Safe Execution & Rollback
Deterministic changes with built-in safety. Dry-run, diff, and validation before applying changes. SafeApply with automatic rollback on failure.
SafeApply — 5-Stage Workflow
1
Dry-Run
Validate config with checker (nginx -t, sshd -t, etc.)
2
Stage
Write to temporary location
3
Apply
Atomic replacement of production file
4
Health Gate
Monitor service health for 60-120 seconds
5
Auto-Rollback
Restore previous version if health checks fail
Health Gate Checks
Service statussystemd active state verification
HTTP endpointHTTP probes returning 2xx
Log error countmonitoring for error spikes
Timer-basedconfigurable thresholds and durations
Snapshots & Time Travel
- Configuration snapshots with versioning (Config-only, Full, Full-quiesce)
- Snapshot diff view with file-level additions/deletions
- One-click restore with hostname verification and approval tracking
- Metadata: trigger (manual/auto/SafeApply), user, size, duration
- Download snapshots for offline review
Config Drift Detection
- Detect when server config drifts from desired state
- Side-by-side diff visualization
- Auto-remediation with SafeApply workflow
- Scheduled drift scans across fleet