Skip to main content

Registry

Action packs

Packs are the catalog emisar runs from — versioned, content-hashed bundles of declared actions for the software you already run. Install the ones for your stack in one command; your agent can then call exactly those actions, and nothing else.

install any pack in one command

$ sudo emisar pack install postgres --hash sha256:8f34c2…

$ sudo systemctl reload emisar

# verified against the pinned hash, then live — your agent can call them now

80 packs · 1,270 declared actions ship today, across databases, containers, observability, cloud, networking, and more — install what you run, or author your own →.

Databases & datastores 13

Postgres operations

postgres · v0.2.9 · emisar

48 actions

Deep Postgres operations — activity introspection, session/lock diagnostics, table + index analytics (bloat, dead tuples, unused indexes), WAL + replication state, progress views, EXPLAIN, and a curated set of operator-tier mutators (cancel/terminate backend, ANALYZE, VACUUM, REINDEX CONCURRENTLY). Authenticates via PG* env vars on the runner host.

os: linux needs: psql

MySQL / MariaDB operations

mysql · v0.1.4 · emisar

25 actions

Read-only MySQL diagnostics plus narrow operator actions for killing queries, flushing logs, and analyzing tables. Authenticates via ~/.my.cnf or MYSQL_PWD env var on the runner host — never via per-call credentials over the wire.

os: linux needs: mysql

MongoDB operations

mongodb · v0.3.1 · emisar

35 actions

Replica-set + shard-cluster introspection, slow-query identification, collection stats, plus remediation surface (killOp, replSet stepDown, collection compact, dropIndex). Authenticates via MONGO_URI env var on the runner host.

os: linux needs: mongosh

Redis operations pack

redis · v0.3.4 · emisar

59 actions

Deep Redis ops — INFO + memory accounting, slowlog + per-event latency, command stats, client list/kill/pause, keyspace introspection (SCAN, TYPE, TTL, OBJECT encoding/refcount/idle/freq, MEMORY USAGE), config get/set/rewrite/resetstat, ACL list/whoami/getuser, cluster topology (info, nodes, slots, slot-count, check), cluster operators (failover, forget, replicaof), Sentinel HA topology (masters, master, replicas, sentinels, get-master-addr, ckquorum, is-master-down, Sentinel INFO) and operators (failover, reset), persistence (lastsave, bgsave, bgrewriteaof, memory purge/doctor), streams + pub/sub introspection, script cache flush, and tier-critical actions (flush_db, flushall, swapdb, shutdown_nosave). Sentinel actions target the Sentinel on port 26379; all others default to 127.0.0.1:6379. Authenticates via REDISCLI_AUTH / REDIS_* env vars on the runner host — never via per-call credentials.

os: linux needs: redis-cli

Cassandra operations

cassandra · v0.4.8 · emisar

45 actions

Deep Cassandra ops via nodetool + cqlsh: topology (status, ring, gossip, describering, failure detector), health (tpstats, netstats, proxy + table histograms, compaction stats + history, throughput), schema introspection, maintenance mutators (snapshot, flush, cleanup, verify, compact, stop, throughput, cache invalidation), repair workflows, node lifecycle (drain, decommission, assassinate, removenode, rebuild), and logging level control. JMX on 127.0.0.1:7199.

os: linux needs: nodetool

ClickHouse analytics DB

clickhouse · v0.2.5 · emisar

32 actions

ClickHouse server + table introspection — metrics, errors, slow & failed queries, parts/partitions, merges, mutations, replication queue, Keeper/ZK health, detached parts, distributed-send backlog, backups — plus narrow mutators (OPTIMIZE, KILL QUERY, SYSTEM RELOAD CONFIG, replica ops). Auth via CH_HOST + CH_USER + CH_PASSWORD env vars on the runner host. Uses clickhouse-client with --query to keep arg surface minimal.

