Use cases

One copilot.
Every job your servers throw at you.

Everything below is a real workflow: you type the ask, the agent works over SSH, and nothing state-changing runs without your approval.

Developers

Ship and debug without leaving your flow

01 — 03

3am incident response

Paging you at 3am shouldn't mean 40 minutes of grep. The agent tails logs, correlates errors across services, and hands you a root cause with the fix queued for approval.

you: api is 500ing since 02:40 — find out why and fix it

Deploys with a health check

Pull the release, restart the service, hit the health endpoint — one ask. The restart waits for your click; the verification doesn't.

you: ship latest main to staging and verify /health

Config surgery over SFTP

Edit nginx configs, env files, and unit files remotely with the built-in file browser — and let the agent test the config before anything reloads.

you: bump client_max_body_size to 50M and reload safely
DevOps & SRE

Run a fleet like it's one box

04 — 06

Provision new servers

Fresh VM to production-ready: users, firewall, runtime, service units. The agent proposes each step; you approve the ones that matter.

you: set this box up for the node app — hardened, pm2, nginx

Patch & update hygiene

Check kernel and package versions host by host, stage upgrades, and schedule reboots — without blindly running apt across prod.

you: which of my hosts still need the openssl patch?

Resource triage

CPU spike, memory leak, disk at 89% — the agent finds the culprit process or directory and proposes the safe cleanup, never the reckless one.

you: disk is nearly full — free space without touching app data
Security

Audit like you mean it

07 — 09

SSH & access audits

Review sshd_config, authorized_keys, and sudoers on any host. The agent flags password auth, stale keys, and over-broad sudo — and drafts the hardening change.

you: audit ssh access on prod — who can get in and how?

Exposure checks

Open ports, listening services, firewall rules, TLS versions — a full surface check in one conversation, with fixes queued behind the approval gate.

you: what's listening on this box that shouldn't be public?

Cert expiry sweeps

Check certificate expiry across your hosts before the browser warning does it for you. Renewals are proposed, never auto-fired.

you: any TLS certs expiring in the next 30 days?
Data & platform

Keep the stateful stuff healthy

10 — 12

Database firefighting

Slow queries, lock contention, replication lag — the agent reads pg_stat and EXPLAIN so you don't have to, and terminating a session takes your click.

you: the API is slow — check postgres for blocking queries

Backup verification

Backups that were never restored are hopes, not backups. Check cron ran, dumps exist, sizes look sane — across every host that matters.

you: did last night's db backups actually run everywhere?

Infra that documents itself

The copilot builds memory per host — services, quirks, past incidents. New teammate asks "what runs on db-primary?" and gets a real answer.

you: what do we know about this host and its incidents?

Your next incident deserves backup.

Download the app, add a host, and hand off the grunt work. 200 credits to start.