plausibility with supporting/contradicting evidence, what was ruled out, coverage, and next steps. No numeric confidence scores.

Bring your own model provider

The default deepagents harness (a coding agent it drives locally) speaks the OpenAI protocol — Ollama, OpenAI, Groq, or your own OpenAI-compatible endpoint. Prefer Claude Code? Use --harness claude-code with your Anthropic credential instead.

Permission modes

--mode controls what the harness is asked to do: read-only (default), supervised, auto, or dangerous. --dangerously-skip-permissions is a shortcut for the last one.

Sandboxed isolation, with a self-check

--sandbox auto prefers an OS-level egress boundary when one is available, and only falls back to software-level (process) limits when a real egress self-check shows the boundary would not actually contain the run — and says so, never silently.

Every run persisted, JSON for scripting

Each investigation writes its event stream and report under ~/.prismalens/runs/<runId>/. Add --json to print the InvestigationReport as machine-readable output, or --output to save a copy.

In development — not yet released

  • • A self-hosted web UI
  • • An incident command center
  • • Webhook alert intake from your existing monitoring stack
  • • Multi-source correlation across incidents

See it in action

Install the CLI and run your first read-only investigation against a real repo.

Read the CLI docs