INULTUS - Claude Code, for your servers. With a leash.

Open a session in your browser. Chat with the AI on one side, a full VSCode IDE on the other, a real git repo backing the workspace. Describe what you need in plain language. The AI writes PyInfra code as commits you can read, edit, and diff. Dry-runs are free. Applying needs two humans. Your data never leaves your network.

On-premises Two-human approval Embedded VSCode Air-gap ready
Schedule a 15-min demo See how it works

Non inultus premor

I am not injured unavenged.

30+

French hospitals hit by ransomware in 2022-2023

20%

of hospital servers run obsolete, unpatched systems

150+

hours/month on manual vulnerability management

3x

increase in vulnerability exploitation as initial access vector

Institutions are getting hacked. They cannot hire fast enough to stop it.

30+ French hospitals hit by ransomware in 2 years. 20% of hospital servers run obsolete systems. Your team spends 150h/month on manual patching instead of securing the fleet.

Breaches are accelerating

60% of breaches trace to a known, unpatched vulnerability. Vulnerability exploitation as initial access vector tripled in one year. Every delay is a window for attackers.

AI tools that break production

Claude Code and Cursor shell out to bash. They run arbitrary commands. One hallucinated rm -rf and the business is down. No sysadmin trusts an AI with raw SSH to production.

Regulation is forcing action

NIS2 covers 15,000 entities in France alone. DORA, HDS, SecNumCloud: compliance deadlines are here. Manual patching cannot keep up. Auditors are knocking.

Sovereignty is non-negotiable

Government, banks, hospitals cannot send fleet data to a SaaS vendor. 86% of CIOs plan to repatriate workloads on-premises in 2025 (IDC). Existing AI copilots are cloud-only. That is a dealbreaker.

Replace the senior sysadmin you cannot hire.

Open a session in your browser. Chat with the AI on one side, an embedded VSCode IDE on the other. The AI writes PyInfra code into a real git repo. You run a dry-run for free. Applying requires a teammate to approve, and they have to be a different user.

Discover

Ask your fleet anything

Query your infrastructure in plain language. The AI collects PyInfra facts across your fleet and returns structured data: OS versions, installed packages, running services, kernel versions, open ports. Every call is logged in the session audit trail.

inultus
you> What OS and package managers are on
my servers tagged prod?
Collecting facts from 23 hosts in prod...
HOST OS PKG MGR
prod-web-01 Ubuntu 22.04 apt
prod-web-02 Ubuntu 22.04 apt
prod-db-01 Debian 12 apt
prod-api-03 Rocky 9.3 dnf
Instruct

Describe what you need

"Harden the prod-web group against CIS Level 1." The AI reads the docs library (PyInfra ops, regulations, examples), fetches facts, and writes real PyInfra code as commits in your session's git repo. You see every file in the embedded VSCode. You can edit them yourself.

inultus
you> Harden the prod-web group against
CIS Level 1
Reading /docs/regulations/cis/...
Auditing 23 hosts...
12 findings (SSH, perms, audit)
Wrote src/harden_cis.py, src/inventory.py
Committed: feat: CIS Level 1 baseline
Dry-run

Test against the live fleet, no changes applied

Before anything touches your servers, the AI runs `pyinfra --check` in the isolated session container, against the real targets. The diff streams to your browser. No changes applied. Every dry-run is persisted with stdout, stderr, and result, tied to the commit SHA.

inultus
you> Dry-run
Running pyinfra --check on 23 hosts...
+ files.line(/etc/ssh/sshd_config, ...)
+ systemd.service(auditd, running=True)
23 hosts, 0 errors, 47 changes queued
Logs saved as job kind=check
Four-eyes apply

You propose. A teammate approves. Then it runs.

You click Propose. A different teammate with read-write access reviews the diff, the dry-run output, the code in git. They approve. The apply runs in the same isolated session container, logs stream live, the full result lands in an immutable audit trail. SSH key is decrypted in memory, written to tmpfs, shredded on exit.

inultus
Risk: MEDIUM (SSH config change)
Targets: 23 hosts, commit a4f2c1b
[Propose to teammate]
Sent to teammate@example.com for review...
Approved by teammate@example.com
Executing in session container...
ok sshd_config hardened
ok auditd running, enabled

On-premises by default

Your data stays on your network. The AI stays on a leash.

YOUR PREMISES
  • Web dashboard with embedded VSCode per session
  • One isolated container per session (Python + PyInfra)
  • Per-session git repo: code, diff, history
  • PocketBase (DB + file storage + OIDC SSO)
  • Native Linux binary, deployed via PyInfra

Fleet data, code, and audit NEVER leave.

