VixPro AI Info

VixPro AI is an AI-powered server management platform that acts as a companion engineer for your infrastructure.

What it does:

• Responds to alerts around the clock, triaging issues with full context awareness
• Executes remediation through registered tools and secure, controlled channels
• Delivers daily executive summaries so your team starts each day informed

VixPro AI is not a monitoring platform. It integrates with your existing monitoring stack (Alertmanager, Datadog, PagerDuty, Grafana, or any webhook-capable tool) and adds the response layer that turns alerts into resolutions.

Who it is for:

• Lean development teams who want intelligent operations support without building a dedicated ops team
• Solo developers managing a single server who need overnight coverage
• Growing teams scaling across multiple providers who need consistent incident response

Full audit trails and configurable human approval gates keep you in control regardless of scale.

No.

VixPro AI does not replace your monitoring stack.

• Monitoring tools detect problems and generate alerts
• VixPro AI receives those alerts, helps investigate the issue, gathers context, and can take action through registered tools and controlled approval paths

Most teams are up and running within an hour.

• Go Agent — installs on any Linux server with a single curl command. Outbound-only connection, no firewall rules, no inbound ports, no SSH key management required
• Cloud API — for AWS, GCP, or Azure teams, requires no installation at all. Connect your existing IAM credentials and VixPro AI executes through your cloud provider's infrastructure

Getting started:

• Demo tier — free, explore the platform with demo infrastructure
• Preview tier — $38 one-time, full feature access for 30 days with your own servers

No. VixPro AI supports multiple connection methods — you choose the right one for each server.

• Go Agent (recommended) — lightweight binary, installs with one command, connects outbound via WebSocket. No inbound ports, no SSH exposure, works behind NAT and firewalls
• Cloud API — connects through your existing cloud provider infrastructure (AWS SSM, GCP IAP, Azure Run Command) using your own IAM credentials. No agent, no SSH port required
• SSH — supported for environments where neither option is practical

All three connection methods use the same security gate chain, the same tool registry, and the same audit logging.

Four connection methods, configurable per server:

• Agent — lightweight Go binary connects outbound via WebSocket through Cloudflare Tunnel. No inbound ports. Works behind NAT and firewalls. Supports operations that would terminate an SSH session (reboots, network restarts). Recommended for most servers
• SSH — traditional SSH execution via the VixPro AI container. Useful where agent installation isn't possible
• Both — Go Agent preferred with automatic SSH fallback if the agent is disconnected. Provides resilience for critical servers
• Cloud API — agentless execution through your cloud provider's native infrastructure. AWS uses SSM Run Command, GCP uses IAP TCP Tunneling, Azure uses Run Command. No software installed, no open ports

All four methods pass through the same security gate chain:

• Org-level permissions — allowed, requires approval, or disabled per tool
• Admin approval gates — untested tools never reach production
• Audit logging — every execution logged with full parameters
• Rate limiting — prevents runaway execution loops
• Parameter validation — verified before any command runs

Yes. Cloud API connection mode is designed for teams who want zero third-party software on their servers.

How it works:

• AWS — executes through SSM Run Command
• GCP — executes through IAP TCP Tunneling
• Azure — executes through Run Command via Azure Arc

Security posture:

• No open SSH port on your servers
• No VixPro agent installed on customer infrastructure
• No VixPro credentials stored on your servers
• Your IAM policies are the outer control plane — VixPro AI operates within whatever permissions you grant
• Dual audit trail — logged in both your cloud provider's native audit trail (CloudTrail, GCP Audit Logs, Azure Monitor) and VixPro AI's own audit log

You bring your own cloud credentials (BYOK), stored securely in your isolated Fly.io container environment — never in a shared database.

Not everything.

VixPro AI can execute registered tools and approved actions within the boundaries defined by your organization.

• Some actions may run automatically (read-only diagnostics, low-risk operations you've marked as allowed)
• Other actions require explicit approval before execution

If an action is permission-gated, VixPro AI will surface the approval request before proceeding.

Safety depends on the guardrails in place. VixPro AI is built on one core principle: humans define tools, AI executes them, and multiple gates validate every execution.

