opsctl06

Product overview

opsctl is a read-only-first, evidence-driven safety controller for single-server production.

Human-reviewed bilingual content

opsctl connects server registry, preflight, backup and recovery, human approval, and verifiable audit in one typed workflow. It is built for teams running one or a few servers that still need production-grade safety boundaries.

Core principle

AI may observe, explain, and draft plans. It cannot approve itself through vague authority, and it cannot disguise destructive resource cleanup as automation.

What you can do

How it works

  1. Declare intent: the YAML registry is the desired-state source of truth.
  2. Observe reality: scanners read systemd, Docker, ports, and Caddy state.
  3. Explain differences: doctor, drift, and preflight return structured risk decisions.
  4. Build recovery: snapshots, backups, repository checks, and isolated restores produce evidence.
  5. Hand off to a human: only specific, unexpired, scope-matching approval can advance controlled execution.

Deliberate non-goals

  • No automatic production approval.
  • No automatic Docker volume deletion.
  • No write or execution surface through MCP.
  • No claim that a successful backup alone proves recovery.
  • No credential values in reports.

Continue with Get started and meet opsctl through a fully read-only workflow.

On this page