Sherlock Documentation

Sherlock is an AI-powered incident response co-pilot that resolves production incidents from alert to pull request in under 3 minutes. Powered by IBM Bob for deep codebase reasoning.

~25s

Average resolution time

Specialized AI agents

Surfaces: CLI, Web, CI/CD

Getting Started

1Create your account

Sign up at the Sherlock dashboard. After registration, you'll have access to the web interface and can generate API keys for the CLI.

2Generate an API key

Navigate to Settings → API Keys in the dashboard and create a new key. You'll need this to authenticate the CLI and any CI/CD integrations.

3Install the CLI (optional)

For terminal-based workflows, install the Sherlock CLI globally:

bash

npm install -g sherlockibm-cli

Requires Node.js 18 or higher.

4Authenticate the CLI

bash

sherlock-cli auth login

Web login: https://sherlock-ai.up.railway.app/api/auth/google/login
Enter API key: sk_sherlock_********

OK Authentication complete

sherlock-cli

Using the Web Dashboard

1Submit an incident

From the main dashboard, paste your stack trace, error log, or alert payload into the investigation input. The more context you provide, the more accurate the diagnosis.

2Connect your repository

Provide your repository URL (e.g., GitHub). Sherlock uses this to understand your codebase architecture, analyze git history, and generate accurate fixes.

3Watch the agents work

Sherlock runs a 5-agent pipeline in real-time. You can watch each agent's progress live on the dashboard:

Triage — classifies severity and affected service
Forensics — identifies suspect commits and files
Analyst — determines root cause with evidence
Fix — generates a code patch and regression test
Postmortem — writes the incident report

4Review results

Once complete, review the root cause analysis, apply the suggested fix, and share the auto-generated postmortem with your team.

CLI Reference

The Sherlock CLI provides an interactive shell for terminal-based incident response. Launch it by running sherlock-cli.

bash

$ sherlock-cli

Sherlock Incident Response Shell
Powered by IBM Bob repository intelligence

Connected to Sherlock Cloud
Workspace      production
Authenticated  yes

sherlock ›

Slash commands

Command	Description
`/resolve <file>`	Run the full 5-agent pipeline on an alert file
`/status [id]`	List incidents or show detail for one
`/fix [id]`	View the generated patch and regression test
`/postmortem [id]`	View the incident report
`/open [id]`	Open the incident at https://sherlockai-ibm.vercel.app/incidents/[id]
`/history`	Show recent incidents from this session
`/auth login`	Open web login, create an API key, and save it locally
`/help`	Show all available commands
`/exit`	Leave the shell

💡 Tip: After resolving an incident, the prompt becomes sherlock(inc-xxxxx) › — all follow-up commands automatically use that incident ID.

CI/CD integration

Use one-shot commands directly in your pipelines:

bash

sherlock-cli resolve crash.log --repo https://github.com/org/service
sherlock-cli fix inc-a1b2c3d4 --output fix.patch
sherlock-cli postmortem inc-a1b2c3d4 --output incident.md

Configuration

The CLI stores configuration in ~/.sherlock/config.json. You can also use environment variables:

Variable	Purpose
`SHERLOCK_API_KEY`	Your API key (from Settings → API Keys)
`SHERLOCK_API_URL`	API endpoint (defaults to Sherlock cloud)
`SHERLOCK_WORKSPACE`	Workspace name shown in the shell header

How It Works

When you submit an incident, Sherlock orchestrates a multi-agent pipeline. Each agent is specialized for a single task — no single massive prompt, just focused, high-accuracy steps.

text

Alert Submitted
   │
   ├─► [Triage]        Classify severity & route
   │
   ├─► [Forensics]     Analyze git history & suspect commits
   │
   ├─► [Analyst] ⭐    IBM Bob deep code reasoning
   │
   ├─► [Fix] ⭐        Generate patch + regression test
   │
   └─► [Postmortem]    Write incident report

The Analyst and Fix agents use IBM Bob for full-repository reasoning — understanding your architecture, dependency graph, and code patterns to produce accurate root cause analysis and working fixes.

AI Agents

Triage Agent

Classifies severity, error type, and affected service. Filters noise from critical P0/P1 incidents so your team only gets paged when it matters.

Forensics Agent

Cross-references stack traces with git history, recent commits, and file changes to identify the exact commit that introduced the bug.

Bob Analyst Engine ⭐

IBM Bob

Uses IBM Bob to reason over your full repository. Produces a root cause hypothesis with supporting evidence and confidence score.

Bob Fix Generator ⭐

IBM Bob

Generates unified-diff patches and regression tests. Creates PR-ready code fixes that you can review and merge immediately.

Postmortem Agent

Aggregates all findings into a publishable incident report with timeline, root cause, fix summary, and prevention recommendations — ready to share with stakeholders.

FAQ

Do I need to install anything in my repository?

No. Sherlock accesses your repository via URL and reads code dynamically. No agents, webhooks, or plugins need to be installed on your servers.

What languages are supported?

TypeScript, JavaScript, Python, Go, and Java for deep code analysis and automated fix generation. The forensics agent works with any git repository regardless of language.

Is my code secure?

Yes. Source files are fetched ephemerally into memory during analysis and discarded immediately after. We do not store your proprietary code.

Can I use Sherlock in CI/CD pipelines?

Yes. The CLI supports one-shot commands (sherlock-cli resolve, sherlock-cli fix --output) designed for automation. Set SHERLOCK_API_KEY as an environment variable in your pipeline.

Do I need the CLI to use Sherlock?

No. The web dashboard provides the full experience — submit alerts, watch agents work in real-time, review fixes, and download postmortems. The CLI is an optional power-user tool for terminal workflows.