Five-layer security chain:

• Org-level permission checks — each tool is set to allowed, requires approval, or disabled
• Admin approval gate — untested tools never reach production
• Audit logging — every execution logged with automatic secret redaction
• Rate limiting — prevents runaway execution loops
• Parameter validation — verified before any command runs

Key constraints:

• Signed tool registry only — VixPro AI cannot invent commands, modify tool definitions, or execute anything outside the approved registry
• Human approval for high-risk tools — via your notification channel before execution
• Fail-safe default — always "requires approval," never "allowed"

VixPro AI prevents hallucination through architecture, not just prompts.

• Signed tool registry — selects tools exclusively from a cryptographically signed manifest of 290+ pre-built, tested tools. Cannot fabricate commands or reference tools that don't exist. Unsigned or tampered manifests are rejected entirely
• Category allowlists — during incident response, only permitted categories are accessible (health, diagnostic, troubleshooting, security, docker, logs, network, systemd). Categories with external side effects are blocked entirely
• Manifest validation — every tool call is validated against the signed manifest before execution. Non-existent tools are filtered out and VixPro AI is told not to retry them
• Completion rejection — if VixPro AI declares an incident resolved but every tool actually failed, the completion is rejected and auto-escalated to a human. Silence is not treated as success
• Blocked tool tracking — permission-blocked or unavailable tools are tracked per session. VixPro AI receives an explicit message not to retry them, preventing circular failure loops

VixPro AI is designed to surface failures, not hide them.

When VixPro AI cannot resolve an issue, it escalates through a structured path:

• Escalation record — created with full diagnostic context: every tool run, every output received, what was tried, and why it's escalating
• Notification — sent to your configured channel (Slack, PagerDuty, Teams, or SMS) so the on-call engineer gets full context, not a bare alert
• Maintenance trip wire — if two consecutive server-level failures occur during scheduled maintenance, the run halts and hands off to the reactive agent
• Action item tracking — failed tool executions are tracked with "Pending VixPro Fix" status, ensuring silent failures are surfaced rather than hidden

Every tool has one of three permission levels:

• Allowed — executes automatically
• Requires approval — pauses for human confirmation
• Disabled — never runs

You configure these at the org level with overrides per tool, per server OS, or per connection type.

When approval is required:

• Notification sent to your configured channel (Slack, Teams, PagerDuty, or SMS) with the tool name, VixPro AI's reasoning, server context, and what it's trying to accomplish
• Authorization happens in the dashboard with MFA — never via Slack reply or SMS response. This prevents approval-by-SMS attacks where a spoofed message could authorize a destructive operation

For scheduled maintenance, approvals can be pre-authorized at schedule creation time so overnight runs don't require a 3am confirmation.

The Go Agent uses multi-layer tamper detection that makes unauthorized modifications detectable and self-limiting.

• At installation — the agent receives cryptographically signed configuration files and public keys via a Trust-On-First-Use (TOFU) handshake. Private keys never touch the customer server
• At startup — verifies RSA-SHA256 signatures of configuration files. Tampered or unsigned config causes exit with code 2 — systemd will not restart a tampered agent. Recovery requires re-registration
• At runtime — integrity checker goroutine runs every 5 minutes, re-verifying configuration signatures and checking SHA-256 hashes of pinned public keys. Any modification triggers a critical alert via WebSocket and creates an incident in VixPro AI
• Key rotation — requires no binary rebuild or reinstall. New keys are signed by the old private key and distributed via WebSocket to all connected agents simultaneously

VixPro AI's registry includes 290+ tools across these areas:

• Disk and storage — log rotation, journal cleanup, Docker image/container pruning, temp file removal, disk usage analysis
• Memory and CPU — page cache clearing, swap management, process identification, OOM event detection, load history analysis
• Docker and containers — crash recovery, compose stack management, container restart, volume debugging, ephemeral container execution
• Services and networking — systemd service restarts, DNS cache flush, NTP sync, HTTP health checks, port connectivity testing
• Security — SSL certificate renewal via certbot, firewall rule management, brute-force SSH detection, sudo activity auditing
• Databases — PostgreSQL lock detection, vacuum operations, active query management, connection pool monitoring. Redis key management and flush operations
• Cloud backup monitoring — AWS RDS backup status, EC2 snapshot detection, backup SLA threshold alerting

Each tool is individually tested and approved before reaching production. VixPro AI selects tools dynamically based on alert context.

Yes, for a well-understood and significant portion of production incidents.

