Posted on
Artificial Intelligence

Artificial Intelligence Agent Case Studies

Author
  • User
    linuxbash
    Posts by this author
    Posts by this author

Artificial Intelligence Agent Case Studies for Linux: Bash-First Workflows You Can Reproduce

If you’ve been wondering whether AI “agents” are just hype, here’s the good news: you can build small, reliable agents today that accelerate real admin, SRE, and data-wrangling tasks—using Bash and your terminal. No dashboards. No black boxes. Just scripts you can audit, run locally, and improve.

This post walks through practical case studies you can reproduce in minutes on Linux. You’ll get installation commands for apt, dnf, and zypper, along with drop-in scripts you can adapt. The result: safer, faster, more consistent ops with human-in-the-loop control.

Why agents (still) matter in Bash land

  • Agents shine on repetitive, loosely-structured tasks: triaging logs, summarizing diagnostic output, drafting fixes, and normalizing messy data.

  • The terminal is already your automation nerve center. With a local LLM, Bash becomes a flexible agent orchestrator you can version control and review.

  • Modern local models are fast and private. Pair them with shell tools (jq, whois, curl, journalctl), and you get explainable pipelines instead of “click and pray.”

Below you’ll find four reproducible agent case studies. Each includes:

  • What problem it solves.

  • How to install what you need (apt, dnf, zypper).

  • A Bash script that runs a local model via Ollama.

  • Notes to keep you safe and in control.

Tip: Always review model suggestions. Treat them as drafts or copilots, not ground truth.


Prerequisites

We’ll use:

  • A local model runner: Ollama (runs LLMs locally, CPU or GPU).

  • Common CLI tools: curl, jq, whois, git.

Install core tools:

  • Ubuntu/Debian (apt):

    sudo apt update
    sudo apt install -y curl jq whois git
    
  • Fedora/RHEL/CentOS (dnf):

    sudo dnf install -y curl jq whois git
    
  • openSUSE (zypper):

    sudo zypper refresh
    sudo zypper install -y curl jq whois git
    

Install Ollama (one-liner):

curl -fsSL https://ollama.ai/install.sh | sh

Pull a model (example: Llama 3.1 8B; runs on CPU or GPU):

ollama pull llama3.1:8b

Notes:

  • A CPU will work; a GPU speeds things up. If 8B is heavy for your box, try a smaller model (llama3.2:3b or similar).

  • Ollama runs a background service. If needed:

    # Start or enable service (systemd-based distros)
    sudo systemctl enable --now ollama
    

Case Study 1: Log Triage Agent (SRE helper)

Problem: After an incident, scanning thousands of lines from journalctl is slow and error-prone.

Approach: Collect recent high-priority logs, feed them to a model, and get a concise, actionable triage: likely causes, files/services involved, verification commands, and safe remediations.

Script (log_triage.sh):

#!/usr/bin/env bash
set -euo pipefail

MODEL="${MODEL:-llama3.1:8b}"
SINCE="${SINCE:--2h}"   # e.g., -30m, -4h, yesterday
PRIORITY="${PRIORITY:-err}"  # err, crit, alert, emerg

# Collect recent error logs (tweak to your needs)
LOGS="$(journalctl -p "$PRIORITY" -S "$SINCE" --no-pager 2>/dev/null | tail -n 1000)"

if [[ -z "${LOGS// }" ]]; then
  echo "No logs collected with priority=$PRIORITY since=$SINCE"
  exit 0
fi

PROMPT=$(cat <<'EOF'
You are a Linux SRE agent. Given recent system logs, produce:

- Top 3 plausible root causes (explain why).

- Specific files/services/units implicated.

- 3 shell commands to verify each cause (read-only where possible).

- One safe remediation step per cause.

Respond in concise Markdown with sections:
Causes, Verification, Remediation, and Next Steps.
EOF
)

ollama run "$MODEL" -p "$PROMPT

Recent logs (last 1000 lines):

$LOGS

"

Usage:

chmod +x log_triage.sh
./log_triage.sh
SINCE=-6h PRIORITY=crit ./log_triage.sh

What you get: A short, auditable summary to speed up investigation. You still validate and apply remediations manually.


Case Study 2: CSV Enrichment Agent (domain intelligence)

Problem: You have a CSV of domains and want quick, human-friendly metadata: hosting hints, likely category, and a one-liner description.

