Skip to main content

Overview

IncidentFox provides 300+ built-in tools across 20+ categories. These tools enable agents to interact with your infrastructure, observability stack, databases, and collaboration platforms.

Tool Categories

CategoryToolsDescription
Kubernetes9Pod logs, deployments, events, resource usage
AWS8+EC2, Lambda, RDS, ECS, CloudWatch
Docker15Container logs, stats, exec, events, inspect
Observability15+Grafana, Datadog, Prometheus, Coralogix, New Relic
Log Analysis7Statistics, sampling, pattern search, anomaly detection
Anomaly Detection8Z-score, Prophet, correlation, change points
GitHub16Code search, PRs, issues, Actions, commits
Git12Diff, log, blame, branches, tags
Database70+MySQL, PostgreSQL, Snowflake, BigQuery
PagerDuty12Incidents, escalations, MTTR
Sentry4Issues, project stats, releases
Slack5Search, channel history, post messages
Custom MCPUnlimitedAdd your own tools via MCP (100+ compatible servers)

Tool Distribution by Runtime

IncidentFox uses dual agent runtimes, each with access to different tool sets:

OpenAI SDK Agent (Production Automation)

AgentToolsPurpose
PlannerOrchestrationCoordinates specialists, creates investigation plans
K8s Agent9Kubernetes troubleshooting
AWS Agent8+AWS resource debugging
Metrics Agent22+Anomaly detection, correlation, forecasting
Coding Agent15+Code analysis, CI/CD
Investigation Agent300+All tools (dynamic loading)

Claude SDK SRE Agent (Interactive Debugging)

FeatureDescription
K8s SandboxIsolated Kubernetes environment with gVisor
All ToolsFull access to 300+ tools
InteractiveSupports interrupt/resume during investigations
StreamingReal-time response streaming

How Tools Work

Tool Loading

Tools are loaded dynamically based on:
  1. Integration Installed - Is the package available?
  2. Credentials Configured - Are API keys set?
  3. Team Settings - Is the tool enabled?
Example log output: 
slack_tools_loaded: count=4
github_tools_loaded: count=16
kubernetes_tools_loaded: count=9
aws_tools_loaded: count=8

Configuring Tools

Enable/Disable

{
  "tools": {
    "kubernetes": {
      "enabled": true
    },
    "docker_exec": {
      "enabled": false
    }
  }
}

Per-Agent Configuration

{
  "agents": {
    "investigation_agent": {
      "disable_default_tools": ["shell", "docker_exec"],
      "enable_extra_tools": ["custom_runbook_search"]
    }
  }
}

Tool Metrics

All tools track:
  • tool_calls_total{tool_name, status} - Call count
  • tool_duration_seconds{tool_name} - Execution time
View in Prometheus or the Web UI under Agent Runs.

Common Tools

Most Used for Investigations

ToolCategoryDescription
get_pod_logsKubernetesFetch container logs
get_cloudwatch_logsAWSQuery CloudWatch logs
search_logsLog AnalysisUniversal log search across backends
query_prometheusObservabilityQuery Grafana/Prometheus
detect_anomaliesAnomaly DetectionFind unusual patterns in metrics
search_github_codeGitHubSearch across repos

Most Used for CI/CD

ToolCategoryDescription
get_github_actions_logsGitHubCI build logs
describe_codepipelineAWSPipeline status
read_github_fileGitHubRead code files
git_diffGitShow changes
correlate_with_deploymentGitLink issues to recent deploys

Most Used for Log Analysis

ToolCategoryDescription
log_get_statisticsLog AnalysisGet log volume and error rate stats
log_sampleLog AnalysisSample logs for pattern discovery
log_search_patternLog AnalysisRegex pattern search
log_around_timestampLog AnalysisGet context around an event
log_extract_signaturesLog AnalysisIdentify recurring error patterns

Most Used for Anomaly Detection

ToolCategoryDescription
detect_anomaliesAnomaly DetectionZ-score statistical detection
prophet_detect_anomaliesAnomaly DetectionSeasonal anomaly detection
find_change_pointAnomaly DetectionIdentify when issues started
correlate_metricsAnomaly DetectionFind relationships between metrics
forecast_metricAnomaly DetectionCapacity planning forecasts

Next Steps

Kubernetes Tools

K8s troubleshooting tools

AWS Tools

AWS infrastructure tools

Observability Tools

Metrics and logging tools

Custom MCP Tools

Add your own tools