Product / AI Assistant
Type what you want in plain English. Molixa writes the exact shell command, nginx block, crontab entry, or SSL renewal step, shows you the plan, waits for your approval, runs it inside an audit trail, and gives you a one-click undo.
It is built for developers who know what they want but do not want to google flag syntax every time. Ask in English, read the plan, hit approve. No more stack-overflow tabs open at 2 AM when the server is down.
What it does
Most AI tools stop at explaining the fix. Molixa writes the command, runs it, and cleans up after. You get back to shipping instead of fighting a shell you touch twice a month.
The assistant handles the four workflows developers hit most often on a VPS: shell scripting, nginx config, crontab, and SSL setup. Each one has its own validator so the command that runs is the one that works on your OS and stack.
Ask for a cron entry that runs every 15 minutes on weekdays and you get the right schedule syntax. Ask for an nginx location block with rate limiting and you get the config, pasted in the right file with the right PHP-FPM upstream.
Nginx server blocks, systemd units, PHP-FPM pools, crontabs, and SSL renewal hooks all land in the right directory with the right permissions. No copy-paste between a chat window and an SSH session, no tab-switching mistakes.
Paste a stack trace or an error log and the AI walks you through what failed, why, and which service to restart. Works on nginx, PHP-FPM, systemd journal, MySQL slow-query, and Docker container logs out of the box.
Let's Encrypt hooks, wildcard certs via DNS-01 against Cloudflare, Route 53, or Hetzner DNS, plus cron entries for renewal and a post-renewal nginx reload. You get the full chain, not a half answer.
Describe the job in English (“back up the database every night at 2 AM and keep 14 days”) and get the exact cron line with the backup script, rotation logic, and log file path filled in.
When a build or deploy fails, paste the error and the AI reads the systemd unit, the app log, and recent git history to point at what changed. Often the fix is a missing env var or a permissions bit on a new file.
Safety first
The single biggest worry about an AI that runs shell commands is obvious: what if it runs the wrong one? The safety gate sits between the model and your server, and it is not a feature you can accidentally turn off.
The approval flow is designed to be quick for routine work and slow for anything that writes. Reading a log or listing processes is one click. Dropping a table or running rm on a system path takes three steps, on purpose.
Before anything hits the shell, Molixa shows you the exact commands with arguments, target server, and expected side effects. You approve, skip, or edit in place. Nothing runs silently, and you can rewrite a flag in the preview panel without starting a new chat.
rm -rf, DROP TABLE, TRUNCATE, format, DELETE FROM without a WHERE clause, mysql DROP DATABASE. Anything on the deny-list needs explicit confirmation with the resource name typed back, so a wrong click cannot wipe production.
Every outgoing prompt gets scanned for SSH keys, API tokens, passwords in .env, and JWT payloads. Real values are replaced with stable placeholders before the prompt leaves your server, so the model can still reason about the structure without ever seeing the value.
Context-aware
The AI reads the state of the machine you opened the chat from, so you do not have to explain what is installed, what is running, or which OS you are on. That context gets refreshed at the start of every conversation so stale answers do not bite you.
Context is also scoped per server. The chat on your staging box does not leak into the chat on production, and the AI will not suggest a command based on what you did somewhere else. Clean boundaries, no surprises.
Model tiers
Not every server is a production payments database. Pay for intelligence when it matters and use free models when it does not. Molixa routes requests based on the question, not a fixed tier, so you spend tokens on hard problems and skip the bill for trivial ones.
Free tier
Fast enough for day-to-day ops. Checking process status, tailing logs, writing basic nginx configs, explaining commands, generating a cron entry. Sub-second responses on Groq. Fine for personal sites and staging boxes, and it is the default for every new account.
200 messages a month, renews on the 1st, no card required.
Pro tier
The big models for the hard questions. Architectural debugging, complex migration plans, writing a Terraform module from a description, reasoning about distributed failures. Falls back to Groq for trivial work so your token budget goes to the problems that need it.
2,000 messages pooled across your team, with BYO keys supported if you already have an Anthropic or OpenAI contract.