Approach: For each domain, pull minimal headers/snippets and WHOIS; ask a local model to produce normalized attributes.

Install tools (if not already):

  • Ubuntu/Debian (apt):

    sudo apt update
    sudo apt install -y curl jq whois
    
  • Fedora/RHEL/CentOS (dnf):

    sudo dnf install -y curl jq whois
    
  • openSUSE (zypper):

    sudo zypper refresh
    sudo zypper install -y curl jq whois
    

Prepare input CSV (domains.csv):

domain
example.com
gnu.org
kernel.org

Script (enrich_domains.sh):

#!/usr/bin/env bash
set -euo pipefail

MODEL="${MODEL:-llama3.1:8b}"
INPUT="${1:-domains.csv}"
OUTPUT="${2:-enriched.jsonl}"

if [[ ! -f "$INPUT" ]]; then
  echo "Input CSV not found: $INPUT"
  exit 1
fi

# Skip header, iterate domains
tail -n +2 "$INPUT" | while IFS=, read -r domain; do
  domain="${domain//[$'\r\n']}"
  [[ -z "$domain" ]] && continue

  echo "Processing $domain..."

  # Lightweight signals
  HEADERS="$(curl -fsSL -D - -o /dev/null --max-time 8 "https://$domain" 2>/dev/null | head -n 20 || true)"
  SNIPPET="$(curl -fsSL --max-time 8 "https://$domain" 2>/dev/null | head -c 800 || true)"
  WHOIS_RAW="$(whois "$domain" 2>/dev/null | head -n 80 || true)"

  PROMPT=$(cat <<'EOF'
You are a data enrichment agent. Given basic headers, HTML snippet, and WHOIS,
return compact JSON with keys:

- domain

- likely_category (e.g., 'open-source project', 'B2B SaaS', 'news', 'personal site', 'ecommerce', 'documentation')

- short_description (<= 140 chars)

- hosting_hint (e.g., 'Cloudflare', 'Akamai', 'self-hosted', 'unknown')

- confidence (0-1)

If evidence is weak, keep confidence low and use 'unknown' where appropriate.
Return JSON only.
EOF
)

  JSON=$(ollama run "$MODEL" -p "$PROMPT

DOMAIN:
$domain

HEADERS:
$HEADERS

HTML_SNIPPET:
$SNIPPET

WHOIS:
$WHOIS_RAW
" || echo '{}')

  # Attach the domain explicitly if the model omitted it
  echo "$JSON" | jq -c --arg d "$domain" '
    if has("domain") then . else . + {domain: $d} end
  ' >> "$OUTPUT"
done

echo "Wrote JSONL to $OUTPUT"

Usage:

chmod +x enrich_domains.sh
./enrich_domains.sh domains.csv enriched.jsonl

What you get: A JSONL file you can load into jq or a database. You remain in charge of thresholds and downstream actions.


Case Study 3: Safer Bash Refactor Agent

Problem: Legacy shell scripts without set -euo pipefail, missing input checks, and no idempotency cause outages.

Approach: Send a script to a local model with precise rules. Get a suggested refactor plus a rationale, then produce a diff you can review.

Script (refactor_bash.sh):

#!/usr/bin/env bash
set -euo pipefail

MODEL="${MODEL:-llama3.1:8b}"
IN="${1:-}"
OUT="${2:-}"

if [[ -z "${IN}" || ! -f "${IN}" ]]; then
  echo "Usage: $0 path/to/script.sh [output_path]"
  exit 1
fi

OUT="${OUT:-${IN%.sh}.refactored.sh}"

GUIDE=$(cat <<'EOF'
Refactor the following Bash script with these rules:

- Add: `set -euo pipefail` and `IFS=$'\n\t'` unless unsafe for loops.

- Validate inputs and environment variables.

- Use strict quoting; avoid word-splitting.

- Prefer `mktemp` for temp files; clean up on EXIT trap.

- Avoid subshells and UUOC where not needed; prefer builtins.

- Make idempotent where possible (e.g., check before creating).

- Keep external behavior same; document changes in comments.

