Ansible · Terraform · OpenTofu · Bash · PowerShell · Python · Go

Run everything.
Watch every host.
Prove every change.

Your whole automation stack in one Go binary. Every run painted live, host by task. Every change hash-chained and verifiable offline, every risky run held for sign-off. Nothing to stand up, no cluster to babysit.

Open source · BSL 1.1 · Go SDK with drop-in plugins · migrate from AWX or Semaphore in one command

railwarden · fleet
A Railwarden run painted live as a host-by-task matrix, one cell per host and task, with the failed host highlighted

Why "Railwarden"? A railwarden runs a rail yard: which engine takes which track, what couples into the next train out, what waits on a siding. The same job, for your fleet.

1binary to deploy
0Kubernetes required
7tools, one engine
tamper-evident audit

Baked in, not bolted on.

Every feature below ships in the binary you already deployed. No assembly required, no operator to install, no enterprise tier holding the good parts hostage. If it is on this page, it is in the box.

Live host-by-task matrix

Read a run like a dashboard, not a scrollback. Every host and task, painted live over Server-Sent Events, with per-task drill-down.

Multi-tool engine

Ansible, Terraform, OpenTofu, Bash, PowerShell, Python, and Go, each with a dry run. One engine, one UI, one audit trail. And your own tool plugs in as a Go binary.

Balanced splits

Shard a big job across hosts, balanced by each host's measured duration. Retry only the shards that failed, not the whole run.

Fleet memory

Flaky hosts flagged, durations trended, every host's history kept across runs. AWX and Semaphore forget the moment a run ends.

Visual workflow editor

Drag steps from all seven tools into one graph. Fan out, fan in, retry any step, run the whole pipeline. No YAML by hand.

Drift detection

A dry run shows exactly what changed since the last apply, host by host, before you touch a thing. Reconcile on your terms.

Provable audit

Every change is linked into a tamper-evident SHA-256 hash chain. Export a signed copy and verify it offline, without trusting the server.

Secrets that can't escape

Sealed at rest, sourced live from Vault or Google Secret Manager, and masked out of run logs. A tool that prints a secret shows ***.

Enforced approvals

Hold risky runs for sign-off, gated by policy on tool, command, or target. Operators request, admins release. No skipping the gate.

Roles and teams

Global roles, per-object grants, and teams in the open source core. Semaphore paywalls its RBAC. Railwarden does not.

Optional advisory AI

Off by default. Switch it on to triage a failure, answer a fleet question, or draft a run from a sentence. It proposes, never executes. Bring your own model: local Ollama, Claude, or any OpenAI-compatible API.

One-command migration

Import your AWX or Semaphore projects, inventories, templates, surveys, and schedules with a single command. Leave anytime, too.

See it in action

A run painted live as a host-by-task matrix, not a wall of scrollback. The colors speak Ansible: green means ok, amber means the task changed the host, red means failed, grey means skipped.

railwarden · run

Design pipelines by dragging, not by YAML

Wire Ansible, Terraform, OpenTofu, Bash, PowerShell, Python, and Go steps into a graph, plus any tool you plug in. Fan out, fan in, and run the whole thing as one pipeline with per-step retries. AWX's signature feature, without the Kubernetes bill.

railwarden · workflow editor
The moat

Governance neither AWX
nor Semaphore has

Multi-tool execution is table stakes now. What sets Railwarden apart sits above execution, on the control plane that makes automation provable and governed.

  • Tamper-evident, signed audit. Alter one entry and the chain breaks. Prove the trail is intact, offline.
  • Change control by policy. A prod terraform destroy holds for an admin's sign-off, automatically.
  • Secrets masked, sourced, sealed. They never land in a log and never live in Railwarden if you don't want them to.
Optional layer · off by default

None of this needs AI.
Add it for an edge.

Everything above runs with no model anywhere near it: the live matrix, the balanced splits, the governance, the audit chain. Advisory AI is a layer you add, never a dependency. Switch it on and it proposes a diagnosis for a failed run, answers a plain-English question about your fleet, or drafts a run from a single sentence. That is all it does. AI proposes, the control plane governs: every draft waits at the same approval gate you do, off by default, never in the execution path. Bring your own model: Ollama on your hardware, Claude with your Anthropic key, or any OpenAI-compatible endpoint. Secrets are masked before a model sees a byte.

railwarden · AI triage
A failed run with the AI triage panel isolating db01's apply step as the root cause and suggesting next steps
railwarden · ask your fleet
The overview page answering a plain-language question about which hosts are failing and where to start
Extensibility · SDK + drop-in plugins

Seven tools in the box.
Add more in Go.

Ansible, Terraform, OpenTofu, Bash, PowerShell, Python, and Go all run out of the box, no plugins required. When you need an eighth tool, a custom secret backend, a new AI provider, or your own notification channel, you write it in Go against a stable SDK. Compile it into the binary, or build it once and drop it into --plugins-dir, where a stock release loads it at startup over gRPC with mutual TLS and treats it as its own. A plugged-in tool submits, validates, and audits like a built-in. A plugged-in channel gets every terminal run with secret-carrying vars already redacted. The SDK guide walks both paths, and the official railwarden-plugins repo ships a real one: Discord, ntfy, and Teams from a single drop-in binary.

// build once, drop into --plugins-dir, no recompile of railwarden
import "github.com/dcadolph/railwarden/sdk/plugin"

func main() {
	plugin.Serve(&plugin.Extension{
		Tools:     map[string]sdk.ToolRunner{"packer": sdk.ToolRunnerFunc(runPacker)},
		Notifiers: map[string]sdk.Notifier{"pagerduty": sdk.NotifierFunc(page)},
	})
}

The honest side-by-side

Where Railwarden pulls ahead, with the places it is still young stated plainly in the comparison doc. The deep dives are Railwarden as an AWX alternative and as a Semaphore alternative, and how runs execute under load covers the engine underneath.

CapabilityRailwardenAWXSemaphore
Deploy without Kubernetes
Live host-by-task matrix
Ansible · Terraform · OpenTofu · Bash · PowerShell · Python · GoAnsible onlyno Python, PowerShell, or Go
Duration-balanced job splittinground-robin
Fleet memory: flaky hosts, trends
Tamper-evident, signed audit
Secret values auto-masked in logsopt-in
Enforced approval policiesbasic
One-command migration in
Drift detection from a dry run
Drag-and-drop workflow editor
Advisory AI: triage, fleet answers, drafted runs
Drop-in Go plugins: tools, secrets, AI, notifiers
Instance groups: pin work to worker pools
Active-active HA on PostgreSQLvia Kubernetes

Running in seconds

One binary, one SQLite file. No control plane to stand up first.

# install (or grab a release binary)
go install github.com/dcadolph/railwarden@latest

# serve: SQLite by default, PostgreSQL optional
railwarden serve --addr :8080 --db yard.db

# open the UI
open http://localhost:8080/ui/

Put AWX and Semaphore to bed.

Structured runs, balanced splits, a fleet that remembers, and a control plane that proves itself, from one binary.