Enterprise tier
Point Molixa at a self-hosted Ollama instance, your private Azure OpenAI deployment, or an AWS Bedrock account. Prompts never leave your VPC. Built for regulated industries (healthcare, defense, finance) where the prompt itself is the sensitive data.
Unmetered usage, SSO, audit export to your SIEM, custom retention policy.
Real examples
Three prompts pulled from real user sessions, with what the AI did next. No hypothetical demos, no cherry-picked wins. These are the kinds of questions the assistant answers every day.
“Why did nginx start throwing 502s at 3:15 AM?”
Checks the nginx error log around that timestamp, cross-references PHP-FPM logs and systemd status, notices PHP-FPM was OOM-killed, and points at the new worker_processes value a deploy pushed. Suggests dropping it back and adds a memory alert so the same pattern triggers a warning next time.
“Install a self-signed cert on the admin panel.”
Generates the CSR with openssl, signs with the CA key on the server, places the cert and key in the right nginx config directory with 0600 perms, updates the server block to point at them, and reloads nginx. Shows every command before running it and logs the result.
“My database backup is 40GB. Can we compress it better?”
Reads the current backup script, spots it is using default gzip, suggests zstd at level 11 with a sample benchmark on a dump (65% smaller, 2x faster). On approval, rewrites the cron script, runs a first backup with the new settings, and verifies the restore path still works.
“Set up a staging clone of this site on staging.example.com.”
Runs a mysqldump of the production database, copies wp-content to a new directory, imports with sed-replaced URLs, creates a new nginx server block, issues a fresh Let's Encrypt cert, and hands you a working staging URL in under two minutes with every step logged.
“This PHP worker keeps dying. Find out why.”
Pulls the last 200 lines of the worker log, checks the systemd unit for restart policy, spots a memory_limit of 128M fighting a 600MB import job, and suggests the exact php.ini bump. Adds a memory alert so the next spike triggers a warning instead of a crash.
“Rotate my nginx logs so the disk stops filling up.”
Reads the current logrotate config, finds nginx rotation is missing the compress flag, and rewrites the rule to rotate daily, compress with gzip, keep 14 days, and send USR1 to nginx after rotation. Runs a manual rotate to clear the backlog on approval.
Rollback + audit
Every action the AI takes is reversible and logged. If the model makes a mistake, one click puts your server back to how it was. The log is tamper-evident, exportable, and scoped per user, so an audit is straightforward.
Nginx config changed? The prior config is snapshotted before write, so “undo last AI action” is one click. Installed a package? Rolled back via apt. Only AI-initiated actions are touched, your manual edits stay put.
Every interaction (prompt, model, plan, your approval, commands run, stdout, duration) is recorded in a tamper-evident log. Export to CSV, stream to your SIEM, or keep it in Molixa for 90 days on Pro and forever on Enterprise.
The AI only touches the server the chat is open on. It cannot reach a different customer, escalate to other teams, or call a third-party API unless you explicitly grant the tool. Least-privilege by default. See our security panel for the full hardening story.
Who it helps
Molixa started life as the panel we wanted for our own servers. The AI assistant is the piece that saves the most time. Four kinds of teams get value from it right away.
You know Laravel or Next.js cold, but you touch nginx and cron once a month. The AI fills that gap. Ask for the config, read the preview, approve, move on. Your weekend is not spent on stack overflow tabs about location-block syntax.
Every client site has a slightly different setup. The per-server context means you do not have to remember which box runs PHP 8.2 and which runs 8.1. Open the chat, ask the question, and the AI already knows. One audit log covers every client.
Two or three engineers covering fifty boxes. The approval gate means a junior can safely ask the AI to deploy, rotate a cert, or tail logs without being able to accidentally drop a database. Seniors review the audit log weekly.
Healthcare, defense, finance. The Enterprise tier runs Ollama inside your VPC, so prompts never hit a third party. SSO, SIEM export, and custom retention make audits straightforward. Your CISO can read our DPA before you sign.
Under the hood
Every message you send goes through the same six-step pipeline. The model is one piece of it, not the whole thing. Swap the model and the guardrails stay in place.
