FFelaniaDocumentation

FELANIA EDGE · V1

Remote operations for the devices you already run.

Felania Edge installs on existing Linux gateways, routers and connected products. It reports health through an outbound connection, alerts your team and executes only explicit allowlisted recovery actions.

The simple versionInstall one agent without replacing the operating system. Felania watches the device and helps you diagnose or recover it without opening an inbound firewall port.

WHO IT IS FOR

Teams that operate devices in the real world.

01

Device builders

Teams selling kiosks, gateways, sensors or appliances that need an operations layer without building one from scratch.

02

System integrators

People maintaining routers, edge computers or industrial sites for multiple customers and locations.

03

Remote operations

Small teams responsible for unattended equipment in shops, warehouses, farms, offices or home labs.

04

Software developers

Builders who want fleet status and telemetry inside their own app through a straightforward REST API.

QUICKSTART

From zero to a live device in three steps.

  1. 1

    Create a device

    Open the console, choose Add device, then enter a unique name, site and device type.

  2. 2

    Copy the device token

    The token begins with fle_ and is shown once. Store it on that device as a secret.

  3. 3

    Install the agent

    Run the generated command as root. The device appears online and begins polling for allowlisted operations.

Target deviceLinux / OpenWrt
curl -fsSL https://felania.com/install.sh | \
  sudo sh -s -- fle_YOUR_DEVICE_TOKEN

What it installs: a small shell agent, a separate update runner, curl and jq if missing, a root-only configuration file and a systemd or OpenWrt procd service. The agent makes outbound HTTPS requests only.

GUARDED UPDATES

Automatic when you want it. Recoverable when it fails.

Each device can use Manual or Automatic update mode from Console → Devices. Manual mode is the default. Choose Update now or queue update_agent from Remote Operations to start a manual update.

Verify

The agent accepts only the authenticated manifest path, matching SHA-256 checksum, declared version and valid shell syntax.

Stage

The current agent is copied into the previous slot before the new version is activated atomically.

Validate

The new version must send a heartbeat and complete an authenticated command poll within two minutes.

Roll back

If the new process crashes, hangs or fails validation, the stable runner restores the previous version automatically.

Why the runner is separate: agent updates never overwrite the small process responsible for recovery. A device always keeps current, previous and pending-update state until validation succeeds.

RUNBOOK CONSOLE

Repeatable remote response without an open terminal.

Open Console → Runbooks to run a reviewed sequence of allowlisted operations across one or more devices. Felania validates every parameter on the server, executes steps in order and keeps a per-device transcript with status, timing and bounded output.

PHASE 01ConfigureParameters and targets
PHASE 02CanaryComplete one device first
PHASE 03FleetContinue and retain transcript
Health snapshot

Collect diagnostics and discover services without changing device state.

Network path

Check DNS resolution and connectivity to a validated hostname or IP address.

Service triage

Read service status and a bounded number of recent log lines.

Service recovery

Inspect, restart, verify and collect logs as one Owner-approved playbook.

Guarded Agent UpdateThe built-in update Runbook captures a health snapshot before queueing the Agent's verified, staged and automatically recoverable update process.

Risk and approval model

Read only

Owners and operators can collect evidence. Viewers can read completed transcripts but cannot start a run.

Service change

Restart, interval and Agent update steps require an Owner. The risk is calculated from the operations, not chosen by the author.

Disruptive

Reboot requires an Owner and should always begin with a canary when more than one target is selected.

Cancellation

A command already claimed by a device may finish. No later step or fleet phase is queued after cancellation.

Create a custom Runbook

  1. 1

    Describe the response

    Owners choose Create Runbook and give the playbook a clear name and purpose.

  2. 2

    Add validated steps

    Select one to eight operations. Fields such as service, target, log lines and heartbeat interval use the same validation as Remote Operations.

  3. 3

    Run on a canary

    Select compatible Agent 1.7 devices and keep the default canary strategy for multi-device work.

  4. 4

    Review the transcript

    Each run preserves its Runbook version and rendered steps, so later edits cannot change historical evidence.

Security boundary: Runbooks do not accept arbitrary shell, pipes, redirection or undeclared parameters. Service logs can contain application secrets, so grant console and API access only to trusted operators and rotate exposed credentials if sensitive output is captured.

Start a Runbook through the API

TerminalCanary execution
curl -X POST https://felania.com/api/v1/runbooks/rb_system_network_path/run \
  -H "Authorization: Bearer fla_YOUR_PLATFORM_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "deviceIds": ["dev_FIRST", "dev_SECOND"],
    "strategy": "canary",
    "parameters": { "TARGET": "felania.com" }
  }'

APPLICATION RELEASES

Canary first. Fleet only after health passes.

Felania Releases deploys a Docker Compose workload through the existing outbound agent. Open Console → Releases, enter an application name and version, paste the Compose file, select compatible devices and run deployment preflight before rollout.

PHASE 01CanaryOne selected device
HEALTH GATEValidateServices and optional HTTP URL
PHASE 02FleetRemaining targets
Verify

The agent checks the release SHA-256 and runs Docker Compose validation before pulling images.

Deploy

Compose images are pulled and started under an isolated Felania project name.

Gate

Every service must be running. An optional localhost HTTP endpoint can provide application-level health.

Recover

A failed device restores its previous Compose release. Successful earlier targets are rolled back when a later phase fails.