os: linux needs: clickhouse-client

CockroachDB

cockroach · v0.1.2 · emisar

26 actions

Investigate a CockroachDB cluster over the `cockroach` CLI — node liveness / store capacity, under-replicated & unavailable ranges, running queries / sessions / transactions, contention & locks, jobs, statement statistics, table sizes, and cluster settings — plus a few gated operators (cancel a query / session / job, pause / resume a job, decommission / recommission a node). Reads are SQL against crdb_internal / SHOW statements; mutators use SQL or `cockroach node`.

os: linux needs: cockroach

Elasticsearch / OpenSearch ops

elasticsearch · v0.1.7 · emisar

21 actions

Cluster + index introspection plus narrow mutators (cache_clear, force_merge, flush_synced, close_index). Auth via ELASTIC_USER + ELASTIC_PASSWORD env vars on the runner host. Does NOT include delete_index — too easy to misuse.

os: linux needs: curl

Memcached cache server

memcached · v0.1.4 · emisar

7 actions

Read-only memcached introspection via the `stats` ASCII protocol — general stats, slab usage, item counts, sizes. Plus FLUSH_ALL as a critical mutator. Target host/port via MEMCACHED_HOST + MEMCACHED_PORT env vars on the runner host (default 127.0.0.1:11211).

os: linux needs: nc

Typesense search

typesense · v0.1.2 · emisar

8 actions

Read-only diagnostics for a Typesense search node over its HTTP API: health and node/raft state, per-endpoint request stats and system metrics, the collection catalog and individual schemas, API-key metadata, and a tail of slow requests from the server log. One admin API key, streamed over curl stdin, unlocks the stats/metrics/debug endpoints a search-only key cannot read.

os: linux needs: curl

Kafka cluster operations

kafka · v0.1.3 · emisar

20 actions

Topic introspection, consumer-group lag, broker config, ACLs, and narrow mutators (reset_offsets, alter_topic_retention, delete_consumer_group, preferred_leader_election). Auth via KAFKA_BOOTSTRAP env var on the runner host plus optional KAFKA_COMMAND_CONFIG (jaas / SASL / SSL).

os: linux needs: kafka-topics.sh

RabbitMQ operations

rabbitmq · v0.1.7 · emisar

18 actions

Cluster, queue, exchange, binding, connection, channel, and consumer inventory plus narrow operator actions (purge_queue, set_policy, force_close_connection). Uses rabbitmqctl + rabbitmqadmin on the runner host.

os: linux needs: rabbitmqctl

ZooKeeper operations

zookeeper · v0.1.5 · emisar

8 actions

Cluster + 4lw command + watch + session introspection. Read-only. Set ZK_SERVERS env var (host:port,host:port,…). All four-letter words need to be in zoo.cfg's `4lw.commands.whitelist`.

os: linux needs: nc

Containers & orchestration 6

Docker operations pack

docker · v0.2.6 · emisar

25 actions

Operator pack for Docker hosts: read-only inventory and per-container introspection, plus narrow mutators (restart, stop, kill, prune). Includes docker-compose support. The runner uid must be in the docker group; this pack does NOT escalate.

os: linux needs: docker

Podman containers

podman · v0.1.4 · emisar

12 actions

Read-only inventory + per-container introspection plus narrow mutators (restart, stop, kill, prune). Drop-in alternative for Docker on RHEL / Fedora hosts. Rootless mode supported as long as the runner uid matches the user that owns the containers.

os: linux needs: podman

Kubernetes operations pack

kubernetes · v0.2.1 · emisar

43 actions

Operator pack for Kubernetes clusters: discovery (pods, nodes, services, deployments), deep introspection (describe, logs, events), rollouts (status, history, restart, undo), and narrow node/pod mutators (cordon, drain, delete). Cluster targeting via KUBECONFIG env var on the runner host; context selectable per call.

