[ spy daemon · v2.1 ]

spyd_

AI server monitoring that thinks like a senior sysadmin. Local-first. Read-only. Quiet until something actually matters.

install

$ curl -fsSL spyd.sh | sh

private by default · runs fully local until you opt in · never writes to your system

○ ○ ○ spyd status ○ ○ ○

$ spyd status
 
● daemon  running   pid 12345
  uptime  4d 02h 17m
  brain   1,284 patterns learned
 
cpu     45.2%   ▓▓▓▓▓░░░░░
mem     62.1%   ▓▓▓▓▓▓░░░░
disk    55.3%   ▓▓▓▓▓░░░░░
 
✓ no incidents · last check 14s ago
$

[ what it does ]

A daemon, a brain, and a calm second opinion.

01 — diagnose

Senior sysadmin intelligence

An on-call engineer that's seen this before. Spyd identifies root cause, not symptoms — and walks you to a fix with the exact commands to run.

02 — learn

Local brain

On-host memory that learns what's normal for your box, recognizes recurring incidents, and suppresses benign noise. Most issues are handled without an AI call.

{∞}

03 — detect

Attack pattern recognition

SSH brute force, crypto miners, DDoS, fork bombs — plus TLS expiry, DNS failures, and disk or inode exhaustion, explained in plain English.

[!]

[ how it works ]

Five steps. No dashboard required.

01collect

cpu · mem · disk · inodes · logs · tls · dns — every 60s

→

02detect

threshold, statistical, log & security detectors turn metrics into anomalies

→

03learn

the local brain recognizes recurring incidents and suppresses noise

→

04explain

ai diagnoses the root cause with evidence and a copy-paste fix

→

05alert

only what matters — plain english, with confidence and safe-first commands

01collect

cpu · mem · disk · inodes · logs · tls · dns — every 60s

02detect

threshold, statistical, log & security detectors turn metrics into anomalies

03learn

the local brain recognizes recurring incidents and suppresses noise

04explain

ai diagnoses the root cause with evidence and a copy-paste fix

05alert

only what matters — plain english, with confidence and safe-first commands

[ quickstart ]

Two ways to start.

Spyd is a single static binary. Put a whole fleet in the cockpit, or try it on one box local-only — either way it runs read-only and stays quiet until something actually matters.

cockpit · fleet

Connect to the fleet

Sign in at app.spyd.sh, generate an install command, and run it — the host shows up in the cockpit in ~60s, with fleet view, cloud alerting, and AI explanations.

$ curl -fsSL https://spyd.sh/install.sh \
    | sh -s -- --enroll <token> --accept-terms

already installed? run spyd enroll <token>

local-only

Try it on one box

No account, nothing leaves the host. Install, then three commands — it learns your baseline and stays quiet. Connect to the cockpit later, anytime.

$ curl -fsSL spyd.sh | sh
$ spyd init          # config tuned to this box
$ spyd start         # learns your baseline
$ spyd status        # what it's watching

connect later with spyd enroll <token>

○ ○ ○ install · enroll · verify ○ ○ ○

$ curl -fsSL https://spyd.sh/install.sh | sh -s -- --enroll 7f3c…a91 --accept-terms
downloading spyd v2.1.3 (linux/amd64)…
✓ spyd installed → /usr/local/bin/spyd
✓ enrolled · identity registered with your org
  awaiting first check-in…
 
$ spyd status
● running · streaming to cockpit · 0 incidents
✓ visible in the app.spyd.sh fleet
$