grep -r "ERROR" /var/log
panic: runtime error
502 Bad Gateway
ConnectionTimeout
Open Source · MIT License · v1.0

Diagnose incidents.
Not symptoms.

One CLI command correlates your logs with your deploys, powered by AI. Root cause in 30 seconds, not 30 minutes.

$ pip install autopsy-cli copy
View on GitHub →

Used by SREs at 50+ startups. Zero config. Zero vendor lock-in.

~/projects/api — autopsy diagnose
autopsy diagnose
✔ Config loaded (2 log groups, 5 deploys)
⏳ Pulling logs from CloudWatch... done
⏳ Pulling deploys from GitHub... done
⏳ Analyzing with Claude Sonnet... done
ROOT CAUSE 87%
Database connection pool exhaustion — N+1 query in user activity feed
Commit a3f7c2e by @sarah · PR #482 "Add user activity feed"
Category: code_change
SUGGESTED FIX
NOW → Revert a3f7c2e or set pool_size=50 in db config
LATER → Add eager loading for user.activities relation
How It Works
Three steps. Thirty seconds.
No agents. No dashboards. No vendor onboarding. Just pip install and one command.
01

Collect

Pulls error logs from CloudWatch and recent deploys from GitHub. Uses your own credentials — nothing leaves your machine.

boto3 + PyGitHub
02

Correlate

Feeds logs + diffs into an LLM with a purpose-built diagnostic prompt. Automatically maps errors to code changes.

Claude API
03

Diagnose

Outputs root cause, causal commit, confidence score, and a suggested fix — right in your terminal. Paste into Slack.

Rich output
Zero Trust Security
Your logs never
touch our servers.
No data ingestion. No security review. The CLI runs on your machine with your credentials.
Your TerminalCloudWatch
Your IAM credentials
Your TerminalGitHub API
Your Personal Access Token
Your TerminalClaude API
Your API key
AUTOPSY Servers Never contacted

  • 100% local execution

    No background services, no phone-home, no telemetry by default. A pure CLI process.

  • Credentials never leave env

    Config stores env variable names, not values. Works with aws-vault, 1Password, direnv.

  • Fully auditable codebase

    Open source, MIT license. Grep it — only three outbound domains exist in the code.

  • Local LLM support planned

    Ollama integration on the roadmap for air-gapped and high-security environments.

Why AUTOPSY
Built for the 3am incident.
Enterprise platforms take months. We take 30 seconds.
Capability Enterprise Tools Incident Platforms AUTOPSY ●
Time to value Weeks to months Days to weeks 30 seconds
Root cause diagnosis Manual / basic AI Not their focus AI-powered, automated
Setup required Agent deploy + config Org-wide onboarding pip install + 1 config
Data residency Vendor cloud Vendor cloud Your machine only
Pricing $23+/host/month $20+/user/month Free forever (CLI)
Security review Required Required Not needed
Incident Autopsy· Production Diagnosis· Deploy Correlation· Zero Trust· Open Source· 30 Second Root Cause· Claude Powered· Incident Autopsy· Production Diagnosis· Deploy Correlation· Zero Trust· Open Source· 30 Second Root Cause· Claude Powered
Pricing
Free for you.
Built for your team.
The CLI is free forever. AUTOPSY Cloud for teams is coming soon.
CLI — Open Source
$0 forever

Everything you need to diagnose solo.

  • AI-powered root cause analysis
  • CloudWatch + GitHub integration
  • JSON output for CI/CD piping
  • Zero-trust architecture
  • Community Discord support
pip install autopsy
Coming Soon
Cloud — For Teams
Coming Soon

Turn incidents into institutional knowledge. Team features launching soon.

  • Everything in CLI, plus:
  • Persistent incident history
  • Team dashboard + MTTR tracking
  • AI-generated post-mortems
  • Slack integration
Join the Waitlist

Your next incident is
30 seconds away
from a root cause.

Stop grepping logs at 3am. Let AI correlate — you decide.

$ pip install autopsy-cli copy