os: linux needs: kubectl

HashiCorp Nomad

nomad · v0.1.25 · emisar

60 actions

Deep Nomad operations — full job lifecycle (inspect, history, scale horizontally + vertically, dispatch, revert, promote, stop), per-task CPU/memory resource read + set, allocation introspection + health checks + filesystem ls/stat (metadata only, never file contents) + fixed in-container Redis probes (ping/info via alloc exec, no freeform command) + restart + signal + stop, native service discovery (no Consul) — the high-use reads take optional namespace/region for cross-namespace incident debugging — node fleet management (drain, eligibility, purge), evaluation + deployment status, operator raft + autopilot, CSI + host volumes, ACL policies + tokens, namespaces + quotas. Authenticates via NOMAD_ADDR + NOMAD_TOKEN on the runner host.

os: linux needs: nomad

RKE2 cluster (host-level)

rke2 · v0.2.0 · emisar

6 actions

RKE2-specific host introspection that kubectl can't give you — embedded-etcd live health (etcdctl endpoint health/status) and snapshot history, node certificate expiry, and the RKE2-bundled containerd via crictl (containers, pods, images). Runs on an RKE2 server node. Generic Kubernetes API reads are in the kubernetes pack; rke2-server / rke2-agent unit status and logs are covered by the linux-core / systemd-deep packs (systemctl status rke2-server, journalctl -u rke2-server).

os: linux needs: rke2

HashiCorp Consul operations

consul · v0.2.17 · emisar

44 actions

Deep Consul ops — agent self/metrics/host introspection, operator raft + autopilot + reload, catalog (services + nodes + datacenters), health (passing/warning/critical) with force-pass/fail/warn check mutators, KV (get/list/recursive), ACL tokens/policies/roles, Connect mesh (CA roots, intentions), sessions, prepared queries, snapshots (save/inspect/restore), and narrow operator actions (deregister, maintenance, raft remove-peer). Auth via CONSUL_HTTP_ADDR + CONSUL_HTTP_TOKEN env vars.

os: linux needs: consul needs: curl

Observability 5

Prometheus operations

prometheus · v0.1.9 · emisar

14 actions

Server status, target health, alertmanager linkage, instant + range queries, rule listing, TSDB stats, plus admin-API actions for remediation: reload config, take snapshot, clean tombstones, delete series. Admin endpoints require --web.enable-admin-api + --web.enable-lifecycle.

os: linux needs: curl

Grafana

grafana · v0.1.9 · emisar

10 actions

Grafana admin-API ops — datasource health, dashboard listings, alert state, user list, version, settings. Read-only. Auth via GRAFANA_URL + GRAFANA_TOKEN env vars on the runner host.

os: linux needs: curl

VictoriaMetrics queries

victoriametrics · v0.1.3 · emisar

8 actions

Read-only PromQL / MetricsQL access to VictoriaMetrics over its HTTP API: instant and range queries, series and label discovery, and the VM-specific status endpoints (TSDB cardinality, active queries, top queries). One base URL serves single-node, cluster (vmselect), and vmauth-fronted deployments.

os: linux needs: curl

VictoriaLogs queries

victorialogs · v0.1.3 · emisar

7 actions

Read-only LogsQL access to VictoriaLogs over its HTTP API: search log entries, hit histograms over time, stats aggregations (instant + range), and field / stream discovery. Express time ranges inside the LogsQL query via the _time filter. One base URL serves single-node and vmauth-fronted deployments; multitenancy via optional headers.

os: linux needs: curl

Vector observability pipeline

vector · v0.1.2 · emisar

7 actions

Read-only ops for a Vector (vector.dev) pipeline running on the runner host: version + compiled-component inventory, offline config validation, the configured topology as Graphviz DOT, a bounded live event tap, plus health and per-component throughput reads over the local API. CLI subcommands talk to the local binary; the API reads hit 127.0.0.1:8686.

os: linux needs: vector needs: curl

Web, proxies & ingress 7

Nginx operations pack

nginx · v0.2.8 · emisar

22 actions

Operator pack for nginx — read-only status + access-log analysis, TLS cert probes, and narrow operator actions (test_config, reload, graceful quit, stop). Full restart is intentionally not included; use systemd for that.

os: linux needs: nginx needs: curl

Apache HTTPD operations

apache-httpd · v0.1.5 · emisar

10 actions

Apache version, modules, mod_status snapshot, config syntax check, vhost dump, error/access log tails, plus narrow mutators (graceful reload, graceful stop). Full restart not included — use systemd for that.

