Documentation

Overview

DropOps is a Zero Trust AI Execution platform with Just-in-Time Privileges and Local-First Audit Architecture. Every layer is designed to protect your systems and data.

Security Architecture

Deployment Options

*Cloud Operators use a separate slot allocation. Personal: 1 cloud slot. Professional: 5 cloud slots.

Getting Started

Prerequisites

• Authentication - Google account (OAuth 2.0)
• Solo Operator - Linux system with port 443 outbound to operator.dropops.ai
• Cloud Operator for AWS - AWS account with EC2 launch permissions

Deployment Workflow

1. Authenticate - Sign in via Google OAuth at dropops.ai
2. Obtain API Key - From Operator Panel, copy an available operator's API key
3. Deploy Operator - Download binary and run with API key, or deploy CloudFormation stack for AWS
4. Bind to Session - Once operator shows Active status, bind it to your web session
5. Execute with Approval - Issue commands in natural language; all state-changing operations require explicit approval

Detailed deployment procedures for each operator type are covered in the sections below.

Login & Authentication

User Authentication

DropOps uses Google OAuth 2.0 for user authentication. Web sessions are encrypted, bound to browser context, and expire after inactivity. Session hijacking from a different browser context is rejected.

Operator Authentication

Each operator authenticates using a unique API key from the Operator Panel. The same key is used for both binary download and operator startup. Keys are revocable at any time for immediate disconnection.

System Fingerprinting

Operators are bound to their host system through cryptographic fingerprinting. Once an operator authenticates from a machine, that API key is tied to that system's identity. API keys are non-transferable across machines, preventing credential theft from being useful across systems. To move an operator to a new machine, use a fresh operator slot or re-register the existing one.

Session Independence

Web sessions and operator sessions are independent. Logging out of the dashboard does not disconnect running operators. Operators continue execution until explicitly revoked or stopped.

Solo Operator

The Solo Operator is the Go reference implementation - a ~8MB stateless execution agent for local system administration on Linux. Cloud CLI commands (aws, gcloud, terraform) are intentionally blocked to enforce clear security boundaries. For cloud operations, use the Cloud Operator for AWS with Zero Standing Privileges.

Capabilities

• Shell Execution - bash, sh, and standard Linux commands
• File Operations - Create, read, update, delete with approval workflow
• Service Management - systemctl, docker, process management
• Package Management - apt, yum, dnf, pip (requires appropriate privileges)

Deployment

Download and run via the drop script. The API key is used for both download and authentication:

curl -fsSL https://dropops.ai/operator/drop | bash

When prompted, provide an Operator API Key from the Operator Panel. The binary downloads, verifies checksum integrity, and starts automatically. Run as foreground process, in screen/tmux, or as a systemd service.

CLI Usage

Usage: dropops-operator [options]

Options:
  -k, --key <key>           API key (or set DROPOPS_OPERATOR_API_KEY)
  -S, --session <id>        Pre-authorized session ID (from device link auth)
  -e, --endpoint-url <env>  Environment: test, dev (default: prod -> operator.dropops.ai)
  -c, --cloud               Cloud operator mode (for AWS/cloud CLI)
  -p, --provider <name>     Cloud provider: aws, gcp, azure (default: aws)
  -s, --local-storage       Store audit data locally instead of cloud (default: off)
  -l, --log <level>         Log level: info, error, debug (default: info)
  -v, --version             Show version

Vault Management:
  --rekey-vault             Re-encrypt vault with new API key
  --old-key <key>           Old API key (required for --rekey-vault)
  --verify-vault            Verify vault integrity
  --reset-vault             Reset vault (DESTROYS ALL DATA)

The operator runs with the privileges of the user who starts it. For operations requiring root access (package installation, service management), start with sudo ./dropops-operator.

Cloud Operator Binary (Advanced)

For advanced users who manage their own credential security: the same ~8MB binary with the --cloud flag unlocks cloud CLI tools. Runs on any Linux system with port 443 outbound to operator.dropops.ai - any cloud provider, any environment.

Unlocked Commands

In addition to all Solo Operator capabilities: aws, gcloud, az, terraform, kubectl, helm, ansible.

