HyprBox docs GitHub ↗

HyprBox — one-pager

Self-hosted infrastructure autopilot for small fleets. It doesn't just tell you what's wrong with your servers — it fixes it, with proof.

Who it's for

Freelancers and MSPs running a handful to a few dozen Linux VMs for SMB clients. No platform engineer, no cluster, no IaC pipeline — just real hosts that must stay hardened, backed up, and monitored. The people who today SSH into each box and fix things by hand.

The problem

Monitoring shows the red — disk full, SSH allows passwords, cert expiring, DB with no backup — and then a human fixes it by hand, on every server, un-versioned and unverified. Dashboards surface problems; nobody closes the loop. The big platforms (Terraform, Ansible towers, Kubernetes) assume a platform team and cloud-scale infra a PME simply doesn't have.

What it does — find → fix → verify

Discover (agent scanners raise plain-language Findings) → Recommend (each maps to a vetted fix) → Preview (see the exact bash + risk tier) → Apply (runs for real, streamed live) → Verify (asserts it took, or the job fails). A passing fix auto-resolves the Finding.

Preview-then-apply is the differentiator: every change is visible before it runs, gated by a safety tier, and proven afterward.

Three modules, one loop

  • HyprGuard — security baseline: a 9-check audit (kernel updates, SSH, UFW, fail2ban, sudo, disk encryption, …) → hardening presets.
  • HyprVault — backups: Restic policies + scheduled runs; flags databases with no backup.
  • HyprWatch — monitoring: stands up and verifies a Prometheus / node-exporter / Grafana / Alertmanager stack, then keeps it healthy (v1).

What it is not

  • Not a Terraform / IaC platform — we don't own cloud state, plan, or drift.
  • Not a Kubernetes / Helm platform — we run bash on hosts, not manifests into a cluster.
  • Not another metrics dashboard — we install and verify Grafana; we don't reimplement it.

The line is deliberate: host-installed apps, yes; other control planes, no.

Why it wins here

  • The gap is real. Between "dashboards that only alert" and "IaC platforms built for platform teams" sits the PME/MSP — underserved, and the exact audience that needs the loop closed for them.
  • 80% proven OSS, 20% proprietary intelligence. We don't reinvent Prometheus, Restic, or UFW — we orchestrate them with the find→fix→verify autopilot and make the value visible.
  • Self-hosted. Your servers, your data, no metrics SaaS to trust or pay per host. A natural fit for MSPs who resell to privacy-sensitive SMBs.

Status

V1, demo-ready — self-hosted preview. End-to-end loop runs on a real agent (web + API + Go agent + CLI). Live 5-minute walkthrough: DEMO.md. Roadmap + anti-goals: ROADMAP.md · AUTOPILOT.md.