os: linux needs: apachectl needs: curl

Caddy web server

caddy · v0.1.9 · emisar

10 actions

Caddy v2 ops via its admin API (default http://127.0.0.1:2019) and CLI. Config dump, upstream health, PKI inventory, config validation, plus reload (live config swap). Set CADDY_ADMIN env var if not on default.

os: linux needs: caddy needs: curl

HAProxy operations

haproxy · v0.1.5 · emisar

12 actions

Stats, server state, frontends/backends, session inventory, plus narrow mutators to enable/disable backend servers. Talks to the HAProxy admin socket. Set HAPROXY_SOCK env var on the runner host.

os: linux needs: socat

Traefik ingress / reverse proxy

traefik · v0.1.6 · emisar

18 actions

Read-only visibility into a Traefik (v2/v3) edge router over its HTTP API: the overview, entrypoints, and the full HTTP/TCP/UDP router + service + middleware inventory (each carrying its status and error list, so you can see which router is broken), a compact per-service health summary, plus a per-host readiness check that joins the router and service views into one cutover-preflight verdict, the raw dynamic-config dump, version, liveness ping, and Prometheus metrics. ACME/Let's Encrypt certificate state is read from the on-disk acme.json (no API exposes it), and access-log 4xx/5xx tails mirror the nginx pack. Default API at http://127.0.0.1:8080 (api.insecure mode); override via TRAEFIK_URL.

os: linux needs: curl needs: jq needs: openssl

Envoy proxy / service mesh

envoy · v0.1.6 · emisar

14 actions

Envoy admin-API ops: cluster + listener + runtime + config + cert inventory, server info, logging level read/write, plus traffic-shifting mutators (drain listeners, healthcheck fail/ok, reset counters) for planned failovers and incident response. Default admin URL http://127.0.0.1:9901; override via ENVOY_ADMIN env.

os: linux needs: curl

PHP-FPM

php-fpm · v0.1.5 · emisar

10 actions

PHP runtime + FPM pool introspection — version, modules, ini, pool status (via fpm_status endpoint), error + slow logs, OPcache state, Composer manifest. Read-only. Set PHP_FPM_STATUS_URL env to point to the FPM status endpoint.

os: linux

Cloud & IaC 8

AWS EC2 operations

aws-ec2 · v0.1.3 · emisar

11 actions

EC2 instance inventory + state introspection plus narrow mutators (stop, start, reboot, terminate). Auth via AWS_PROFILE + AWS_REGION on the runner host.

os: linux needs: aws

AWS S3 operations

aws-s3 · v0.1.3 · emisar

8 actions

Read-only S3 introspection — bucket inventory, per-bucket versioning/policy/encryption/lifecycle, object listing + metadata. Excludes every mutator (no put-bucket-*, no delete-*). Object-level changes belong in IaC. Auth via AWS_PROFILE.

os: linux needs: aws

AWS RDS operations

aws-rds · v0.1.2 · emisar

8 actions

RDS instance + cluster inventory, parameter groups, snapshots, plus narrow operator actions (reboot, create-snapshot). Auth via AWS_PROFILE. Does NOT include delete-instance/delete-cluster.

os: linux needs: aws

AWS IAM operations

aws-iam · v0.1.5 · emisar

11 actions

IAM introspection — users, roles, policies, attached policies, access keys — plus incident-response mutators: deactivate access key, delete access key, detach user policy. Auth via AWS_PROFILE. Routine IAM changes belong in IaC; these actions are for emergency lockout.

os: linux needs: aws

Cloudflare zone operations

cloudflare · v0.1.4 · emisar

11 actions

Read-only zone, DNS record, cache, firewall, and analytics introspection plus narrow mutators (purge cache, enable/disable dev mode). Auth via CF_API_TOKEN env var.

os: linux needs: curl

Terraform read-only ops

terraform-readonly · v0.1.5 · emisar

8 actions

Read-only Terraform CLI actions for inspecting a workspace. NO apply, NO destroy, NO state mutation — those should happen in CI, not via a runner. Operates in the directory given by TF_DIR env var.

