READ-ONLY · SAFETY

Why a read-only tool cannot quietly write.

PathWise reads your network and tells you which layer broke. It never changes anything. That is a strong claim, so this page does not ask you to take it on faith. It shows what stops a change, names who might try to cause one, and tells you the one case the code does not cover.

Every mechanism here is enforced in the engine, and most are covered by a test you can run.

Three precautions, enforced in code.

Read-only is enforced in the engine, not in the model and not in the modules. The worst case is a wrong answer shown to a person, never a wrong action taken by a machine.

The gate denies by default

Every tool call carries an effect: read, write, or unknown. One function decides if it runs. Read is allowed. Everything else is denied, including unknown. The only way to invoke a tool is through that gate, so nothing routes around it. A write tool throws and its function is never reached.

Modules cannot declare a write

PathWise is extended by modules. When the engine turns a module into tools, it hardcodes the read effect. A module author has no field to set it. The adapter they implement has one method, read. There is no write, execute, or mutate. The engine owns safety, so a module author cannot make the tool unsafe.

Probes are locked down

The live network probes are three read-only commands: ping, dig, traceroute. A fourth is blocked before it runs. There is no shell. The target is checked against a strict pattern that rejects flags and shell characters, so a target can never become a command. Each probe is killed at ten seconds.

The guardrails, by who might try to break them.

Start with the plain answer. No user, whatever they type or ask PathWise to do, can make it write, because there is no write tool for it to call. Asking it to dig deeper is still a read. The rest is a matter of naming the actor and saying what holds them back. Four are stopped by code. One is not, and we will not pretend it is.

The AI model itself

Stopped by code

The model picks which tools to call. It cannot pick a write, because the gate denies it and no write tool is ever in the model’s list. A jailbroken model gives a worse answer, not an action.

A module author

Stopped by code

The engine hardcodes the read effect and the adapter has no write method. A bad module can supply bad data. It cannot supply a write path.

Prompt injection in your data

Stopped by code

A poisoned log might say “ignore the above and write.” Every tool result is fenced as untrusted data, inside a delimiter built longer than any backtick run in the content. The injection cannot escape, and there is no write tool to call anyway.

Command injection in a probe target

Stopped by code

No shell, a strict target pattern, and a single argument. The metacharacters an attacker needs are rejected before the probe runs.

The owner of the machine

Legal only, not code

PathWise runs on your hardware and you can read its source. A determined admin with that access can change the program. No license key stops the owner of a machine from editing software on it. That case is covered by the License and Terms, not a technical lock. We would rather say that plainly than sell you a lock that is not real.

How it troubleshoots, and what it does when a check fails.

A read-only tool is only useful if its answers are honest. The reasoning core holds one rule: a probe result is not the truth. It is one piece of evidence, from one spot, that can be blocked, delayed, rate-limited, or forged.

It walks the access path

PathWise models access as eight layers, from the device inward to the service. It picks the entry layer from the ticket, then walks the layers in order and stops once the evidence points to the breaking one. A layer no module covers is flagged, not guessed.

  1. device
  2. local-network
  3. user
  4. rights
  5. resolution
  6. routing
  7. session-trust
  8. destination

Three states, not two

Every check resolves to one of three outcomes, not a binary pass or fail.

  • Reachable A definite positive. The thing answered the way a healthy thing answers.
  • Unreachable A definite negative. Something proved it is not there or not listening.
  • Indeterminate Cannot tell from here. The probe was blocked, dropped, or ambiguous.

A blocked probe is indeterminate, not unreachable. Reading “no answer” as “down” is the most common wrong call in a segmented network, and the engine is built not to make it. A success can lie too, so a lone positive from an untrusted spot raises confidence only when a second signal agrees.

The fallback ladder

When the obvious probe is blocked, the engine has an order to fall back through.

  1. 1

    A different probe for the same fact

    If ICMP is filtered, a TCP check can still answer reachability. One blocked path does not end the investigation.

  2. 2

    An adjacent layer

    If a port cannot be reached, read what the layer below reports. The engine reasons across the access path, not at one rung.

  3. 3

    An artifact from someone with access

    A firewall log line, a config export, a screenshot of a working check. PathWise holds no rights on your hosts, so asking for the right artifact is a first-class source, not a last resort.

  4. 4

    An honest indeterminate

    If nothing answers, it says so, names what was tried, and names what would settle it. “I cannot tell from here” is a complete answer, not a failure.

A finding ships with a conclusion, a confidence level, the evidence behind it with the source of each piece, and an explicit note on what was not verified. A claim marked high confidence is rejected by the engine if every piece of its evidence is untrusted. PathWise holds no credentials, no shell, and no agent on any host but its own. It reads, reasons, cites its evidence, and stops at a proposed set of steps for a person to perform. It never applies a fix.

Read the code. Run the tests. Then decide.

Get PathWise$349 one-timeSee how it works ›