KernelIQ is an AI-powered Linux diagnosis agent that explains why your system is slow, unstable, or behaving strangely — with evidence, confidence scores, and actionable fixes.
$ curl -fsSL https://raw.githubusercontent.com/abhinayshrestha/kernelIQ/main/scripts/bootstrap.sh | bashkerneliq> what is wrong with my system
Investigating...
Running: uptime
Running: ps aux --sort=-%cpu | head -10
Running: free -h
Running: vmstat 1 5
Querying system telemetry...
Observation
Your system is experiencing extremely high CPU usage due to three
stress processes running at 100% CPU each, causing sustained load
pressure. Memory and disk I/O are not under pressure.
Evidence
- Load average is elevated
- Three stress processes are each consuming ~100% CPU
- Overall CPU usage is saturated
- Memory remains available
- No meaningful disk wait is present
Action
Terminate the stress processes to restore normal CPU availability.
Confidence: 99%
Command: kill 1826 1827 1828
Proceed? [y/N]: yMost observability tools show metrics. KernelIQ answers questions.
A daemon collects CPU, memory, disk, network, process, and service metrics every 60 seconds into a local SQLite database.
Ask questions in plain English. KernelIQ investigates across logs, processes, and telemetry and returns a structured result.
Read-only commands run freely. Destructive actions like kill or systemctl restart require explicit user confirmation.
Every diagnosis follows a strict format: Observation, Evidence with specific data, Action, and a Confidence score.
Use Ollama for fully local inference, or connect to OpenAI, Claude, DeepSeek, or Gemini for stronger cloud models.
Automatic detection of CPU sustained load, low memory, disk pressure, OOM kills, failed services, zombie processes, and more.
Watch KernelIQ diagnose a real system issue in real time.
Two components, one investigation loop.
A background systemd service samples CPU, memory, disk, network, processes, and services every 60 seconds and writes them to a local SQLite database.
Open the terminal REPL and ask anything: "Why is my system slow?", "Which process caused the spike?", "Are any services failing?"
The model runs read-only system commands, queries historical telemetry from SQLite, and builds context across up to 10 investigation steps.
You get a clear result: what's happening, the evidence behind it, what to do next, a confidence score, and the exact command to run — with your confirmation required for anything destructive.
The model reasons, but safety enforcement stays deterministic.
ps, free, df, ss, journalctl, iostat
Controlled SELECT statements against local telemetry. DROP, DELETE, UPDATE blocked unconditionally.
kill, systemctl restart, ionice
Open source. Local first. Runs on your machine.