os: linux needs: terraform

Networking, DNS & VPN 15

BIND DNS server

bind · v0.1.6 · emisar

11 actions

Authoritative/recursive BIND ops: rndc status + stats, zone validation, cache inspection, local resolution probes, plus narrow operator actions (rndc reload, zone freeze/thaw). Requires rndc key on the runner host.

os: linux needs: rndc

FRRouting (FRR)

frr · v0.1.3 · emisar

6 actions

Query the local FRRouting daemons via vtysh — BGP summary + neighbors, BFD peers, IP route summary, and interface state — plus one gated mutation: shut a BGP neighbor to drain a node from an anycast VIP. Reads are `show` commands; the drain is policy-gated (risk: high).

os: linux needs: vtysh

Firewall and netfilter

firewall · v0.1.6 · emisar

11 actions

iptables, nftables, conntrack, and traffic-control inspection plus narrow operator actions for incident response (block IP, unblock IP, flush chain). Rule edits are not persisted across iptables service reload — use IaC for permanent rules.

os: linux needs: iptables

pfSense firewall

pfsense · v0.4.1 · emisar

37 actions

Operate a pfSense firewall over its REST API: read firewall rules, NAT, aliases, virtual IPs, interface / gateway (config + status) / service / VPN status, DHCP leases, routes, ARP, CARP, pf tables, installed packages, the config-change history, and firewall / system / auth / DHCP / OpenVPN logs, plus a few gated mutators (apply filter, flush states, restart a service, reboot). Uses the community pfSense-pkg-RESTAPI package (/api/v2), which runs on the firewall and works across CE and Plus.

os: linux needs: curl needs: jq

WireGuard VPN

wireguard · v0.1.5 · emisar

8 actions

WireGuard state — interfaces, peers, transfer counts, last handshakes — plus operator actions: bring iface up/down via wg-quick, remove a peer from a live iface. Use to debug connectivity or evict a compromised peer.

os: linux needs: wg

Tailscale

tailscale · v0.1.3 · emisar

9 actions

Inspect the host's Tailscale node via the tailscale CLI: tailnet status and peer/online map, network connectivity (netcheck DERP latency, port-mapping), ping to peers, whois lookups, this node's tailnet IPs, version, available exit nodes, MagicDNS/DNS config, and the current prefs (advertised routes, configured exit node). Read-only.

os: linux needs: tailscale

SNMP (net-snmp)

snmp · v0.2.1 · emisar

7 actions

Read a network device over SNMP with the net-snmp CLI — system group, interface table, BGP peers (BGP4-MIB) and OSPF neighbors / general group (OSPF-MIB), plus a generic single-OID get and a bounded subtree walk. The routing reads exist to give operators visibility into BGP / OSPF state on devices this control plane can't reach by a native API — e.g. a pfSense + FRR edge firewall, where the REST API exposes no routing-protocol state. All read-only.

os: linux needs: snmpget needs: snmpbulkwalk

Dell iDRAC (Redfish)

dell-idrac · v0.1.0 · emisar

15 actions

Monitor and operate a Dell iDRAC over its Redfish REST API with curl — system identity and health rollup, the Dell subsystem rollup, storage controllers and drives, power and thermal telemetry, firmware inventory, the System Event Log and Lifecycle Controller log, and the Lifecycle Controller job queue. Plus gated mutators: power control (ComputerSystem.Reset), clear / delete a job, and clear the SEL. Targets an iDRAC by hostname/IP; credentials come from the runner environment. Reads are read-only GETs.

os: linux needs: curl

Dell iDRAC / IPMI (ipmitool)

dell-ipmi · v0.1.0 · emisar

15 actions

Out-of-band BMC monitoring and power control over IPMI 2.0 (RMCP+/lanplus) with ipmitool — sensor data records, full sensor readings with thresholds, the System Event Log (SEL) and its summary, chassis + power state, FRU inventory, BMC firmware (mc info) and self-test, LAN config, and DCMI power draw. Plus gated mutators: chassis power control, one-time boot device, and SEL clear. Targets a Dell iDRAC or any IPMI-over-LAN baseboard controller by hostname/IP; credentials come from the runner environment. Reads are read-only.

