Operationally-aware AI workspace for infrastructure, security and self-hosted operations
Built for infrastructure operators, self-hosters and security workflows.
🚀 SysAI Pro Beta Access Available
A limited number of beta licenses are currently available for early adopters and testers.
⚡ Lightning donations: donate@shadowbip.com
Environment-aware diagnostics • rollback-aware remediation • structured operational workflows
Why SysAI • What makes SysAI different? • Features • Privacy • Installation • Architecture • Roadmap
Most AI tools for infrastructure and operational workflows still behave like generic chatbots.
SysAI tries to solve a different problem.
Instead of focusing on conversational interactions, SysAI is designed around operational workflows:
- log analysis
- troubleshooting
- security auditing
- script generation
- configuration generation
- infrastructure diagnostics
- verification and rollback workflows
The goal is making AI outputs feel operationally useful instead of conversational.
SysAI focuses on operational trust, remediation safety and infrastructure-aware reasoning instead of generic AI conversation.
| Generic AI chat | SysAI |
|---|---|
| Long prompts every time | Specialized operational tools |
| Generic AI responses | Environment-aware diagnostics |
| Huge text blobs | Structured operational output |
| Manual risk evaluation | Risk + confidence analysis |
| Manually ask for rollback | Built-in verification and rollback guidance |
| Browser-based workflow | Dedicated operational workspace |
| Chat-first | Workflow-first |
SysAI detects operational context and adapts troubleshooting accordingly.
Examples:
- Docker / Docker Compose
- systemd
- reverse proxies
- Linux services
- Windows servers and workstations
- PowerShell environments
- networking stacks
- Bitcoin / Lightning infrastructure
- self-hosted environments
This allows SysAI to generate more realistic operational workflows instead of generic infrastructure suggestions.
Instead of returning giant AI-generated paragraphs, SysAI produces:
- structured fix steps
- verification commands
- rollback guidance
- assumptions tracking
- evidence vs assumptions separation
- operational recommendations
- confidence/risk analysis
- remediation safety scoring
- rollback trust semantics
- evidence quality analysis
The result is cleaner, safer and more production-oriented.
SysAI distinguishes between:
- verified evidence
- inferred assumptions
- remediation safety
- rollback confidence
- verification trust strength
This helps reduce dangerous AI hallucinations during infrastructure troubleshooting.
SysAI is designed to:
- prefer read-only discovery first
- avoid fabricated infrastructure assumptions
- separate evidence from inference
- explain verification limitations
- expose rollback uncertainty explicitly
SysAI does not require a SysAI cloud account.
AI requests go directly from your machine to the provider you configure.
Supported providers:
- Gemini
- OpenAI
- Claude
- DeepSeek
- Mistral
- Ollama (fully local/offline)
With Ollama, SysAI can work entirely locally.
Analyze logs from:
- syslog
- journalctl
- nginx
- Docker
- Bitcoin Core
- LND
- reverse proxies
- custom services
Features:
- root-cause analysis
- structured remediation
- verification workflows
- rollback guidance
- confidence/risk scoring
- operational trust semantics
- evidence vs assumptions analysis
- remediation safety scoring
- rollback confidence analysis
Generate Linux commands from natural language requests with:
- explanation
- sudo/destructive warnings
- rollback notes
- verification commands
- operational context awareness
Explain commands and scripts line-by-line with:
- risk analysis
- operational implications
- safer alternatives
- verification recommendations
Generate production-oriented configs for:
- nginx
- Apache
- Docker Compose
- systemd
- SSH
- fail2ban
- iptables
- reverse proxies
Includes:
- validation commands
- security notes
- rollback guidance
Guided infrastructure diagnostics with:
- operational workflows
- environment-aware reasoning
- Docker/systemd detection
- structured remediation
- rollback procedures
- verification paths
Generate Bash or Python scripts with:
- logging
- validation
- error handling
- rollback recommendations
- operational safeguards
Audit configurations and infrastructure descriptions with:
- severity classification
- remediation guidance
- operational recommendations
- verification steps
Includes built-in scanners:
- Port Scanner
- TLS/SSL Checker
- SSH Audit
- Infrastructure Intelligence target scanner
- Local-first Secret Detector
- Filesystem and Permission Audit
- Docker Compose and reverse proxy static audits
Infrastructure Intelligence provides local-first exposure discovery for a target host:
- Service Matrix for open ports and service families
- Service Intelligence panels for HTTP, TLS, SSH, FTP, mail, databases, Docker, monitoring and high-value services
- Attack Surface Summary with web, mail, remote access, database and detected admin panel counts
- Exposure Risk Engine that weighs service type, authentication posture, TLS posture, admin interfaces, database exposure, Docker exposure, metadata leaks and version disclosure
- HTTP fingerprinting, redirect-host analysis, TLS inspection and security header review
- Reverse proxy intelligence for nginx, Apache, Caddy, Traefik and HAProxy indicators
- CDN/WAF indicators including Cloudflare, Fastly, Akamai and Sucuri-style signals
- Admin panel intelligence for Grafana, Prometheus, Portainer, phpMyAdmin, Nextcloud, LNbits, WordPress Admin and generic login portals
- Database intelligence for MySQL/MariaDB, PostgreSQL, Redis, MongoDB and Elasticsearch
- Docker API exposure intelligence for ports 2375 and 2376
- Recommended hardening guidance and exposure signals for each detected service
- Optional explicit AI analysis using a sanitized infrastructure payload with findings, service matrix, exposure score, attack surface summary and recommendations
Database Intelligence attempts safe banner or protocol-level collection where possible. It classifies the database family, extracts versions when exposed, evaluates authentication visibility, highlights unauthenticated Redis responses, and recommends private networking, allowlists and service-level authentication.
