AI Incident Commander for the Terminal
OpsPilot is a production-focused Node.js CLI for incident response workflows. It helps SRE teams analyze logs, generate safe diagnostic guidance, build incident timelines, and draft structured postmortems, with GitHub Copilot CLI as the reasoning engine.
Built for the GitHub Copilot CLI Challenge.
During incidents, responders lose time context-switching between logs, shell history, Git history, and ad-hoc notes. OpsPilot centralizes that flow in a single CLI:
analyze: summarize and assess logs quicklysuggest: propose next checks while flagging risky commandstimeline: assemble a timeline from shell/git/log evidencepostmortem: generate a structured retrospective draft
- Node.js 18+
- GitHub Copilot CLI installed
Copilot CLI reference: GitHub Copilot CLI
npm install -g opspilot
opspilot --helpOr run without installing globally:
npx opspilot --helpnpm install
node bin/opspilot.js --helpOptionally install the local checkout globally:
npm link
opspilot --helpcopilot auth loginOpsPilot can still provide deterministic fallback diagnostics if Copilot CLI is unavailable, but full AI-generated analysis requires successful Copilot authentication.
opspilot init \
--environment kubernetes \
--service payments-api \
--namespace prod \
--latency-ms 250 \
--error-rate-percent 1.5Creates:
.incidentrc.json.incident/
opspilot analyze examples/sample-incident.logOpsPilot sends a structured prompt to Copilot and asks for:
- Summary
- Likely root causes
- Risk assessment
- Suggested diagnostic commands
- Immediate containment guidance
It saves the output to .incident/analysis.md.
opspilot suggestOpsPilot reads recent ~/.bash_history and ~/.zsh_history, asks Copilot what to check next, then classifies extracted command lines as:
SAFE(green)CAUTION(yellow)DANGEROUS(red)
It never executes commands automatically.
opspilot timeline --log examples/sample-incident.logSources combined:
- Shell history timestamps (if available)
- Git commits (if repo)
- Log timestamps
Writes .incident/timeline.md with sections:
- Detection
- Investigation
- Mitigation
- Resolution
opspilot postmortemUses timeline + analysis + incident config to draft .incident/postmortem.md.
opspilot init --environment kubernetes --service payments-api --namespace prod
opspilot analyze examples/sample-incident.log
opspilot suggest
opspilot timeline --log examples/sample-incident.log
opspilot postmortemArtifacts generated in .incident/:
analysis.mdsuggestions.mdtimeline.mdpostmortem.md
If running directly from source instead of global install, replace opspilot with node bin/opspilot.js.
OpsPilot is intentionally designed around Copilot CLI orchestration rather than static rule-based output.
src/copilot/ask.js:runCopilotAsk(prompt)src/copilot/suggest.js:runCopilotSuggest(prompt)src/commands/analyze.js: log triage reasoningsrc/commands/suggest.js: diagnostic command recommendationssrc/commands/postmortem.js: structured postmortem drafting
You are a senior SRE and incident commander.
Analyze the following production incident log and respond in STRICT Markdown.
Required sections:
1. Incident Summary
2. Likely Root Causes (ranked)
3. Risk Assessment
4. Suggested Next Diagnostic Commands
5. Immediate Containment Guidance
Before OpsPilot
- Manual log scanning
- Ad hoc shell command guesses
- Timeline assembled from memory
- Postmortem starts from a blank page
After OpsPilot
- Structured AI-assisted analysis from logs
- Safety-labeled command suggestions
- Timeline auto-assembled from objective sources
- Postmortem draft created from incident artifacts
- Speeds up high-pressure incident response loops
- Improves consistency and traceability
- Keeps humans in control while leveraging Copilot for reasoning
OpsPilot is recommendation-only.
- No suggested command is auto-executed
- Dangerous patterns are flagged (
rm -rf,kubectl delete,terraform destroy,drop database, etc.) - Errors, timeouts, and missing Copilot CLI installation are handled explicitly
- Reading incident log...
✔ Log loaded.
- Asking GitHub Copilot CLI for incident analysis...
✔ Analysis received from Copilot CLI.
Incident Analysis
------------------------------------------------------------
## Incident Summary
...
## Likely Root Causes (ranked)
1. ...
2. ...
[OK] Saved analysis to /path/to/repo/.incident/analysis.md
- Reading shell history...
✔ Loaded 250 history entries.
- Asking GitHub Copilot CLI for command suggestions...
✔ Suggestions received from Copilot CLI.
Copilot Suggestions
------------------------------------------------------------
## Recommended Checks
- `kubectl get pods -n prod`
- `kubectl logs deploy/payments-api -n prod --tail=200`
Safety Classification
------------------------------------------------------------
[SAFE] kubectl get pods -n prod
[SAFE] kubectl logs deploy/payments-api -n prod --tail=200
[INFO] OpsPilot only recommends commands. It never executes them.
- Building incident timeline...
✔ Timeline generated.
[OK] Saved timeline to /path/to/repo/.incident/timeline.md
[INFO] Events included: 120
- Loading incident context...
✔ Postmortem generated.
[OK] Saved postmortem to /path/to/repo/.incident/postmortem.md
OpsPilot was built to demonstrate practical, meaningful use of GitHub Copilot CLI for real SRE workflows in terminal-first environments.
This repository includes two GitHub Actions workflows:
- PR Build (
.github/workflows/pr-build.yml): runs on pull requests and validates install, checks, and npm packaging. - Release (
.github/workflows/release.yml): manually triggered workflow that:- bumps version (
patch/minor/major) - builds release notes from commits since the previous Git tag
- creates and pushes a tag
- creates a GitHub Release
- bumps version (
Additional GitHub security automation:
- Security (
.github/workflows/security.yml):- dependency review on pull requests
npm auditon PRs, pushes tomain, and weekly schedule
- Dependabot (
.github/dependabot.yml):- weekly npm dependency update PRs
- weekly GitHub Actions update PRs
- Security Policy (
SECURITY.md): reporting and disclosure guidance
MIT