os: linux needs: ipmitool

NIC / ethtool diagnostics

nic · v0.1.1 · emisar

6 actions

Inspect physical network interface cards via ethtool: driver and firmware versions across every NIC (the "what firmware is my i40e fleet running?" check), plus per-interface link settings, hardware counters, offload features, and ring-buffer sizes. Read-only — no ethtool SET operations.

os: linux needs: ethtool

Linux network bonding

bonding · v0.1.1 · emisar

3 actions

Inspect Linux network bonding / LACP: list bond interfaces, read a bond's full status from /proc/net/bonding (mode, LACP actor/partner state, per-slave link status), and show link-layer details. Read-only.

os: linux

Network + TLS diagnostics

network-tls · v0.1.7 · emisar

13 actions

DNS lookups, reachability probes, TLS certificate inspection, and HTTP timing tests. All read-only. Use for "is X reachable?" and "what's the cert expiry on Y?" questions.

os: linux needs: curl needs: dig needs: mtr needs: openssl needs: ping needs: whois

iperf3 network throughput

iperf3 · v0.1.0 · emisar

4 actions

Active network throughput measurement with iperf3 — TCP bandwidth and UDP jitter / packet loss — between two nodes in the fleet. Run the one-shot server on one runner, then probe it with the client from another. Use to answer "what is the real bandwidth (or loss) between these two hosts?"

os: linux needs: iperf3

Local SSL/TLS cert inspection

ssl-local · v0.1.6 · emisar

7 actions

Inspect TLS certificates and keys on the local filesystem — find PEMs under a path, dump x509 details, check chain, verify private-key match, inspect PKCS#12. Read-only. Pair with `network-tls` for the remote-side view.

os: linux needs: openssl

Time sync diagnostics

time-sync · v0.1.7 · emisar

7 actions

Clock-sync state: chrony tracking + sources, NTP peer status, current time, drift estimate, timezone, plus fix actions (chronyc makestep, enable/disable NTP). Use when a host's clock is drifting (a common cause of TLS / auth / log-correlation bugs).

os: linux

Storage & filesystems 8

ZFS pool + dataset operations

zfs · v0.1.6 · emisar

13 actions

Pool status, dataset inventory, snapshot listing, scrub status, ARC stats, plus operator surface for storage incident response: scrub start/stop, clear pool errors, take/destroy snapshots, dataset rollback.

os: linux needs: zpool needs: zfs

NFS server + client

nfs · v0.1.6 · emisar

9 actions

Inspect a host's NFS exports, mounted shares, RPC state, active client connections. Plus two narrow operator actions: exportfs -r (re-export) and exportfs -u (unexport one client:path — evicts that client). Read-only otherwise.

os: linux

iSCSI initiator

iscsi · v0.1.2 · emisar

4 actions

Inspect the host's iSCSI initiator (open-iscsi): active sessions, per-session detail (targets, connections, negotiated parameters), configured target nodes, and initiator interfaces. Read-only.

os: linux needs: iscsiadm

Device-mapper multipath

multipath · v0.1.1 · emisar

4 actions

Inspect device-mapper multipath: the multipath topology (multipath -ll), the effective config (multipath -t), and live path + map state queried from the running multipathd. Read-only.

os: linux needs: multipath needs: multipathd

Pure Storage FlashArray (Purity//FA REST)

pure-flasharray · v0.1.3 · emisar

14 actions

Read-only access to a Pure Storage FlashArray over its Purity//FA REST API 2.x: array identity / capacity / performance, alerts, controller and hardware / drive health, volumes and per-volume space, the host -> volume -> LUN connection map, host and target-port identities, per-controller network interface state, and replication / array-connection status. Drives a remote array via curl; every call is a GET.

