bs
bootstrap-saas
Linux bootstrap control plane

Define once.
Provision everywhere.

Store versioned bootstrap specs, mint single-use tokens, and provision fresh Ubuntu or Debian installs with one command. Real-time run tracking included.

Start building → Sign in
bash — 80×24

$ curl -sSL agent.sh | bash -s -- <TOKEN>

  • Verifying single-use token…
  • Token valid · run run_01jk… registered
  • Applying apt packages (17)
  • Packages installed
  • Installing zsh · setting as default
  • Shell configured
  • Applying dotfiles via GNU Stow
  • Bootstrap complete · 4m 12s

Versioned profiles

Structured, validated bootstrap specs with full version history. No mystery shell blobs — every change is tracked.

Edge-native control plane

Built on Cloudflare Workers and D1. Globally distributed, sub-millisecond latency for your provisioning tokens.

Idempotent execution

The bootstrap agent skips already-satisfied steps, ensuring your machine converges to the desired state safely.

< 5 min

Avg. provisioning time

1 command

To bootstrap any machine

100%

Idempotent execution

How it works

From spec to running machine in three steps

01

Define

Author a bootstrap profile with packages, shell config, dotfiles, and credentials.

02

Mint

Generate a single-use, time-bound token for the target machine.

03

Provision

Run one command on the machine. The agent pulls the profile and converges to the desired state.

Features

Everything you need for safe, repeatable provisioning

Profile versioning

Every edit creates a new version. Roll back to any previous state instantly.

Single-use tokens

Mint a token, use it once. Tokens are cryptographically random and expire automatically.

Real-time run tracking

Watch provisioning progress live. Each step is logged and visible in the dashboard as it happens.

Idempotent execution

Run the same profile twice and nothing breaks. Already-installed packages and configured shells are skipped.

Edge-native latency

Control plane runs on Cloudflare Workers at the edge. Token validation is sub-50ms anywhere in the world.

Dotfile support via GNU Stow

Manage dotfiles declaratively. Link, unlink, and switch configurations safely with built-in Stow integration.

Use cases

Built for teams that move fast

New hire onboarding

Ship a standardized developer environment in minutes. Version-controlled, reproducible, and fully auditable.

Homelab fleet management

Manage a dozen Raspberry Pis or NUCs from a single dashboard. Push profile updates and track every run.

CI/CD ephemeral nodes

Spin up throwaway build agents that self-provision on boot. Tokens are single-use and auto-expire.

Security

Designed with security in mind

Token design

  • Single-use by design
  • Time-to-live (TTL) enforced at the edge
  • JWT-signed claims prevent tampering

Audit trail

Every token mint, every machine run, every profile change is logged to an immutable audit trail. Query by actor, event type, or time range.

security-checklist.yaml

# Security properties

tokens: single_use

ttl_seconds: 3600

auth: jwt_rs256

data_at_rest: d1_encrypted

allowlist: strict

runtime: edge_isolated

Pricing

Simple, transparent pricing

Free

Available now

$0

  • Unlimited profiles
  • Up to 3 machines
  • Community support
  • Full audit trail
Get started for free

Pro

Coming soon

  • Unlimited machines
  • Team seats
  • Priority support
  • SLA guarantee
Get early access

Ready to simplify provisioning?

Create your account and author your first bootstrap profile in minutes.

Get started for free →