Your prompt is scanned for SSH keys, AWS and GitHub tokens, Stripe keys, JWTs, and .env-style values. Each match is replaced with a stable placeholder so the model can still read the structure.
The server fingerprint (OS, installed stacks, running services, recent deploys) is attached to your prompt so the model has grounding before it answers.
Groq on free, Claude or GPT-4 on Pro, Ollama on Enterprise. The model returns a plan (a list of commands with expected outputs), not a single command.
Each command in the plan is scored by a safety classifier. Anything matching a destructive pattern flips the approval to strict mode and requires you to type the resource name.
You see the plan, the target server, the predicted side effects, and the safety score. Approve, skip, or edit a flag in place. No approval, no execution. No exceptions.
Before any write, the prior state is snapshotted (config files, package list, relevant DB rows). Commands run over SSH, stdout streams back, and the whole run lands in your audit log.
Frequently asked
No. By default every plan shows you the exact commands before anything runs, and you click to approve. You can opt into auto-approve for read-only actions like listing processes, tailing logs, or reading config files on servers you tag as non-production, but the approval gate stays on for any write. The AI DevOps assistant is built around you staying in control of your VPS at all times, so approvals are never bypassable for destructive operations.
Free tier runs on Groq with Llama 3.1 70B plus OpenRouter fallbacks, fast enough for day-to-day ops and usually responding in under a second. Pro tier uses Claude Opus and GPT-4 Turbo for the harder questions like architectural debugging, migration planning, and reasoning about distributed failures, with an auto-fallback to Groq when the question is simple. Enterprise plans point at your own Ollama, Azure OpenAI, or AWS Bedrock so prompts never leave your network. You can switch tiers any time from billing.
Yes, on any paid plan. Add your API key in Settings, pick which model it maps to, and Molixa routes your requests through it. Your provider billing stays on your account and your prompts skip our shared pool entirely, which is common for teams who already have an Anthropic or OpenAI contract or who need the key to sit in a specific Azure region. You can add multiple keys (one for Claude, one for OpenAI, one for Groq) and pick which one handles each server.
Anything that deletes, drops, truncates, or formats. That covers rm -rf, DROP TABLE, TRUNCATE, DELETE FROM without a WHERE clause, mkfs, dd to a device, chown -R on root paths, and destructive git operations like push force to main. For those the AI asks you to type the resource name back before it runs, so a slip of the Enter key cannot wipe a database. You can extend the deny-list per server or per team, and every blocked attempt lands in your audit log for review.
Your prompts are sent to the model provider you picked, with secrets redacted before they leave your server. We do not train on your prompts and we honor provider data-retention settings (zero-day retention with Anthropic, 30-day with OpenAI by default, configurable in Settings). On Enterprise with self-hosted Ollama, prompts stay inside your VPC and nothing goes out to a third party. Chat history on the dashboard is encrypted at rest and scoped per user, so teammates only see what you share with them.
Free accounts get 200 AI messages per month on Groq, which is plenty for a personal VPS or a staging box and renews on the first of each month. Pro plans include 2,000 messages per month across Claude and GPT-4 with auto-fallback to Groq for trivial questions to save tokens. Enterprise is unmetered when you bring your own model. See the full breakdown on our pricing page, and note that paid plans pool messages across all seats on your team.
The point of an AI DevOps assistant is not to replace you. It is to take the parts of sysadmin work that feel like syntax trivia (cron patterns, nginx locations, SSL renewal hooks) and turn them into a one-sentence ask. You still pick what happens. You still own the audit log. The only thing that changes is how much time you spend googling.
If you want the fuller picture of what Molixa does beyond the AI, start with the features overview and the security panel. For the “why now” argument, read why developers need an AI server assistant. When you are ready to pick a plan, our pricing page lays out what you get at each tier, including message limits and which models are covered.
You can try the assistant without a card. The free tier on Groq is plenty for a personal VPS and resets every month, so nothing in your way stops you from kicking the tires. When the question gets harder, you upgrade. When the budget gets tighter, you downgrade. No lock-in, no contract, and the approval gate stays on either way.
No credit card. Groq-powered free tier, Claude + GPT-4 on Pro, your own Ollama on Enterprise.
