Single-server deployment safety controller / v0.6 series中文

operational safety / evidence first

Every server change starts with evidence—not execution.

opsctl brings registry, backup, recovery, approval, and audit into one verifiable workflow. It is read-only by default, rejects vague authority, and leaves high-risk actions to explicit human decisions.

Control plane status
$ opsctl preflight plan.yml --json
READ Read-only first
PLAN Plan before change
PROVE Close the evidence loop
HUMAN Human approval
decisionNEEDS_APPROVAL

01 / PRINCIPLE

Not a bag of scripts. An operations contract.

Every command is designed around one question: before production changes, can we prove the target, blast radius, recovery path, and authority boundary?

02 / WORKFLOW

A four-stage safety workflow

01

Declare

Describe services, ports, domains, volumes, and backup policy in YAML.

02

Inspect

Observe reality, explain drift, and produce non-executing plans and risk decisions.

03

Prove

Create snapshots, verify backups, restore in isolation, and sign the evidence chain.

04

Handoff

Only specific, unexpired human approval can advance controlled execution.

03 / SURFACE

One CLI for the critical breakpoints in production change

01

Registry

Turn server intent into a reviewable, validated source of truth.

02

Preflight

Block port conflicts, volume risk, and missing backup evidence.

03

Recovery

Restore in isolation and verify files, hashes, and database signatures.

04

Evidence

Ed25519 signatures, audit checkpoints, and restorable archives.

05

Scheduler

Global serialization, bounded waiting, and deterministic spreading.

06

MCP / TUI

Read-only tools for AI and an operator-focused terminal view.

04 / BOUNDARY

Dangerous operations do not become safe by calling them automation.

opsctl does not auto-approve and does not delete Docker volumes. Planning, evidence, and human execution are deliberately separate boundaries.

05 / BEGIN

Start with a read-only check.

Validate the registry and runtime before entering backup and recovery workflows.

Get started
opsctl / documentationDesigned for recoverable, auditable single-server production.English