LLM calls only
CLOUD
  • LLM API (optional, swappable)

Only inference calls. No data stored.

Fully air-gapped option

Coding model runs on-premises via llama.cpp. Nothing leaves the network. Zero external dependencies. Release 2 fine-tunes the model with DPO on real production feedback captured from day one.

Why Inultus

"Non inultus premor" — Motto of Nancy, Lorraine, since 1477.

We are PyInfra contributor #3

We do not wrap PyInfra, we shape it. Direct influence on the fact/operation API roadmap. This is not a "we use open source" story. This is a "we ARE the open source" story.

Battle-tested predecessor

Jinn, our predecessor, serves paying enterprise clients in the Gulf: government, fintech, healthcare. 500+ servers managed. We know the buyer, the deployment, and the objections. We are not building from scratch.

On-premises is the moat

Cloud AI tools opened the market. But banks, hospitals, and government cannot use them. Their data cannot leave their network. We serve the customers they cannot.

Four-eyes encoded in the tool surface

The AI writes PyInfra code, not bash. It can dry-run freely. It has no `apply` tool. Apply requires a human proposal followed by a different human's approval. The gate is in the code, not just the policy. No prompt injection path to execute.

Git is the audit trail for code

Every line of code that ever ran on your fleet has a commit SHA. Every change has a diff. `git log` is auditable, `git show <sha>` is reproducible. PocketBase carries the things git is bad at: logs, results, feedback.

Training data flywheel from day one

Every install captures approve / reject / edit / rollback feedback on every apply. Release 2 fine-tunes a coding model with DPO on that real preference data, served on-prem via llama.cpp. Every install we ship makes the next install's model better.

Built for institutions

OIV (critical operators)

Energy, transport, water, defense primes. Air-gapped networks, zero external dependencies, LPM obligations. ANSSI in the room.

NIS2 large entities

Large enterprises freshly pulled under NIS2: manufacturing, postal, digital infrastructure, food. New audit mandates, understaffed IT.

Government, hospitals, collectivites

Ministries, hospital GHTs, metropoles, territorial authorities. Sovereignty-first, HDS, SecNumCloud readiness. Chronic hiring gap.

Large regulated enterprises

Banking, insurance, healthcare groups, energy, telecom. DORA, ISO 27001, change control. Auditors live in the room.

Team

Loic Tosser

Founder

PyInfra contributor #3 FOSDEM speaker 10+ years production Linux/BSD fleets

Built Jinn, the predecessor serving enterprise clients in the Gulf: government, fintech, healthcare. 500+ servers managed.

HQ

Nancy, Lorraine, France

Born in the city of the thistle.

Questions

How does Inultus guarantee security if it runs operations on my servers?
The AI never gets raw SSH access. It writes PyInfra code into the session's git repo. It can dry-run freely (no changes applied). It has no `apply` tool. Applying requires a human to propose and a different human to approve. SSH keys are generated only by Inultus (no upload), encrypted at rest with age envelope, delivered via tmpfs at apply time, shredded on exit.
What happens if the AI generates bad code?
Every proposal is dry-run against the live fleet in an isolated session container before applying. The diff streams to your browser. You read the actual PyInfra code in the embedded VSCode. You can edit it. A second human reviews the diff and approves before anything runs. Bad code gets rejected at the four-eyes gate.
Can Inultus run in a fully air-gapped environment?
Yes. The coding model can run on-premises via llama.cpp. No external API calls, no data leaving your network. Zero external dependencies. The knowledge layer (PyInfra docs, regulations, examples) ships as a versioned tarball you swap in.
What does it integrate with?
Inultus manages any server reachable via SSH: bare metal, VMs, on-prem hypervisors. Inventory sync from Netbox, VMware Cloud Director, VMware vCenter, and Proxmox in v0; OpenStack, Foreman/Katello, and MAAS in Release 1. OIDC SSO for authentication. CLI and MCP server for external automation in Release 1. PocketBase API for custom integrations.
How is this different from Ansible?
Ansible requires you to write playbooks. With Inultus, you describe intent in chat and the AI writes the PyInfra code as commits in a real git repo. You see every file in an embedded VSCode IDE. Discovery is built-in: ask questions about your infrastructure in plain language and get structured answers via PyInfra facts.
What is the ROI?
Teams typically spend 150+ hours/month on manual vulnerability management for a 100-server fleet. Inultus costs less than a junior sysadmin and accelerates patch cycles by 70-80%. The first pilot typically pays for itself within 3 months.

Touch my servers. I dare you.

See Inultus patch, harden, and report on a live fleet in 15 minutes.

Schedule a demo

contact@inultus.com