← Bridle

Docs

Everything you need to connect a machine and stay in control.

Connect a device

In your dashboard, go to Devices → Add a device to get a one-time code (valid 15 minutes). On the Linux machine you want to connect, run:

curl -fsSL https://bridlehq.com/install.sh | sh -s -- YOUR-CODE

The agent installs as a service, dials out to Bridle (no open ports), and your machine turns green in the dashboard. It starts in read-only mode.

The trust ladder

New devices are read-only: Bridle can look but not touch. When you're ready, switch a device to standardmode on the Policies page to allow writes (still gated by ASK approvals). After you've approved the same action a few times, Bridle suggests setting it to auto-allow — trust you grant gradually, with evidence.

What Bridle can do

Reads default to ALLOW. Writes default to ASK. You change any of it, per device, on the Policies page.

Reads
  • system.health.readCPU, memory, load, uptime
  • storage.inspectDisk usage per mount
  • process.listRunning processes by resource use
  • docker.inspectContainers, status, restart counts
  • docker.logs.readRecent logs from a container
  • service.inspectsystemd service states
  • updates.checkPending OS/package updates
  • files.searchFind files by name (never reads contents)
Writes (need approval)
  • docker.restartRestart a container
  • service.restartRestart a systemd service
  • cache.clearClear temp files older than 24h
  • updates.installInstall updates (never reboots)

Approvals on your phone

Install the free ntfy app, subscribe to a private topic, and enter it in Settings. When the AI proposes a change, you get a push with a dry-run preview and Approve / Decline — from anywhere.

Revoke a device

On the Devices page, remove any machine instantly. Its token is invalidated and the agent can no longer connect. Uninstall the agent on the machine with systemctl disable --now bridle-agent.

More detail lands as Bridle grows. Questions: hello@bridlehq.com