At the core: a single overview of your fleet, automated import from twelve cloud providers, and AI log triage that points at the probable cause. Everything else builds on that.
🩺
AI log triage
Pick a server, pick a source (journalctl, syslog, auth.log, nginx, Apache, dmesg, Docker). ServerShelf auto-fetches the last N lines via SSH, then sends them to your own AI key. You get a probable root cause, ranked next steps, and a suggested fix, with no copy-paste tour through five Stack Overflow tabs. Manual paste still works for logs from anywhere else.
📥
One-click provider import
Twelve providers in one place: Hetzner, AWS, DigitalOcean, Contabo, Vultr, Linode, Scaleway, IONOS, OVHcloud, Proxmox, Kubernetes, VMware vSphere. Re-sync at any time; your notes, tags and projects stay intact.
🗂
Fleet overview at a glance
Every server, every project, every tag, all in one window. Pending updates, SSL expiry, uptime status, SMART warnings. Click a tile to drill in. Snooze what you can't act on right now.
🔍
Agentless cross-OS scans
One click, plain SSH (key or password). ServerShelf detects the target OS and runs the right probe: Linux reads dpkg/rpm/apk, systemctl, journalctl; macOS uses brew, launchctl, sw_vers; Windows uses PowerShell with Get-CimInstance, Get-Service, Get-NetTCPConnection. About six seconds per server. Nothing is installed, nothing changes on the host.
🌐
Real TLS certificate monitoring
Every six hours, ServerShelf opens an actual TLS handshake to domain:443 and parses the certificate (issuer, SAN list, validity window). It warns 30 days before expiry and handles self-signed, expired, and wildcard SANs.
📦
Software & license vault
Per server: installed packages, versions and install method. Software-license keys (Mailgun, Sentry, Adobe and friends) live in an AES-256-GCM vault with seats, vendor, renewal date and cost. Reveal on demand.
🐳
Remote Docker control
Start, stop, restart, remove and create containers on the host's Docker engine, all over SSH. Stream logs live. Works on any server with docker installed; your laptop doesn't need Docker.
⏱
HTTP uptime checks
Configurable polling intervals (from 60 s upward), status history, latency tracking. Marks each target DOWN / SLOW / OK. Failures surface in the Triage view. Local-only, with no external monitoring service involved.
💻
Built-in PTY terminal
A real PTY-backed SSH terminal per server: resize, ANSI colors, scrollback. A snippet library you can run with one click. An SSH-key deployment helper for first-time setup.
🔐
Encrypted backups & cloud sync
Export the full inventory to one AES-256-GCM file (Argon2id KDF, 64 MiB / 3 iter). Cloud sync ships the same blob to your iCloud Drive, S3 bucket or WebDAV folder, end-to-end encrypted, with no one but you holding the key.
⏲
Auto-lock & biometric quick-unlock
A configurable idle timer locks the vault automatically. Optional Touch ID / Windows Hello quick-unlock via the OS keychain; the passphrase never leaves disk and is never reused. Lock manually with one click in the sidebar.
📜
Append-only audit log
Every destructive or credential-touching action (server delete, container kill, snippet on remote, AI prompt) lands in the audit log with timestamp, target, duration and outcome. SQLite triggers block UPDATE and DELETE, so the log is forensic-grade.