Requirements

• Cloud CLIs - Must be installed on the host system
• Credentials - Configured via standard methods (e.g., ~/.aws/credentials, environment variables, instance metadata)
• Tier - Personal or higher (uses 1 cloud slot)

Usage

./dropops-operator --cloud --key YOUR_API_KEY
./dropops-operator --cloud --provider gcp --key YOUR_API_KEY
./dropops-operator --cloud --provider azure --key YOUR_API_KEY

The --provider flag defaults to aws. Use gcp or azure for other cloud platforms. See the Solo Operator CLI Usage section for all available flags.

Security Note: Unlike the Cloud Operator for AWS, this mode does not enforce Zero Standing Privileges. The AI uses whatever permissions your configured credentials already have. For AWS infrastructure with clear permission boundaries, use the Cloud Operator for AWS.

Cloud Operator for AWS

Pre-configured EC2 instance implementing Zero Standing Privileges and Just-in-Time access. The operator launches with zero AWS permissions and requests only what it needs, when it needs it. All permissions require explicit user approval and remain revocable. Architecture is designed for adaptation to other cloud providers.

IAM Architecture

The CloudFormation stack creates a Two-Role Architecture:

Deployment

Prerequisites: DropOps account (Personal tier+), AWS account with EC2 launch permissions.

Option A: Drop Script (Recommended)

curl -fsSL https://dropops.ai/operator/cloud-drop | bash

Interactive script handles AWS profile selection, region, API key input, and CloudFormation stack creation. Skip prompts with environment variables:

AWS_PROFILE=myprofile AWS_REGION=us-west-2 DROPOPS_OPERATOR_API_KEY=your_key curl -fsSL https://dropops.ai/operator/cloud-drop | bash

Option B: AWS CLI

aws cloudformation create-stack \
  --stack-name DropOps-Cloud-Operator \
  --template-url https://dropops-public.s3.amazonaws.com/cloud-operator.yaml \
  --parameters \
    ParameterKey=OperatorApiKey,ParameterValue=YOUR_API_KEY \
    ParameterKey=VpcId,ParameterValue=vpc-XXXXXXXX \
  --capabilities CAPABILITY_NAMED_IAM

Option C: CloudFormation Console

1. Open CloudFormation Console -> Create stack -> With new resources
2. S3 URL: https://dropops-public.s3.amazonaws.com/cloud-operator.yaml
3. Enter Operator API Key, select VPC, acknowledge IAM creation, create stack

Zero Standing Privileges Model

The Cloud Operator launches with zero access to AWS resources. When a request requires permissions the operator lacks:

1. Detection - AI identifies missing permission
2. Request - AI presents approval card with specific permission and justification
3. Approval - User approves or denies
4. Execution - AI attaches intent policy to Operator Role, executes action

Security Guarantees: Cannot grant admin-level access (blocked by permission boundary). Every permission requires explicit approval. All permissions revocable through conversation.

Intent Policies

45+ intent policies available including VPC, Route53, SNS, SQS, DynamoDB, API Gateway, Step Functions, Athena, CloudFormation, Cost Explorer, Glue, and more.

Auto-Approved Self-Discovery

The following read-only commands are auto-approved for the operator to query its own IAM identity:

• aws sts get-caller-identity, aws iam get-role, aws iam get-role-policy
• aws iam list-role-policies, aws iam list-attached-role-policies
• aws iam get-instance-profile, aws iam simulate-principal-policy
• Local system commands (ls, cat, systemctl, journalctl)

These commands can only query the operator's own role. All other commands require explicit approval.

Pre-installed Tools

Terraform, AWS CLI v2, kubectl, Helm, Ansible, jq/yq, Python 3, Git, Restic (encrypted backups).

Security Hardening

Network Requirements

Inbound: None. Outbound: HTTPS (443) to operator.dropops.ai, DNS (53).

File Locations

Operator Terminal

Browser-based CLI access to bound operators without SSH, VPNs, or inbound ports. All commands require explicit approval before execution.

Security Architecture

How It Works

1. Type a command in natural language or direct shell syntax
2. AI proposes the command with explanation
3. You approve or deny the command
4. Approved commands route to your bound operator via Redis pub/sub
5. Operator executes and streams output back in real-time
6. Sentinel scrubs sensitive data before cloud transmission

Comparison with SSH

For detailed security architecture, see Operator Terminal public page.

AI Architecture

Operating Modes

Model & Reasoning

Uses Google Gemini models with adaptive reasoning depth. Deep reasoning for complex multi-step operations; quick response for simple queries. The AI maintains context awareness of system state, conversation history, and user preferences.

