Everything below is a real workflow: you type the ask, the agent works over SSH, and nothing state-changing runs without your approval.
Paging you at 3am shouldn't mean 40 minutes of grep. The agent tails logs, correlates errors across services, and hands you a root cause with the fix queued for approval.
Pull the release, restart the service, hit the health endpoint — one ask. The restart waits for your click; the verification doesn't.
Edit nginx configs, env files, and unit files remotely with the built-in file browser — and let the agent test the config before anything reloads.
Fresh VM to production-ready: users, firewall, runtime, service units. The agent proposes each step; you approve the ones that matter.
Check kernel and package versions host by host, stage upgrades, and schedule reboots — without blindly running apt across prod.
CPU spike, memory leak, disk at 89% — the agent finds the culprit process or directory and proposes the safe cleanup, never the reckless one.
Review sshd_config, authorized_keys, and sudoers on any host. The agent flags password auth, stale keys, and over-broad sudo — and drafts the hardening change.
Open ports, listening services, firewall rules, TLS versions — a full surface check in one conversation, with fixes queued behind the approval gate.
Check certificate expiry across your hosts before the browser warning does it for you. Renewals are proposed, never auto-fired.
Slow queries, lock contention, replication lag — the agent reads pg_stat and EXPLAIN so you don't have to, and terminating a session takes your click.
Backups that were never restored are hopes, not backups. Check cron ran, dumps exist, sizes look sane — across every host that matters.
The copilot builds memory per host — services, quirks, past incidents. New teammate asks "what runs on db-primary?" and gets a real answer.
Download the app, add a host, and hand off the grunt work. 200 credits to start.