Common overnight issues VixPro AI handles autonomously:

• Disk space from unrotated logs
• Zombie Docker containers consuming resources
• Swap thrashing and memory pressure
• Expired SSL certificates
• Stale DNS caches
• Crashed services that need a restart

You control the boundary:

• Read-only diagnostics — run automatically
• Low-risk remediation (log rotation, cache clearing, service restarts) — can be configured to auto-approve
• High-risk operations (file deletion, firewall changes, database modifications) — always require human approval regardless of time of day

Every morning you receive a daily executive summary of what happened overnight — incidents detected, tools executed, what was resolved, and what needs your attention.

Three ways:

• Eliminates the detection-to-response gap — VixPro AI starts investigating the moment an alert arrives. No human needs to wake up, read a Slack message, gain context, and SSH in. For a 3am incident, this alone removes 20-40 minutes from MTTR
• Context-first investigation — builds its diagnostic approach using your runbooks, knowledge base, and server context before selecting tools. Starts from an informed position rather than running generic checks from scratch
• End-to-end autonomous resolution — for incidents matching known patterns, resolves without waiting for human involvement. The daily executive summary surfaces what was resolved overnight and flags predictive signals (emerging disk pressure, increasing memory trend) before they become outages

Alert noise is a first-class problem in VixPro AI's design. Multiple safeguards operate independently:

• Daily alert budget — per-server budget caps how many AI-processed alerts occur per day. When exceeded, incidents enter manual mode rather than consuming AI credits on a storm
• Storm detection — servers generating more than 20 alerts in 5 minutes are flagged. The signal surfaces in your daily summary so you can investigate the underlying cause
• Concurrency limiting — maximum of 3 simultaneous reactive AI agents per container. A fourth alert queues or enters manual mode
• Rate limiting — tool execution capped at 100 per minute per org. Alert ingestion capped at 60 per minute per server
• BYOK AI spending limits — you set your own spending limits directly with your AI provider. VixPro AI's cost dashboard gives full visibility into per-query costs, daily totals, and projections

Yes. Scheduled maintenance runs with several controls that distinguish it from simple cron-based automation:

• Upfront permission scan — before any tool runs, VixPro AI checks every tool against the org permission chain. Disabled tools cancel the maintenance. Approval-required tools request approval before execution begins — not mid-run
• Pre and post health checks — contextual health checks run before and after the maintenance window, providing a before-and-after comparison in the change record
• Trip wire — two consecutive server-level failures halt the run and hand off to the reactive AI agent for diagnosis
• Change records — every maintenance run creates a change record automatically, with tool-by-tool analysis of what each operation accomplished. Exports to Markdown for direct handoff to coding tools

Operational Memory extracts and retains lessons learned from your infrastructure history. When incidents, tasks, and changes are archived, VixPro AI extracts memory events — distilled operational insights that improve future incident handling.

Four types of memory events:

• Recurring Pattern — the same issue keeps happening (e.g. "CPU alert on srv-A fires every Tuesday during cron backup job")
• Proven Remediation — a fix that worked (e.g. "Restarting nginx after config change resolves 502 errors within 30s")
• Tool Reliability — tool success/failure patterns (e.g. "check_disk_space fails on NFS mounts — use df_local instead")
• Configuration Insight — threshold or config learnings (e.g. "CPU alert threshold 1.8% on srv-A is too sensitive — raised to 15%")

Memory events are automatically included in context when VixPro AI handles alerts on the relevant server. VixPro AI starts each investigation informed by past experience rather than from scratch.

You can review, pin, and dismiss memory events on the Operational Memory page. The system improves over time — the more VixPro AI sees, the smarter it gets about your specific infrastructure.

Every memory event has two controls that give you direct control over what VixPro AI remembers.

Pinning a memory:

• Always included in context when handling alerts for the relevant server, stack, or org
• Sorted above all others — even higher-confidence unpinned memories
• Never expires — remains active indefinitely
• Use for lessons you know are critical and should always inform VixPro AI's decisions

Dismissing a memory:

• Removed from context — no longer influences analysis or recommendations
• Kept in database for audit purposes
• Use for memories that are outdated, incorrect, or no longer relevant

Memory events that are neither pinned nor dismissed are ranked by confidence score (0-100%). The top 10 most relevant memories are included in context for each alert. Confidence increases automatically through reinforcement as the same pattern is seen across multiple incidents.