Multi-Operator Binding

Multiple operators can be bound simultaneously for cross-system operations. Target operators by hostname, operator ID, index, or ["all"]. Commands execute sequentially with combined output showing hostname headers.

Reliability

• Automatic Retry - Transient failures retried with exponential backoff
• Graceful Degradation - Falls back to advisory mode if operator connection lost
• Cancellation - Stop any operation via message or stop button
• Real-Time Streaming - Watch reasoning and command output as it happens

Data Privacy

• No Training - Your data is never used to train AI models
• Output Sanitization - Command output sanitized to prevent prompt injection
• Session Context - Conversation history used only within your session
• Source Citations - Web search results include clickable source links

Approval Workflow

All state-changing commands require explicit user approval. The AI analyzes each command for risk and presents approval requests with explanations.

Approval Requirements

Multi-Operator Approval

When the same command targets multiple operators, a single unified approval dialog lists all impacted systems. Commands execute sequentially with combined output showing hostname headers.

Multi-Step Operations

Complex workflows are broken into logical steps. Each command requires individual approval. The AI adapts subsequent steps based on results.

Managing Operators

The Operator Panel provides centralized control over all deployed operators with real-time status monitoring and connection management.

Operator Status

Operators send heartbeat data every 30 seconds including system metrics. Status transitions:

Binding

Binding connects operators to your web session for command execution. Multiple operators can be bound simultaneously; each operator can only be bound to one session at a time. Unbinding leaves the operator running and available.

Stopping Operators

• Remote Stop - Click stop icon in Operator Panel (instant termination)
• Refresh API Key - Invalidates credentials, disconnects operator
• Local Termination - Ctrl+C or kill on target system
• Cloud Operator - systemctl stop dropops-operator or manage EC2 instance

Access Revocation

Refresh an operator's API key from the Operator Panel to instantly invalidate credentials. The old key is destroyed immediately; the operator disconnects and cannot reconnect.

Team Management

Professional tier includes team collaboration. Team members share operators and pooled operation allocations.

Tier Limits

Invites

Generate invite links from the Team Dashboard (/team) with configurable max uses (1-unlimited), expiration (1-30 days), and optional email restrictions.

Security Model

Network Security

Zero Inbound Connectivity: Operators initiate all connections outbound on port 443. No listening ports, no inbound connections, no firewall exceptions required.

Authentication

• API Key - Unique per operator, used for download and startup, instantly revocable
• System Fingerprinting - Keys bound to host system; non-transferable
• Session-Bound Identity - User ID extracted server-side from validated session; cross-user access structurally impossible

Privilege Model

Operators run with whatever privileges you assign (typically standard user). Root not required. Forbidden Operations: Privilege escalation commands (sudo, su, pkexec, doas) and SUID/SGID bit manipulation are always blocked regardless of approval. For elevated access, restart the operator with sudo.

Local-First Audit Architecture (LFAA)

The Operator is the System of Record for chat history, execution logs, and file mutations. The cloud acts as a stateless relay. Enable local storage with the --local-storage flag to store audit data in ./.dropops/ relative to the launch directory.

Sensitive Data Scrubbing (Sentinel)

Sentinel scrubs sensitive data inline before any persistence or cloud transmission. 30+ patterns aligned with AWS Macie / Google DLP: service tokens (JWT, GitHub, AWS, GCP), network identifiers (IPs, hostnames), cloud resources (ARNs, access keys), and PII (SSN, credit cards, private keys). Data replaced with safe placeholders ([IP_ADDR], [AWS_KEY], etc.).

Compliance

Every command, result, and approval logged for compliance. Sensitive command output never persists in cloud storage. Architecture designed for GDPR, SOC 2, and FedRAMP data locality requirements. Live Transmission Monitor at /audit provides real-time visibility into local vs. transmitted data.

Best Practices

• Natural Language - State your intent plainly; the AI determines the appropriate approach
• Direct Commands - Paste commands directly into chat; typos are auto-corrected with notification
• Source Verification - AI cites sources with clickable links for verification
• Format Requests - Request specific output formats (tables, lists, summaries)
• Context Memory - AI learns preferences and adapts to your technical background over time

FAQ

Troubleshooting

Need Human Help?

For billing questions, account issues, or anything the AI can't resolve, email support@dropops.ai. We're here to help.