Live host-by-task matrix
Read a run like a dashboard, not a scrollback. Every host and task, painted live over Server-Sent Events, with per-task drill-down.
Your whole automation stack in one Go binary. Every run painted live, host by task. Every change hash-chained and verifiable offline, every risky run held for sign-off. Nothing to stand up, no cluster to babysit.
Open source · BSL 1.1 · Go SDK with drop-in plugins · migrate from AWX or Semaphore in one command
Every feature below ships in the binary you already deployed. No assembly required, no operator to install, no enterprise tier holding the good parts hostage. If it is on this page, it is in the box.
Read a run like a dashboard, not a scrollback. Every host and task, painted live over Server-Sent Events, with per-task drill-down.
Ansible, Terraform, OpenTofu, Bash, PowerShell, Python, and Go, each with a dry run. One engine, one UI, one audit trail. And your own tool plugs in as a Go binary.
Shard a big job across hosts, balanced by each host's measured duration. Retry only the shards that failed, not the whole run.
Flaky hosts flagged, durations trended, every host's history kept across runs. AWX and Semaphore forget the moment a run ends.
Drag steps from all seven tools into one graph. Fan out, fan in, retry any step, run the whole pipeline. No YAML by hand.
A dry run shows exactly what changed since the last apply, host by host, before you touch a thing. Reconcile on your terms.
Every change is linked into a tamper-evident SHA-256 hash chain. Export a signed copy and verify it offline, without trusting the server.
Sealed at rest, sourced live from Vault or Google Secret Manager, and masked out of run logs. A tool that prints a secret shows ***.
Hold risky runs for sign-off, gated by policy on tool, command, or target. Operators request, admins release. No skipping the gate.
Global roles, per-object grants, and teams in the open source core. Semaphore paywalls its RBAC. Railwarden does not.
Off by default. Switch it on to triage a failure, answer a fleet question, or draft a run from a sentence. It proposes, never executes. Bring your own model: local Ollama, Claude, or any OpenAI-compatible API.
Import your AWX or Semaphore projects, inventories, templates, surveys, and schedules with a single command. Leave anytime, too.
A run painted live as a host-by-task matrix, not a wall of scrollback. The colors speak Ansible: green means ok, amber means the task changed the host, red means failed, grey means skipped.
Wire Ansible, Terraform, OpenTofu, Bash, PowerShell, Python, and Go steps into a graph, plus any tool you plug in. Fan out, fan in, and run the whole thing as one pipeline with per-step retries. AWX's signature feature, without the Kubernetes bill.
Multi-tool execution is table stakes now. What sets Railwarden apart sits above execution, on the control plane that makes automation provable and governed.
terraform destroy holds for an admin's sign-off, automatically.Everything above runs with no model anywhere near it: the live matrix, the balanced splits, the governance, the audit chain. Advisory AI is a layer you add, never a dependency. Switch it on and it proposes a diagnosis for a failed run, answers a plain-English question about your fleet, or drafts a run from a single sentence. That is all it does. AI proposes, the control plane governs: every draft waits at the same approval gate you do, off by default, never in the execution path. Bring your own model: Ollama on your hardware, Claude with your Anthropic key, or any OpenAI-compatible endpoint. Secrets are masked before a model sees a byte.
Ansible, Terraform, OpenTofu, Bash, PowerShell, Python, and Go all run out of the box, no plugins required. When you need an eighth tool, a custom secret backend, a new AI provider, or your own notification channel, you write it in Go against a stable SDK. Compile it into the binary, or build it once and drop it into --plugins-dir, where a stock release loads it at startup over gRPC with mutual TLS and treats it as its own. A plugged-in tool submits, validates, and audits like a built-in. A plugged-in channel gets every terminal run with secret-carrying vars already redacted. The SDK guide walks both paths, and the official railwarden-plugins repo ships a real one: Discord, ntfy, and Teams from a single drop-in binary.
// build once, drop into --plugins-dir, no recompile of railwarden
import "github.com/dcadolph/railwarden/sdk/plugin"
func main() {
plugin.Serve(&plugin.Extension{
Tools: map[string]sdk.ToolRunner{"packer": sdk.ToolRunnerFunc(runPacker)},
Notifiers: map[string]sdk.Notifier{"pagerduty": sdk.NotifierFunc(page)},
})
}
Where Railwarden pulls ahead, with the places it is still young stated plainly in the comparison doc. The deep dives are Railwarden as an AWX alternative and as a Semaphore alternative, and how runs execute under load covers the engine underneath.
| Capability | Railwarden | AWX | Semaphore |
|---|---|---|---|
| Deploy without Kubernetes | |||
| Live host-by-task matrix | |||
| Ansible · Terraform · OpenTofu · Bash · PowerShell · Python · Go | Ansible only | no Python, PowerShell, or Go | |
| Duration-balanced job splitting | round-robin | ||
| Fleet memory: flaky hosts, trends | |||
| Tamper-evident, signed audit | |||
| Secret values auto-masked in logs | opt-in | ||
| Enforced approval policies | basic | ||
| One-command migration in | |||
| Drift detection from a dry run | |||
| Drag-and-drop workflow editor | |||
| Advisory AI: triage, fleet answers, drafted runs | |||
| Drop-in Go plugins: tools, secrets, AI, notifiers | |||
| Instance groups: pin work to worker pools | |||
| Active-active HA on PostgreSQL | via Kubernetes |
One binary, one SQLite file. No control plane to stand up first.
# install (or grab a release binary)
go install github.com/dcadolph/railwarden@latest
# serve: SQLite by default, PostgreSQL optional
railwarden serve --addr :8080 --db yard.db
# open the UI
open http://localhost:8080/ui/
Structured runs, balanced splits, a fleet that remembers, and a control plane that proves itself, from one binary.