- Output ONLY the improved script (no commentary).
EOF
)

SCRIPT_CONTENT="$(cat "$IN")"

ollama run "$MODEL" -p "$GUIDE

Original script:

$SCRIPT_CONTENT

" > "$OUT"

chmod +x "$OUT"

echo "Wrote refactor to $OUT"
echo "Unified diff:"
command -v diff >/dev/null && diff -u "$IN" "$OUT" || true

Usage:

chmod +x refactor_bash.sh
./refactor_bash.sh my_script.sh

What you get: A drop-in refactor and a diff for code review. You approve and test before rollout.


Case Study 4: Quick Incident Report Agent

Problem: During an incident, you need a crisp status: resource hot spots, noisy services, ports in use, errors, and disk pressure.

Approach: Snapshot key signals, ask the model for a short, structured incident report with hypotheses and suggested next probes.

Script (ir_report.sh):

#!/usr/bin/env bash
set -euo pipefail

MODEL="${MODEL:-llama3.1:8b}"
TOP_N="${TOP_N:-5}"

SNAP_DIR="$(mktemp -d)"
trap 'rm -rf "$SNAP_DIR"' EXIT

collect() {
  local name="$1" cmd="$2"
  echo "=== $name ===" > "$SNAP_DIR/$name.txt"
  bash -c "$cmd" >> "$SNAP_DIR/$name.txt" 2>&1 || true
}

collect "uptime" "uptime"
collect "loadavg" "cat /proc/loadavg"
collect "cpu" "mpstat 1 1 || top -b -n1 | head -n 5"
collect "mem" "free -m"
collect "disk" "df -h | sort -k5 -r | head -n $TOP_N"
collect "io" "iostat -xz 1 1 || true"
collect "ps_cpu" "ps aux --sort=-%cpu | head -n $TOP_N"
collect "ps_mem" "ps aux --sort=-%mem | head -n $TOP_N"
collect "ports" "ss -tulpn | head -n 100"
collect "errors" "journalctl -p err -S -2h --no-pager | tail -n 500"

BUNDLE="$(tar -C "$SNAP_DIR" -czf - . | base64 -w0 2>/dev/null || tar -C "$SNAP_DIR" -czf - . | base64)"

PROMPT=$(cat <<'EOF'
You are an incident response agent. Given system snapshots (CPU/MEM/IO/disk/processes/ports/errors),
produce a concise Markdown report with:

- Situation summary (one paragraph).

- Top 3 hypotheses with evidence.

- High-signal next steps: exact commands to run (read-only preferred).

- Risks and rollback considerations.

Limit to ~300-400 words. Prefer specificity over platitudes.
EOF
)

ollama run "$MODEL" -p "$PROMPT

The following tar.gz (base64) contains text snapshots from the host:
$BUNDLE

Extract and reason about the content logically.
"

Install optional tools if you want richer CPU/IO sections:

  • Ubuntu/Debian (apt):

    sudo apt update
    sudo apt install -y sysstat
    
  • Fedora/RHEL/CentOS (dnf):

    sudo dnf install -y sysstat
    
  • openSUSE (zypper):

    sudo zypper refresh
    sudo zypper install -y sysstat
    

Usage:

chmod +x ir_report.sh
./ir_report.sh

What you get: A fast, human-readable state-of-system summary with next steps you can run immediately.


Patterns that make these agents work

  • Constrain the task. Clear, role-based prompts and structured outputs (Markdown, JSON) yield better, safer results.

  • Keep humans in the loop. Agents draft; you validate and apply.

  • Favor local models for privacy and speed. Fall back to smaller models if resources are tight.

  • Log inputs and outputs. Save artifacts to review and learn over time.

  • Start shallow, then deepen. Add more signals once the basic pipeline is stable.


Conclusion and next steps

You don’t need a massive platform to get value from AI agents. With Ollama, standard Linux tools, and a few careful prompts, you can:

  • Triage logs faster

  • Enrich messy datasets

  • Refactor brittle scripts

  • Produce quick incident reports

Your next step: 1) Install the prerequisites and Ollama. 2) Pick one case study and run it end-to-end. 3) Commit the script to your repo and iterate with your team’s feedback. 4) Gradually wire these agents into your CI, cron, or on-demand playbooks.

Have a case you want to automate? Start simple, measure results, and evolve the agent like any other piece of code. If you’d like a deeper dive into evaluation harnesses and safety rails for agents, let me know—and I’ll publish a follow-up with testable templates.