Features

Everything Servonaut can do — from SSH management to AI log analysis and WAF rule control.

Interactive TUI

Servonaut's interface is built with Textual, a Python framework for rich terminal applications. You get full mouse support, keyboard shortcuts, searchable lists, and modal overlays — all in your terminal.

Keyboard shortcuts

SSH & SCP

SSH sessions

Select any server from the list and press S to open an SSH session. Servonaut spawns your configured terminal emulator with the correct SSH command, including your key file and any ProxyJump settings.

SCP file transfer

Press T to open the SCP overlay. You can upload files to the remote server or download files from it. Supports glob patterns for batch transfers.

Bastion / jump host support

Set ssh.proxy_jump in your config to route all SSH connections through a bastion host. Servonaut generates the correct -J user@bastion argument automatically.

AWS integration

EC2 instance management

If AWS CLI credentials are configured, Servonaut auto-discovers all running EC2 instances across your configured regions on startup. Instances appear alongside custom servers in the same TUI list, tagged with their region, instance type, and AWS tags.

CloudTrail event explorer

Press C on an AWS server to open the CloudTrail explorer. Browse, filter, and inspect API call events for your AWS account. Useful for auditing, incident investigation, and spotting unusual activity.

Required IAM permission: cloudtrail:LookupEvents

CloudWatch log analysis

Servonaut can pull CloudWatch log groups and streams and display them in the built-in log viewer. AI analysis works on CloudWatch logs the same way as SSH-fetched logs.

Required IAM permissions: logs:DescribeLogGroups, logs:DescribeLogStreams, logs:GetLogEvents

WAF rule management

Press W to open the WAF manager. When a log analysis (or manual review) identifies a malicious IP address, you can ban it in one of three ways:

• AWS WAF — adds an IP set rule to your existing WAF web ACL (fastest, no EC2 connection required)
• Security Groups — removes the IP from ingress rules on the instance's security group
• Network ACLs (NACLs) — adds a DENY rule to the subnet NACL (blocks at the VPC level)

Required IAM permissions: wafv2:UpdateIPSet, ec2:AuthorizeSecurityGroupIngress, ec2:CreateNetworkAclEntry

AI log analysis

With an AI provider configured, press A in the log viewer to send the current log content to your chosen AI model. Servonaut prompts the model to identify:

• Error patterns and root causes
• Security threats (brute force attempts, suspicious IPs, injection attacks)
• Performance bottlenecks
• Actionable remediation steps

Supports Anthropic (Claude), OpenAI (GPT-4o and others), and local Ollama models. See AI configuration for setup.

Log viewer

The built-in log viewer fetches log files from remote servers over SSH (using tail or cat) and displays them with syntax highlighting. Features:

• Real-time tail mode (tail -f equivalent)
• Pattern search and highlighting within the viewer
• Quick-jump to configured log paths (from log_paths in your config)
• Works with both custom servers and AWS EC2 instances
• One-key AI analysis of the current view

Custom server support

Servonaut treats any server — regardless of provider — as a first-class citizen. DigitalOcean Droplets, Hetzner VPS, on-prem bare metal, VMware VMs — all get full SSH, SCP, and log viewer support.

Custom servers can be tagged with arbitrary key/value pairs and filtered in the TUI using the / search.