Every memory event has a scope that determines which servers it applies to. Scopes form a hierarchy from most specific to broadest:

• Server — applies only to the specific server where the pattern was observed
• Stack — applies to all servers in the same stack
• Connection Method — applies to all servers using the same connection type (agent, SSH, API)
• OS — applies to all servers running the same operating system (Linux or Windows)
• Org — applies to every server in your organization

How scope promotion works:

• Starts specific — new memory events begin at the most specific scope (usually server)
• Promotes automatically — if the same pattern is observed on a different server in the same stack, scope moves from server to stack. Across different stacks, it promotes further
• Pinning overrides — a pinned server-scoped memory stays at server scope regardless of reinforcement

When handling an alert, VixPro AI includes memories from all applicable scopes: server-specific, stack-wide, and org-wide.

VixPro AI integrates with your existing monitoring stack as an alert consumer and response layer.

Supported alert sources:

• Alertmanager (Prometheus)
• Datadog
• PagerDuty
• Any webhook-capable tool — alerts arrive via authenticated webhook

VixPro AI does not replace your monitoring tools — it acts on what they detect. Keep your dashboards, metrics collection, and alerting rules in place.

For teams that don't yet have a monitoring stack, VixPro AI's companion product O11yAura provides a self-hosted observability platform. VixPro AI manages O11yAura's own production infrastructure — a live demonstration of both products working together.

Notification and approval channels:

• Slack — rich block-formatted messages with incident context and approval links
• Microsoft Teams — via Power Automate webhook with Adaptive Card formatting
• PagerDuty — incident creation and escalation (BYOK)
• SMS via Twilio — for critical alerts and approval notifications (BYOK)
• Dashboard — all approvals are always visible regardless of notification channel

Important design decision: notifications tell you an approval is waiting. Authorization always happens in the VixPro AI dashboard with MFA — never via a reply in Slack or a text message response. This prevents spoofed approval attacks.

Yes. VixPro AI is cloud-agnostic and supports servers on any provider.

• Go Agent — installs on any Linux server regardless of provider (AWS EC2, GCP Compute Engine, Azure VMs, DigitalOcean, Linode, Hetzner, Vultr, or bare metal). Outbound-only WebSocket connections through Cloudflare Tunnel, works behind NAT and firewalls
• Cloud API mode — connects through the provider's native execution infrastructure (AWS SSM, GCP IAP, Azure Run Command) using your existing IAM credentials. No agent installation required

VixPro AI provides a unified management layer across all your servers regardless of provider, with per-server connection method configuration.

Windows server support is on the roadmap.

VixPro AI connects directly to your cloud provider's backup APIs — no agent required for this feature.

Supported providers:

• AWS — RDS automated backup status, EC2 snapshot existence, AWS Backup job history
• GCP — Cloud SQL backups and persistent disk snapshots

How it works:

• Configurable Backup SLA — set your expected backup frequency (hourly, daily, weekly) and threshold in hours per server
• SLA reporting — VixPro AI reports whether each server is within SLA or flagged
• Daily summary integration — backup status flows directly into your morning executive summary (e.g. "VixVault DB — Last RDS backup 3.2 hours ago. Within SLA")

Every remediation action, scheduled maintenance run, and incident resolution creates a structured change record.

What's included:

• Tools executed with parameters used
• Outputs received from each tool
• Before/after health comparisons
• VixPro AI's synthesis of what was accomplished and why

Export and handoff:

• Markdown (.md) export — one-click export structured for direct handoff to AI coding tools (Claude Code, GitHub Copilot)
• Morning workflow — review the daily summary, export the overnight change record, hand it to Claude Code, and let it assess whether any application-level changes are needed

No copy-pasting of terminal output or manual incident writeups required.

Every tool manifest is signed with RSA-4096 using SHA-256 before it leaves the CI pipeline.

Verification points:

• Container fetch — verified when the Fly.io container fetches the manifest from Cloudflare R2
• Agent push — verified when the manifest is pushed to a connected Go Agent
• Agent restart — verified on every agent restart

An unsigned or tampered manifest is rejected entirely. There is no "warn but continue" mode in production.

Key separation:

• Manifest signing key — lives in GitHub CI secrets
• Agent config signing key — lives in a Cloudflare Worker (private key never touches a Fly.io container or customer server)
• Compromise isolation — a compromise of one signing environment does not affect the other

VixPro AI uses a bring-your-own-key (BYOK) model.

What you provide:

• AI providers — Anthropic, Google, OpenAI, xAI
• Notification services — PagerDuty, Twilio
• Cloud integrations (optional) — API keys for backup monitoring and resource discovery (AWS, GCP, Azure, DigitalOcean)

VixPro AI never generates or owns these credentials on your behalf.

