AgentOps · local-first · audited actions

Tendwell

Name: Tendwell
Author: ReOps Tech

A self-hostable agent that monitors production health, retrieves the relevant runbooks and history, and explains what it finds - in plain language. Local-first by default: your data never leaves your infrastructure.

View on GitHub Five-minute eval

tendwell - on-demand health analysis local-first · no egress

What Tendwell does

Four pluggable layers behind stable interfaces - data sources, LLM backend, knowledge store, and the action surface - so you swap any part without touching the core.

Local-first by default

The default configuration sends nothing off-host - including the LLM and embeddings. Point a backend at a remote address and Tendwell warns you explicitly at startup. No egress unless you opt in.

Any OpenAI-compatible LLM

One client targets a configurable base_url: Ollama, vLLM, llama.cpp, LocalAI, or a LiteLLM proxy. Weak at native tool calls? A prompt-based ReAct fallback keeps it working.

Pluggable data sources

Prometheus, Loki, and a generic HTTP/JSON adapter today, normalized into one result shape. A failing source degrades an SLO to unknown - it never crashes the run.

Knowledge-grounded findings

Runbooks and postmortems are embedded locally and retrieved by relevance. Citations come only from retrieved chunks, so the model cannot invent a source.

Human-gated actions

The model can only propose. Deterministic validation and a human approval gate sit between a proposal and any execution. Partial failure is first-class; dry-run plans without touching anything.

Tamper-evident audit

Every step in an action's life is an append-only, hash-chained event. A removed or altered entry is detectable. Audit cannot be disabled - it is the evidence a regulated buyer needs.

The security model is the product

For teams in security-conscious and regulated environments, the separation between proposing and executing is not a footnote - it is the reason Tendwell is trustworthy near production.

01 Propose The LLM emits a structured proposal. It records intent and executes nothing.

02 Validate Deterministic checks - allowlist, schema, scope, rate limit - before a human is ever paged.

03 Approve A human approves out-of-band, with identity and time captured. The model has no path to approve.

04 Execute A separate, non-LLM executor acts per target, with write-scoped credentials held only for the run.

Read-only out of the box, and the open core ships no real executor: mutation is opt-in and bring-your-own. With no action surface configured, the agent is structurally unable to change anything - that property is enforced, not promised.

See it work in minutes

The demo stack runs against a synthetic source with zero real infrastructure, so you get a real health report on the first run.

git clone https://github.com/bmoldo/tendwell
cd tendwell
docker compose up        # instant tier: synthetic source, no model download

A second compose profile adds a small local model for genuine model-driven output. The one-time model pull is a few hundred MB - honest about the cost.

Built for high-stakes environments

Self-hosted, security-conscious, and regulated teams who need agentic operations they can actually trust - and audit.

Tendwell is free and Apache-2.0. If you want it run - or governed AI operations designed - in your environment, that is what ReOps Tech does.

Talk to us Read the docs on GitHub