⟩ Self-hosted AI ops

Your homelab has an operator now.
You hold the keys.

Vigilus is an AI-powered operations platform that runs on your hardware, with your models, under your rules.

 $ docker run -d \
  --name vigilus \
  -p 3000:3000 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v ~/.vigilus:/data \
  ghcr.io/vigilus-labs/vigilus:latest

$ curl -fsSL https://vigilus.dev/install.sh | sh

// Active operators

infra-monitor

claude-3.5-sonnet

security-scanner

gpt-4o

patch-manager

llama-3.1-70b

// Pending elevation

patch-manager docker.write

Restart nginx container after config update on prod-web-01

Approve Deny TTL 14:58

⟩ Why Vigilus

There are AI assistants that answer questions about your infrastructure. Vigilus is not one of those. It operates — connecting to your servers over SSH, reading your SIEM alerts, managing your containers — and it does it through agents you define, with models you choose, on hardware you own.

Every write, every execution, every elevation goes through your permission system. Read operations are always on. Anything that changes state requires a scoped, time-limited token — either approved in real time or auto-approved and logged, depending on how you configure it. Every action lands in an append-only audit log.

The point is not that AI can run your homelab. It's that you can decide exactly how far it's allowed to reach — and watch it work.

⟩ What it does

Operators you define

Build sub-agents with a system prompt, a model, a set of tools, and a permission level. Vigilus routes tasks to the right Operator. You decide what each one can do.

Bring your own model

Anthropic, OpenAI, Google, Ollama, LM Studio, vLLM, OpenRouter, xAI — or any OpenAI-compatible endpoint. Pick a different model per Operator.

MCP-native

Run MCP servers on the host — nmap, WireGuard, filesystem, Wazuh — and their tools are auto-discovered and assignable to Operators. First-class, not bolted on.

Real infrastructure reach

Connect to Wazuh SIEM for alerts, logs, and vulnerabilities. Run apt update and upgrade across Ubuntu servers over SSH. Manage Docker containers and compose stacks. Act on the host itself.

Just-In-Time access

Read operations are always available. Anything that writes, executes, or elevates requires a scoped, time-limited, signed token. Strict mode holds for approval; lenient mode auto-approves and logs.

Audited by default

Every tool call — allowed or denied — lands in an append-only action log. Secrets are encrypted at rest and never exposed. No opt-in, no configuration needed.

⟩ Just-In-Time access

Read always on. Writes require a signed, time-limited token.

Every operation through an Operator is classified by intent. Reads — logs, status, metrics — are always available. Anything that writes, executes, or elevates privileges must go through the JIT gate. The token is scoped to a specific resource, action, and time window.

Strict mode

Every elevation request holds in the dashboard for your approval. You see the Operator, the resource, the action, and a description of the task. Approve or deny — nothing runs without you.

Lenient mode

Elevation requests are auto-approved and logged. You review them after the fact in the action log. Useful for trusted Operators doing routine maintenance.

Pending elevation request

infra-monitor ssh.exec

Run apt upgrade -y on prod-db-01

Approve Deny TTL 29:59

⟩ Bring your own model

Any provider. Local or cloud. Per-Operator.

Vigilus works with every major provider and any OpenAI-compatible endpoint — including self-hosted models on your own hardware. Pick a different model for each Operator: a local Llama instance for routine tasks, Claude for complex reasoning, GPT-4o for security analysis.

Anthropic OpenAI Google Ollama LM Studio vLLM OpenRouter xAI + any OpenAI-compatible endpoint

⟩ MCP-native

Install an MCP server. Its tools show up automatically.

MCP is a first-class part of Vigilus, not a plugin or afterthought. Run MCP servers on the host — network scanners, VPN management, file systems, SIEM integrations — and their tools are auto-discovered and ready to assign to any Operator.

nmap running

wireguard running

filesystem running

wazuh running

docker running

⟩ What this is — and isn't

Vigilus is

A self-hosted platform you run on your own hardware.
An orchestrator that routes tasks to Operators you define.
A permission system where you control exactly what each Operator can reach.
An audit log that records every action, allowed or denied.
A config-first web dashboard. No CLI-only setup rituals.

It is not

Not a hosted SaaS. There is no Vigilus cloud. Your box, your data.
Not a walled garden. Bring your own models, your own MCP servers, your own infrastructure.
Not a replacement for understanding your own setup. It operates — you still architect.
Not a chatbot. It runs commands, reads logs, manages containers — it does things.

⟩ Get started

One command. Your hardware. Your rules.

Read the docs, or just run it.

 $ docker run -d --name vigilus -p 3000:3000 ghcr.io/vigilus-labs/vigilus:latest

Read the docs View on GitHub

Your homelab has an operator now. You hold the keys.