os: linux needs: curl

MinIO operations

minio · v0.1.8 · emisar

12 actions

Cluster + bucket + user introspection plus operator surface (user enable/disable, bucket heal, cluster service restart). Talks to mc CLI configured via MC_HOST_<alias> env var on the runner host.

os: linux needs: mc

zot OCI registry

zot · v0.1.2 · emisar

7 actions

Read-only inspection of a zot OCI registry over its HTTP API: the OCI distribution endpoints (version check, catalog, tags, manifests) plus the zot extensions — registry config/health (mgmt), Prometheus metrics, and a GraphQL search query that returns per-repo size and a newest-image vulnerability summary. Optional basic-auth credentials are streamed over curl stdin; many zot deployments allow anonymous read.

os: linux needs: curl

Filesystem search and inspection

fs-search · v0.1.5 · emisar

15 actions

Generic filesystem operations an LLM-driven runner needs constantly: bounded find, recursive grep, file head/tail/hash, du, ls -la, stat. All read-only. Paths are validated against simple patterns; the runner's symlink-containment + audit redaction layers still apply on top.

os: linux

Linux & system 8

Linux core operations pack

linux-core · v0.3.16 · emisar

34 actions

Read-only Linux diagnostics plus narrow service control. Disk, mem, uptime, journalctl, log grep + tail, users/auth introspection, cron audit, network state, kernel info, and systemctl control. The front-line pack every Linux host gets.

os: linux

Systemd deep introspection pack

systemd-deep · v0.1.7 · emisar

24 actions

Deeper systemd state than linux-core: failed units, list-units, timers, cgroup tree, journal disk usage, systemd-analyze for boot diagnosis, plus full operator surface (daemon-reload, start/stop/ restart/reload, kill -s signal, mask/unmask, reset-failed) for remediating runtime issues.

os: linux needs: systemctl

Debian/Ubuntu package operations

debian · v0.1.4 · emisar

9 actions

Operator pack for Debian/Ubuntu hosts. Read-only inventory and patching diagnostics, plus narrow apt install/remove actions for a single named package. Designed for production hosts where a human approver must see the package name before a write happens.

os: linux needs: apt-get needs: dpkg

RHEL/Fedora package ops

dnf-rpm · v0.1.6 · emisar

13 actions

Counterpart to the `debian` pack for RHEL/CentOS/Fedora/Alma/Rocky: rpm inventory, dnf check-update, narrow install/remove actions for a single named package. Equivalent risk model to the apt counterpart.

os: linux needs: rpm needs: dnf

Linux debugging toolkit

debugging · v0.2.7 · emisar

31 actions

General-purpose Linux diagnostics + low-level remediation: process and memory tops, vmstat/iostat snapshots, socket inventories, per-PID inspection, kernel-state checks, network reachability, plus fix-it actions (drop_caches, kill_pid by signal, sysctl_set). Use as the first-touch pack when something is wrong.

os: linux needs: ps needs: ss

Process forensics

process-forensics · v0.1.3 · emisar

10 actions

Deep per-process diagnostics for "why is this process stuck / slow / leaking?" — strace (HIGH RISK; slows the target), pid memory maps, per-thread state, /proc walking, gdb backtrace, full lsof, syscall summary. Read-only — but strace and gdb attach via ptrace and WILL slow the target.

os: linux

cloud-init operations

cloud-init · v0.1.7 · emisar

23 actions

cloud-init introspection + boot diagnostics + stage re-runs. Use when an EC2/GCE/Azure VM finishes booting but the workload didn't come up the way it should: check overall status, blame slow modules, dump user-data / cloud-config / vendor-data as the instance actually saw them, tail the cloud-init logs, and (with operator approval) re-run individual modules or the full init pipeline.

os: linux needs: cloud-init

Postfix mail server

postfix · v0.1.6 · emisar

14 actions

Queue inspection, config dump, log tailing, plus narrow operator actions (flush, requeue, delete-by-queue-id). These mutators are high- or critical-risk; the reversible hold/release pause is medium. All are audited. Postfix uid must own the runner OR runner must be in the postdrop group.