Docker Exposure Intelligence treats reachable Docker APIs as one of the highest-risk exposure classes. It checks HTTP API reachability, Docker version metadata when available, TLS presence on 2376, and remote administration risk.
Admin Panel Intelligence counts actual detected panels from probes and fingerprints rather than assuming every alternate web port is an admin surface. Each detected panel shows platform, confidence, authentication indicators, administrative exposure assessment and operational recommendations.
Reverse Proxy Intelligence identifies reverse proxy family and version disclosure when available, separates CDN/WAF indicators, evaluates metadata disclosure, and recommends practical hardening for public web edges.
Remote scan mode is separated from local pasted audits so live target scans do not show local-only tools. Target normalization accepts hostnames and full URLs such as example.com, www.example.com, https://example.com and https://example.com/path.
Local-first audit tools run on pasted content in the workspace:
- Secret Detector flags common config secrets, provider tokens, private keys, credential URLs, Docker environment secrets and high-entropy values while masking detected evidence in results
- Permission Audit parses
ls -la,findand sudoers-style snippets for world-writable paths, weak SSH permissions, sensitive readable files, risky SUID/SGID bits, Docker socket access and broad or passwordless sudo rules - Docker Compose Audit highlights privileged containers, Docker socket mounts, exposed databases and hardening gaps
- Proxy Audit reviews nginx, Caddy and reverse proxy configuration patterns locally
Local audit inputs are not sent to AI providers by default. Optional AI analysis is explicit, and generated CSR/private key material, local secrets and sensitive pasted content are not included in Infrastructure Intelligence AI payloads.
Security results include operational runbook copy/export actions. Generated runbooks include symptoms, likely cause, findings, verification commands, safe remediation, rollback notes and prevention guidance.
Generate certificate signing requests and private keys locally with:
- RSA 2048
- RSA 4096
- ECDSA P-256
- ECDSA P-384
- Common Name, organization, organizational unit, city, state, country and email fields
- SAN DNS and SAN IP entries with basic validation
- copy/export for the private key, CSR and equivalent OpenSSL command
The CSR Generator does not use AI providers and does not transmit generated keys or CSR data over the network. Private keys should be stored securely with restricted file permissions.
SysAI features a modern infrastructure-oriented workspace inspired by:
- Warp
- Linear
- Tailscale
- modern DevOps tooling
Recent UI improvements include:
- premium multi-column layout
- operational status widgets
- integrated update indicators
- improved hierarchy and spacing
- refined command/result rendering
- infrastructure-oriented visual design
- keyboard command palette for primary tools, History, Settings, Security & Exposure Intelligence and CSR Generator
- context-linked History entries for meaningful provider and local security results
Keyboard workflow:
- Open the command palette from the workspace palette button
- Search for core tools, Security & Exposure Intelligence, CSR Generator, History or Settings
- Press Enter to open the first match or Esc to close the palette
Workflow continuity keeps relevant operational context attached to History entries and carries current findings into optional AI analysis and runbook generation. Local-sensitive inputs such as pasted secrets are redacted from History and unrelated workflows.
Supported UI and response languages:
- English
- Italiano
- Français
- Deutsch
- Español
User-visible UI strings are expected to be available in all supported languages.
