RemotePower
Self-hosted · Open source · v3.2.1 out now

Run your Linux fleet
from one screen.

A lightweight control plane for Linux servers. No database, no cloud, no nonsense. One agent per host — everything else lives in flat JSON. v3.2.1 ships SNMP polling for agentless devices, MCP write tools for AI hosts, OIDC SSO, an actionable alerts inbox, and inbound webhooks + syslog.

Pure Python stdlib No pip dependencies nginx + CGI 60s heartbeat 1 700+ tests Security-audited
Get it on GitHub What's new in v3.2.1
root@control — remotepower
$ remotepower fleet status
────────────────────────────────────────────
web01 online updates: 0 drift: clean
db01 online updates: 3 config: in-sync
mail01 online updates: 7 cve: 2 medium
cache01 online updates: 0 scripts: 2/2 OK
────────────────────────────────────────────
4 hosts · 1 needs attention · scanned 12s ago
RemotePower dashboard
↑ Live dashboard — fleet at a glance
0
databases required
stdlib
pure Python, no pip
60s
default heartbeat
1700+
tests in the suite
// What's new

Fresh in v3.2.1

SNMP polling for switches and APs, MCP write tools so AI hosts can act on the fleet (with human-approval gates), OIDC SSO, an actionable alerts inbox with ack/resolve lifecycle, inbound webhooks, and syslog ingestion. Still zero pip dependencies.

NEW · v3.2 📡
SNMPv2c polling for agentless devices
Pure-stdlib SNMP client. Polls switches, APs, IPMI cards, printers every 5 min for sys-group + per-core CPU (hrProcessorTable) + memory and filesystems (hrStorageTable) + UCD-SNMP load averages + vendor health (Mikrotik temp / voltage / CPU MHz, Ubiquiti UAP/UDM/USW model + firmware + radio clients). Threshold-driven alerts fire through the same pipeline as agent metrics. Deep-poll walks the interface table on-demand.
no pysnmphrProcessorhrStorage Mikrotik MIBUniFi MIBifTable walk
NEW · v3.2 🤖
MCP server with write tools
12 read tools (list_devices, get_journal, get_cves, get_snmp_data, …) plus 4 write tools (reboot_device, run_saved_script, force_package_scan, force_acme_rescan). Per-device require_confirmation flag queues destructive actions for human approval; the audit log records the AI host name and the natural-language prompt that triggered each call. Works with Claude Desktop, Cursor, VS Code Copilot, Claude Code.
stdio JSON-RPCrole=mcphuman-in-the-loop audit attribution
NEW · v3.2 🔔
Alerts inbox — ack / resolve lifecycle
Every actionable event lands in a mutable ledger with acknowledge / resolve / auto-resolve. Recover events (device_online, service_recover, snmp_recover, custom_script_recover) clear the matching open row automatically. Filter views, bulk-resolve, clear-resolved/all. Sidebar count badge always visible — green at 0, red at >0.
auto-resolvebulk-resolve monitored=false respected
NEW · v3.2 📥
Inbound webhooks + syslog
Receive alerts from Grafana, Alertmanager, Authelia/Authentik, n8n, Home Assistant via POST /api/webhook/in/<token>. Ingest syslog from rsyslog omhttp / fluent-bit / curl at /api/syslog/in/<token> — lines feed the same log_alert rules as agent-collected logs. Both kinds share one token table in Settings → Integrations.
GrafanaAlertmanager rsyslog omhttpfluent-bit
NEW · v3.2 🔑
OIDC / OpenID Connect SSO
Standard confidential-client authorization-code flow. Configure issuer + client ID/secret + optional admin group; the login page renders a "Sign in with SSO" button automatically. Auto-provisions the local user on first sign-in with role mapped from group membership. Tested against Authelia, Authentik, Keycloak, Pocket-ID, Google. New "Test discovery" endpoint flags common misconfigs up front.
AutheliaAuthentikKeycloak group → role.well-known discovery
NEW · v3.2.1 📊
SNMP threshold alerts + site health
SNMP-derived CPU %, memory %, storage %, and temperature run through the same threshold pipeline as agent metrics — fires metric_warning / metric_critical / metric_recovered. snmp_unreachable fires at the 2nd consecutive poll failure; snmp_dead escalates at the 72nd (~6 hours) at severity critical. Server Status grows a site-health card: load average, system memory %, sessions, devices-online %.
snmp_cpu warn/crittemp warn/crit edge-triggeredauto-resolve
// Capabilities

Everything a fleet needs,
nothing it doesn't.

One agent. One server. All the things that actually matter.