How they're stored:

• Isolated Fly.io container — one container per organization, credentials never shared across customers
• Never in the shared database — the database (Supabase) holds operational data (incident records, task history, audit logs), not secrets
• Accessed at execution time — credentials exist only in your org's container environment

Even if the database were compromised, there are no API keys or secrets to extract from it.

VixPro AI's architecture includes several controls that align with SOC 2 and similar frameworks:

• Audit trail — every tool execution logged to an immutable audit table with secret auto-redaction, output integrity hashing, and attribution (AI agent, scheduled, admin test, NLP query)
• Access control — all approvals for high-risk operations require MFA-authenticated dashboard access. Notification channels are informational only
• Data isolation — per-organization Fly.io containers, Supabase Row Level Security, no cross-customer credential sharing
• Encrypted communications — all agent traffic routes through Cloudflare Tunnel over TLS. No plaintext channels
• Key management — RSA-4096 signing keys in isolated environments with separate trust boundaries. Signed key rotation without binary rebuilds
• Change management — automated change records with pre/post health checks for all scheduled maintenance

Enterprise tier includes dedicated database infrastructure and isolated execution environments for organizations with specific regulatory requirements.

Every tool execution is logged, and every log entry passes through automatic secret redaction before being written.

What gets redacted:

• Parameter keys matching patterns like password, secret, token, key, credential, auth, and api_key
• Output preview — the first 500 characters of tool output scanned for values following patterns like password=XXX or token=XXX

Integrity preservation:

• SHA-256 hashing — output integrity preserved so you can verify a log entry hasn't been modified after the fact, even though sensitive values are not stored

The VixPro AI mobile app is currently in development and will be available in the coming weeks.

Planned capabilities:

• Full approval workflow — review pending approvals, see VixPro AI's reasoning and server context, approve or deny from your phone
• MFA authentication — same security requirements as the web dashboard
• Screen capture protection — prevents sensitive server data from appearing in screenshots or screen recordings
• Push notifications — approval requests routed to your phone so you can respond quickly without opening Slack or checking email

Tiered pricing designed for lean teams at different stages:

• Demo — free. Explore the platform and VixPro AI in action on our connected demo infrastructure
• Preview — $38 one-time. Full feature access for 30 days with your own servers. No subscription required to evaluate
• Starter and Lean — monthly plans for production use. Designed for teams managing a small number of production servers without dedicated ops staff
• Professional and Enterprise — coming soon. Enterprise includes dedicated database infrastructure, isolated execution environments, custom SLA terms, and priority support

Pricing details are always current at vixpro.ai/pricing.

BYOK (Bring Your Own Key) means you provide your own API keys for the LLM providers powering VixPro AI.

Supported providers:

• Anthropic Claude
• Google Gemini
• OpenAI
• xAI (Grok)

Why it matters:

• Cost transparency — you see exactly what AI execution costs in your provider's billing dashboard, with no VixPro margin on top
• Cost control — you set your own spending limits directly with the LLM provider
• Model choice — you choose which model powers each handler independently

Per-handler model selection (five configurable handlers):

• Incident Response — reactive agent for alert analysis (highest stakes, use your most capable model)
• Chat Queries — natural language server queries
• Health Checks — L1, L2, L3 and circle group checks (high volume, cost-sensitive)
• Maintenance — scheduled maintenance analysis
• Daily Summary — daily digest generation

Cost tracking uses published per-token API rates by default. If you have negotiated enterprise pricing, VixPro AI lets you override rates per model so your cost dashboard reflects your actual spend.

The same BYOK principle applies to PagerDuty, Twilio, and cloud provider credentials. VixPro AI is a coordination and execution layer — you own the relationships with every underlying service.

Yes, at multiple levels:

• Provider-level limits — you set spending limits directly in your AI provider's dashboard. VixPro AI operates within whatever limit you configure
• Daily alert budget — per-server budget controls how many AI-processed incidents occur per day. When exceeded, incidents enter manual mode rather than consuming additional API credits
• Cost dashboard — tracks AI costs per execution, per day, and per source type (reactive agent, NLP query, daily summary, scheduled maintenance). See exactly where credits are being spent
• Storm detection — servers generating unusual alert volumes are flagged before they consume disproportionate AI budget. The signal surfaces in your daily summary