os: linux

Runtimes & dev tools 6

JVM introspection

java-jvm · v0.1.10 · emisar

17 actions

JVM diagnostics via jcmd/jstack/jmap/jstat/JFR. Requires runner uid to match the JVM process owner (or CAP_SYS_PTRACE) — actions return a permission error cleanly when uid doesn't match.

os: linux needs: jcmd

Node.js / PM2 operations

nodejs-pm2 · v0.1.6 · emisar

15 actions

PM2 process inventory + logs + per-app introspection, plus narrow mutators (restart, reload, stop, scale). Requires the runner to be the same uid as the PM2 daemon (or set PM2_HOME).

os: linux needs: pm2 needs: jq

Python application runtime

python-app · v0.1.4 · emisar

10 actions

Inspect a Python deployment — interpreter + venv state, pip inventory + freeze, dependency conflicts, outdated packages, sys.path. Read-only. Most actions act on the venv at PY_VENV env var (default /opt/app/venv).

os: linux

Host-side git

git-local · v0.1.3 · emisar

8 actions

Read-only git operations against a checkout living on the runner host (e.g. /opt/myapp). For remote-GitHub-API work, see the `github-cli` pack. The repo directory must live at GIT_REPO env var on the runner host.

os: linux needs: git

GitHub CLI operations

github-cli · v0.1.6 · emisar

19 actions

GitHub introspection — PRs, issues, repos, workflow runs, releases, commit checks, search — plus operator actions: merge PR, close PR, rerun workflow, dispatch workflow. Authenticates via the runner host's `gh auth status` token (i.e. ~/.config/gh).

os: linux needs: gh

Showcase pack

showcase · v0.2.6 · emisar

5 actions

Synthetic pack that demonstrates every action-schema feature in one place: all arg types, every validation, both parsers, both kinds, opts envelope bounds, and per-action redaction rules. Not a production pack — use it as a reference when authoring real ones.

Security & secrets 3

HashiCorp Vault operations

vault · v0.1.5 · emisar

14 actions

Vault status, seal state, auth/audit/secret backends, mount listing, token & lease introspection, plus operator surface for incident response: revoke lease, revoke leases by prefix, operator step-down, emergency seal. Auth via VAULT_ADDR + VAULT_TOKEN on the runner host. Does NOT include unseal — that requires quorum and shouldn't be automated through a runner.

os: linux needs: vault

fail2ban

fail2ban · v0.1.6 · emisar

8 actions

fail2ban inventory + per-jail banned-IP listings plus operator mutators for incident response: ban an IP into a jail, unban a false positive, reload jail filters from disk.

os: linux needs: fail2ban-client

Arbitrary shell (staging break-glass)

shell · v0.1.0 · emisar

1 action

STAGING-ONLY BREAK-GLASS. Runs an arbitrary operator-supplied shell script on the runner host via `/bin/sh -c`. This is the one capability emisar is built to avoid: it bypasses the declared-action model entirely — whatever the script says, runs, as the runner's user. It exists so an agent can verify a fix interactively on a staging host before that fix is encoded as a proper declared action or runbook. DO NOT install this pack on production runners and DO NOT enable it in production. Its single action is critical-risk, so the default policy denies it until an operator deliberately opts in; every run is fully audited.

os: linux

Other 1

Elixir / BEAM runtime

elixir-beam · v0.1.0 · emisar

25 actions

Diagnostics for Elixir and Erlang/BEAM applications on the runner host or inside Docker containers: toolchain versions, EPMD registrations, BEAM OS process state, Linux /proc memory and process-tree detail, release RPC snapshots, supervisor/process/ETS/allocator/scheduler/port introspection, binary-leak checks, and bounded recon_trace call tracing. Releases are discovered from running BEAM processes; target one by release name, or by container for a release inside Docker.

os: linux needs: erl needs: elixir needs: epmd

Author your own pack

Packs are YAML — no SDK, no compiler. Write, install, and trust a pack you maintain yourself; the schema reference and the curated-registry bar live in the docs.