Server Memory
Know what's actually running on each of your servers — without the backend ever seeing what's actually running.
What is Server Memory?
Every time the Servonaut CLI probes a server, it writes a small structured record of what it found — kernel version, installed runtimes, listening ports, running services, disk usage. That record is your memory of that server. It's what powers the AI chat's "this is how this box is configured" context, the CLI's inventory view, and the drift timeline on your dashboard.
On Free, memory stays on your laptop. The CLI stores it
under ~/.servonaut/memory/ and that's it. Nothing ever reaches
our servers.
On Solo and Teams, you can sync memory to
servonaut.dev so your fleet view, drift alerts, team sharing,
and weekly digests all work across machines. We never see the
plaintext.
Zero-knowledge in plain English
Your CLI encrypts each module (os, runtimes,
services, etc.) locally, with a key derived from your memory
passphrase via Argon2id. Only the ciphertext plus a tiny
allow-listed metadata surface (server display name, provider, probe
timestamp, hash of the ciphertext, a handful of scalar counters) reaches us.
The decryption key for the actual contents never leaves your device.
When you look at a server on the account dashboard, the decryption happens in your browser using your passphrase. The backend streams you opaque bytes and your browser turns them into readable text.
We also double-wrap your keypair on our side: the encrypted private-key blob you upload for device recovery is wrapped a second time with an app-held key stored in the production environment. A database-only leak (backup, SQL injection in an unrelated feature) is useless — the attacker still needs both your passphrase and access to the app container to decrypt anything.
What the backend can read
| Field | Visible to us? |
|---|---|
| Your server's display name (e.g. "web-prod-1") | Yes — you chose it |
| Which cloud provider (aws / ovh / gcp / azure / custom) | Yes |
| Probe timestamp | Yes |
| Hash of the ciphertext (for drift detection) | Yes |
| Scalar counts (disk %, port count, service count) | Yes — for anomaly rules |
| Hostnames, IPs, process lists, config file contents | Never |
| Your annotations and notes | Never |
| Command output | Never |
Drift detection works purely off the ciphertext hash — if the encrypted bytes for (server, module) change between two probes, a drift event lands in your inbox. The CLI (or your browser) fetches both versions and shows you the actual diff locally.
Team sharing
On the Teams plan, you can explicitly share a server's memory with your team. When you do, your CLI generates a one-time key per envelope and wraps that key once per eligible team member using their public key (X25519 sealed boxes). Only those members can decrypt. We never hold a team-wide key.
Soft-revoking a share hides it from the dashboard but keeps wraps around so
you can undo. Purging deletes the wraps — downstream team members get a
404 access_revoked on next read.
AI summaries — the one place plaintext leaves your browser
Optionally, you can ask the backend to run a one-off AI summary of a server. This is the only path where decrypted bytes cross our firewall, and even then only for up to 60 seconds.
Default: off. You explicitly enable it per server, per modules you pick, and you acknowledge that the AI provider (displayed by name in the consent dialog) will see the prompt for the duration of its retention window. The plaintext is regex-scrubbed on the way out — IPv4/IPv6, emails, URL hosts, and cloud-default DNS names are replaced with placeholders before the prompt leaves our box.
If that trade-off isn't acceptable, pick client-side mode: the CLI calls your own LLM with your own API key, and our backend never sees the plaintext at all.
Compliance export
Teams-plan users can export a signed .tar.gz covering any
window — metadata + encrypted envelopes + chain of custody + our Ed25519
signature. Auditors can fetch our public signing key from
/api/v1/memory/export-signing-key without credentials and
verify the manifest hasn't been tampered with.
Retention
- Free: no backend storage — your CLI's local files only.
- Solo: 30 days of snapshot history per server/module.
- Teams: 180 days.
- We always keep the latest snapshot per server/module so the fleet view works even if you go on holiday.
Turning it off
Per-server: toggle memory_disabled in
~/.servonaut/config.json or via the dashboard. The CLI will
stop probing that box and the backend will purge any stored envelopes
next time the CLI syncs.
Account-wide: set memory.enabled = false in the CLI config.
Nothing syncs. You can still use every other Servonaut feature.
More
- Technical threat model + envelope shape: see the API reference.
- Ops runbook (key rotation, DLQ drain, kill-switch): internal documentation.