← Back to blog

The Linux agent is live

17 April 2026

I closed out the signups-are-open post with "next on the roadmap: a Go agent for monitoring stuff inside private networks." It's live today.

Install command, because this is the part people actually want:

curl -fsSL https://observare.io/install.sh | sudo sh

Here's the problem it solves and what you get with it.

Cloud monitoring has a blind spot

Every other Observare feature up to today assumes a target on the public internet. Your marketing site, your API gateway, your storefront — any URL my servers can reach. That covers most of what a small operator wants to monitor, but it misses a specific class of service that's usually more important than the public-facing stuff.

Your Postgres running on port 5432 inside a VLAN. A Python queue worker on a VPS you never opened a port on. The self-hosted admin panel behind Cloudflare Access. The n8n container on a homelab Pi. A Docker container that only talks to its sibling container on a user-defined bridge network.

None of that is reachable from observare.io, which means none of it is monitorable from observare.io. Until today.

What the agent is

A single static Go binary, around 6 MB, Linux amd64 or arm64. You install it on one of your own servers with the one-liner above. It authenticates against your Observare account using a device-code flow — the same pattern the GitHub CLI and Stripe CLI use — and from that point on runs four kinds of check locally:

Every check result flows back to me over outbound HTTPS, the same way the agent's system-stats snapshot does every sixty seconds. There's no inbound listener, no new port to open, no agent-to-agent coordination. Just one daemon, pushing results home.

Security posture

The agent is sandboxed in a way that specifically doesn't require trusting me with root on your servers. The systemd unit sudo observare install writes runs the agent under your regular user account — not root — with NoNewPrivileges, ProtectSystem=strict, and ProtectHome=read-only. The API key is stored at ~/.observare/config.json with 0600 permissions, and it's scoped to that one agent, so compromising it doesn't give an attacker anything beyond impersonating that single agent.

The one thing observare install deliberately does not do is add your user to the docker group. Docker group membership is effectively root on the host, and whether to grant it is a call you should make knowingly, not one I should make silently in a shell script. If you want Docker monitoring, you add the group yourself and restart the service.

How it shows up in the dashboard

Agent-managed monitors aren't on a separate page. An internal uptime monitor sits on the main Uptime monitoring page next to the cloud-managed ones, marked with a small robot icon — green if the agent is online, red if it's offline. Process and Docker monitors get their own pages under Monitoring, with the same pause/resume, edit, and alert-channel UI as every other monitor type.

Each agent has its own alert channels for agent-offline and agent-recovery events, kept separate from the per-monitor channels. That means a single agent reboot sends one alert, not a burst of per-monitor down alerts.

Pricing

No change. £5 a month for the whole platform, agent included. Five agents per account, 30 monitors of each type. No per-agent upcharge, no host license, no enterprise tier waiting in the wings. The agent is in the same bundle as uptime, SSL, port, cron, webhooks, and status pages.

If you're already on a trial, the agent is live on your account right now — install it with the one-liner above, then run observare auth and observare config. If you're not yet, start at observare.co.uk/register. Full install guide is in the docs.

That finishes the original feature roadmap. Everything I set out to build for launch is shipped. Next on the list: a deeper incident feed, data export, and a couple more alert channel integrations.

← Back to all posts