Remote Command Execution
Run commands, reboot, shutdown, Wake-on-LAN. Batch across devices. Scheduled (cron) and one-shot. Allowlist and command library. Long-poll /api/exec/wait.
audit-loggedallowlistcron
🖥
Browser SSH (WebTerm)
Interactive xterm.js SSH sessions directly in the browser, proxied through a hardened systemd-confined daemon. Admin password re-prompt per connect. Session recording. No client software needed.
xterm.jsre-authrecorded
🛡
CVE Scanning
OSV.dev-backed. Real CVSS v3.1 scoring. Per-CVE ignore list. On-demand package scan. Accuracy via dpkg --compare-versions.
OSV.devCVSS v3.1AI triage
📦
Patch Management
Pending update counts, package lists, update history, patch alerts. Works with apt, dnf, pacman, apk. Pending reboot badge on Debian/Ubuntu.
aptdnfpacman⟳ reboot badge
🔍
Configuration Drift
Hash critical files, baseline diffing, per-file ignore rules. Drift event log. drift_detected webhook on any change.
SHA-256 hashingwebhook
🗂
Host Configuration
Declare desired state per host: repos, netplan, nmcli, resolv.conf, hosts, services, users + SSH keys, groups, sudoers, MOTD. Agent applies on heartbeat. Drift audited, not auto-remediated.
config_drift webhookaudit-only
🖥
Proxmox VE
QEMU VMs + LXC containers. Snapshot create, list, rollback, delete. PVEAPIToken auth. No SDK — pure stdlib HTTP.
QEMULXCsnapshots
🐳
Container Awareness
Docker, Podman, Kubernetes. Container stopped/restarting/stale alerts. docker stats telemetry. Container state now surfaced in Needs Attention.
DockerPodmank8s
📡
Monitoring & Alerts
Ping, TCP, HTTP probes. Service and log watcher. TLS/DNS expiry. Mailbox counter. 35+ webhook event types, fanned out across up to 20 destinations with per-destination filters. v3.2 adds an actionable alerts inbox with ack/resolve and inbound webhooks from Grafana / Alertmanager / Authentik.
35+ event typesalerts inboxinbound webhookssyslog ingestion
📶
SNMPv2c polling
Pure-stdlib SNMP for agentless devices — switches, APs, IPMI, printers. Polls sys-group + per-core CPU + memory + filesystems + UCD-SNMP load avg + Mikrotik / Ubiquiti vendor MIBs every 5 min. Threshold-driven alerts. Deep poll walks the interface table on-demand.
no pysnmpMikrotik MIBUniFi MIBifTable walk
🤖
MCP server (read + write tools)
Bundled stdio MCP server for Claude Desktop / Cursor / VS Code / Claude Code. 12 read tools + 4 write tools. Destructive actions queue for human approval via per-device require_confirmation; the audit log records the AI host and the prompt that triggered each call.
role=mcphuman-in-the-loopaudit attribution
🔬
Custom Monitoring Scripts
Define bash checks server-side, assign to any devices. Agent runs them every 5 minutes. Exit 0 = OK. Fleet-wide results on Monitor page. AI generation built in.
edge alertsAI generate
📊
Metrics & Observability
CPU/RAM/disk history, sparklines, adjustable poll interval. Prometheus /api/metrics for Grafana. /api/status for Uptime Kuma. New /api/self/status for self-monitoring.
PrometheusGrafana/api/self/status
🗄
CMDB & Credentials Vault
Asset metadata, AES-GCM encrypted vault with PBKDF2 (600k iterations, OWASP 2023 minimum), Markdown docs per device, SSH shortcut buttons. Agentless devices for switches and printers.
AES-GCMPBKDF2 600kaudit-logged
🔑
API Keys & Enrolment
Named API keys with three roles (admin / viewer / mcp) and per-key expiry. Enrolment tokens, re-enrol preserving history, agent integrity check, one-click backup export with secret redaction (webhook URLs, Pushover tokens, SMTP / LDAP / Proxmox / AI secrets all stripped).
3 rolesper-key expiryredacted backup
🔒
Auth & Security
PBKDF2-HMAC-SHA256 passwords (OWASP 2023 parameters). Header-based session tokens, CSRF-safe by construction. TOTP 2FA. LDAP/AD with TLS verify. OIDC SSO against Authelia / Authentik / Keycloak / Pocket-ID / Google with group → role mapping. Exponential lockout ladder. Audit log on every privileged action.
auditedTOTPLDAP/ADOIDC
// How it works

A server, an agent,
and nothing in between.

Push-based. Agents reach out — the server never needs inbound access to your hosts.

Step 01 — Agent
Tiny Python script
Heartbeats every 60s with sysinfo, packages, drift hashes, containers, custom script results. Applies desired host config. SHA-256-verified self-update. Enrols with a token. State files in /var/lib/remotepower with O_NOFOLLOW. No inbound ports needed.
Step 02 — Server
nginx + CGI
Flat JSON storage. CVE scanning, probe monitoring, drift detection, patch reporting, host config management, ACME automation, scheduled backups. No database. No framework. No pip dependencies.
Step 03 — Dashboard
One dark screen
Fleet status, attention items, drill-downs per device. Monitor, Patches, CVE, Services, Containers, Proxmox, Drift, Custom Scripts, Host Config, TLS/ACME, Alerts inbox, MCP Confirmations. Six grouped sidebar sections. Installable PWA. Command palette and keyboard navigation throughout.
// Get started

Self-host in minutes.

One script for the server, one for each host you want to manage. Or skip the install and poke around the live demo.

~/remotepower
# Server — installs nginx + fcgiwrap + Python deps + an admin password
git clone https://github.com/tyxak/remotepower && cd remotepower
sudo bash install-server.sh

# On each Linux host you want to manage
sudo bash install-client.sh
# Paste the server URL and the 6-digit PIN from the dashboard.

# Optional — browser SSH terminal
sudo bash packaging/install-webterm.sh
View on GitHub Try the live demo
Demo · demoremote.tvipper.com · demo / demo · read-only sandbox, resets every few hours