DEV Community

Bill
Bill

Posted on

Introducing Uatu - An AI-Powered System Troubleshooting

#showdev #ai #sysadmin #devops

Uatu is an AI agent that troubleshoots your servers using Claude. It connects symptoms across CPU, memory, network, and disk to find root causes.

Uatu demo

Two Modes

Interactive Chat 

$ uatu
You: why is my server slow?
Enter fullscreen mode Exit fullscreen mode

Uatu investigates: checks load average, finds high CPU processes, analyzes memory pressure, looks for I/O bottlenecks.

Pipe Logs 

$ journalctl -u myservice | uatu "why did this crash?"
Enter fullscreen mode Exit fullscreen mode

Uatu analyzes the logs and correlates with system state.

Security First

Commands require approval before execution:

⚠ Bash Command Approval Required
Risk Level: Standard

  du -sh /var/log/* | sort -rh | head -10

  ○ Allow once
  → Always allow 'du'
  ○ Deny
Enter fullscreen mode Exit fullscreen mode
  • Approval prompts with risk categories
  • Allowlist for auto-approving safe commands
  • Audit log tracks all security decisions
  • Read-only mode uses MCP tools only (no bash)

Dangerous patterns (credential access, destructive operations) get explicit warnings.

How It Works

Built on the Claude Agent SDK:

  • MCP tools for system monitoring (processes, ports, system info)
  • Bash execution with granular approval controls
  • Specialized subagents for CPU/memory, network, and I/O diagnostics
  • Background execution for slow filesystem scans

All tools are sandboxed. Network access is disabled by default.

Install 

pipx install uatu
echo "ANTHROPIC_API_KEY=your_key" > .env
uatu
Enter fullscreen mode Exit fullscreen mode

Or pipe stdin:

cat app.log | uatu "find errors"
Enter fullscreen mode Exit fullscreen mode

Examples

High CPU:

You: what's using CPU?
Uatu: I observe process 'node' (PID 1234) consuming 94% CPU...
Enter fullscreen mode Exit fullscreen mode

Disk Full:

You: why is disk full?
Uatu: The Watcher reveals /var/log/app.log has grown to 45GB...
Enter fullscreen mode Exit fullscreen mode

Network Issues:

You: check port 8080
Uatu: I observe port 8080 is bound by nginx (PID 5678)...
Enter fullscreen mode Exit fullscreen mode

Configuration 

UATU_READ_ONLY=true          # MCP tools only, no bash
UATU_REQUIRE_APPROVAL=true   # Prompt before bash execution
UATU_ALLOW_NETWORK=false     # Disable WebFetch/WebSearch
UATU_ENABLE_SUBAGENTS=true   # Specialized diagnostic agents
Enter fullscreen mode Exit fullscreen mode

Why?

System troubleshooting requires correlating multiple signals. Uatu:

  • Connects high load + low CPU → I/O bottleneck
  • Links many CLOSE_WAIT sockets → connection leak
  • Spots zombie processes → parent process crash

Instead of running 10 commands and piecing it together, ask one question.

GitHub: https://github.com/fractalops/uatu
License: MIT
Requires: Python 3.10+, Anthropic API key

Top comments (0)