SysAI is local-first.
- No SysAI account required
- No telemetry intentionally collected
- No SysAI cloud backend
- API keys stored locally
- Electron safeStorage support
- API keys encrypted locally in packaged Electron builds
- Browser/dev fallback warning when secure storage is unavailable
- Ollama fully local support
- Remote Google Fonts removed for better privacy/local-first behavior
Important: third-party AI providers have their own privacy policies and retention systems.
SysAI avoids acting as a middleman, but cannot control external provider behavior.
- AppImage
- DEB
- RPM
SysAI currently provides:
- Windows NSIS installer
- portable/unpacked ZIP build
Windows support is currently in beta.
Because builds are not yet code-signed, Windows SmartScreen may display a warning during first launch.
sudo dnf install ./sysai-assistant_1.7.0-beta_x86_64.rpmsudo apt install ./sysai-assistant_1.7.0-beta_amd64.debchmod +x sysai-assistant_1.7.0-beta_x86_64.AppImage
./sysai-assistant_1.7.0-beta_x86_64.AppImage- Open SysAI
- Configure at least one AI provider
- Select your default model
- Optionally add a system profile
- Start using the operational tools
Example system profile:
Ubuntu 24.04 VPS, Docker, nginx, Bitcoin Core, LND
| Provider | Local | Notes |
|---|---|---|
| Gemini | No | Good free/low-cost option |
| OpenAI | No | Strong general-purpose models |
| Claude | No | Excellent reasoning |
| DeepSeek | No | Budget-friendly |
| Mistral | No | European provider |
| Ollama | Yes | Fully local/offline |
SysAI includes an integrated GitHub release checker with:
- silent background checks
- update availability detection
- integrated version status
- release link support
- offline-safe behavior
SysAI is still beta software.
Important notes:
- Always verify generated commands before execution
- AI models can hallucinate
- SysAI does not automatically execute commands
- Generated scripts/configurations should be reviewed before production use
- Different AI providers produce different quality levels
Operational awareness improves outputs significantly, but does not replace real system administration knowledge.
SysAI is especially useful for:
- Linux sysadmins
- self-hosted users
- homelab operators
- DevOps engineers
- VPS users
- Docker users
- Bitcoin/Lightning node operators
- infrastructure hobbyists
┌──────────────────────────────────────────┐
│ SysAI — Electron │
│ │
│ ┌────────────┐ ┌──────────────────┐ │
│ │ React UI │ │ electron.js │ │
│ │ renderer │◄──►│ main process │ │
│ │ │ │ │ │
│ │ Tools │ │ IPC whitelist │ │
│ │ Settings │ │ safeStorage │ │
│ │ i18n │ │ scanners │ │
│ │ License │ │ update checker │ │
│ └─────┬──────┘ └──────────────────┘ │
│ │ │
│ ┌─────▼──────┐ │
│ │ server.js │ Local provider proxy │
│ │ 127.0.0.1 │ AI API communication │
│ └─────┬──────┘ │
└────────┼─────────────────────────────────┘
│ HTTPS / local HTTP
▼
User-selected AI provider
git clone https://github.com/shadowbipnode/sysai-assistant.git
cd sysai-assistant
npm install
npm run electron:devBuild packages:
npm run electron:build:all- workflow-oriented operational and local security tools
- environment-aware diagnostics
- structured operational output
- rollback + verification workflows
- risk/confidence analysis
- multiple AI providers
- integrated update checker
- premium infrastructure UI
- multilingual support
- local-first architecture
- Windows beta build
- Windows NSIS installer
- GitHub Actions Windows build workflow
- Ollama local-provider validation
- Content Security Policy hardening
- safe external URL handling
- scanner IPC-only security model
- lint workflow
- export to
.md,.sh,.py,.ps1,.js - command palette MVP
- local-first Secret Detector
- filesystem and permission audit
- Infrastructure Intelligence target scanner
- operational runbook export
- local CSR/private key generator
- operational trust semantics
- evidence vs assumptions separation
- remediation safety scoring
- rollback trust analysis
- context-linked operational history
- Windows code signing / SmartScreen reputation
- macOS build
- terminal-oriented workspace mode
- onboarding flows
- dedicated Bitcoin/Lightning operational profiles
- infrastructure reporting/export system
- favorites/snippet library
Feedback, testing and contributions are welcome.
This project is evolving quickly and real-world infrastructure and operational feedback is extremely valuable.
MIT
Built with ⚡ for infrastructure operators, self-hosters and security workflows.