Compose examplemedia-control · 2.4.0
services:
  app:
    image: ghcr.io/example/media-control:2.4.0
    restart: unless-stopped
    environment:
      DATABASE_URL: ${DATABASE_URL}
    ports:
      - "8080:8080"
Encrypted Secrets VaultCreate application variables in Console → Releases, then reference them as ${VARIABLE_NAME}. Values are encrypted at rest with AES-256-GCM and never appear in Compose, command payloads, deployment output or the timeline. Workspace values can be overridden per site and then per device.
Immutable snapshot

Precedence is workspace, then site, then device. Each target receives the encrypted snapshot captured when the release was created.

One-time fetch

The authenticated agent can retrieve protected deployment configuration once, and only while its release command is running.

Root-only file

Resolved variables are written beside the release as a mode 0600 .env file so Compose can restart safely.

Private images

Registry login uses a temporary Docker configuration for image pull, then deletes it before the workload starts.

Browse a private Registry V2

  1. 1

    Add and verify credentials

    In Console → Releases, enter the HTTPS registry host, username and plaintext password or access token. For htpasswd, use the original password—not the bcrypt hash stored in the password file. Felania validates /v2/ before encrypting the credential.

  2. 2

    Inspect a tag

    Choose Browse images, select a repository and then Inspect image. Felania reads its Registry V2 manifest, immutable digest, size and supported platforms such as linux/amd64 and linux/arm64.

  3. 3

    Use the pinned image

    Choose Use pinned image to place an @sha256: reference into the Compose release. A later push that changes the original tag cannot silently change this release.

Deployment preflight

Inspect

Every image from the selected private registry is resolved to its current manifest digest.

Compare

Agent 1.7.0 reports the device Docker platform. Felania compares it with every inspected image platform.

Block

Unknown device architecture, missing image platform metadata or an architecture mismatch blocks release creation before the canary.

Pin

Mutable tags in Compose are replaced by immutable digests on the server, including API-created releases.

Preflight with a Platform API keyPOST /api/v1/releases/preflight
curl -X POST https://felania.com/api/v1/releases/preflight \
  -H "Authorization: Bearer YOUR_PLATFORM_API_KEY" \
  -H "Content-Type: application/json" \
  --data @release.json

Rotate or correct a login: choose Update login on the saved Registry card, enter the plaintext password again and select Verify & update login. The existing encrypted credential remains unchanged if verification fails.

Registry security boundaryCatalog requests run on the Felania server with an eight-second timeout, bounded response size, no redirects and blocked loopback/link-local/metadata targets. Private RFC1918 and Tailscale addresses remain available for self-hosted registries. TLS must be trusted by the Felania server.

Compatibility: the Registry must expose the Docker Distribution V2 catalog and tag endpoints. Some hosted registries or pull-only scoped credentials intentionally deny _catalog; those credentials can still deploy an explicitly entered image reference.

Application Control CenterFelania compares the desired successful release with workload versions reported by every target device. The console highlights version drift, missing workloads and offline targets. Operators can cancel an active rollout, retry a failed or rolled-back release with its original encrypted snapshot, or manually roll back a successful deployment.

Application lifecycle controls

Stop / Start

Stop containers without deleting configuration or volumes, then start the stored release with health validation.

Restart

Restart the current Compose project and require container plus optional HTTP health checks to pass.

Uninstall

Remove containers and networks while preserving named volumes and local release files for a later Start.

Purge

Permanently remove containers, application volumes and local release files. Owner access and exact application-key confirmation are required.

Release history stays auditableDeploy again creates a new guarded rollout from a stored release and captures a new immutable secret snapshot. Archive hides an old release from normal lists without deleting deployments, command output or audit events.

Device requirements: Felania Agent 1.7.0, Docker Engine and either Docker Compose v2 or docker-compose. Secret values and registry tokens must be one line. Anyone with root access to a target device can inspect its runtime environment, so device operating-system security still matters.

EDGE APP BLUEPRINTS

Deploy a supported app without writing Compose.

Open Console → Releases and choose a Blueprint. The guided form asks only for the image or version, ports and required encrypted variables. Felania renders a server-validated Compose file, shows a safe preview, then uses the same canary health gates and immutable protected snapshots as a manual release.

Ready

Docker Service and Uptime Kuma can be configured and deployed now.

Preview

Rendered Compose and its localhost health target are visible before rollout.

Draft

Incomplete Blueprints show readiness blockers and cannot create a deployment.

Protected

Secret values never appear in the Compose preview, release payload or GitHub workflow.

Media Control SystemIts Blueprint is intentionally Draft until a multi-architecture GHCR image is published, the embedded bootstrap credential is removed, a production health endpoint exists and persistent media paths are validated. Felania lists these blockers instead of offering an unsafe deployment.

Trigger a Blueprint from GitHub Actions

  1. 1

    Create an API key

    In Console → API, create a dedicated key and save it in the GitHub repository secret FELANIA_API_KEY.

  2. 2

    Copy the generated workflow

    On a Ready Blueprint card, choose GitHub Action and save the result as .github/workflows/felania-deploy.yml.

  3. 3

    Add Blueprint secrets

    If the Blueprint declares secret variables, create GitHub repository secrets with the same names. Non-secret values are workflow inputs.

  4. 4

    Run the workflow

    Use Actions → Deploy with Felania → Run workflow. Supply an immutable version and a JSON array of target device IDs.

Safe automation: give each repository its own Felania API key, keep the workflow permission at contents: read, pin image versions and revoke the key when the integration is retired.

CORE CONCEPTS

Devices, sites and telemetry.

Every device belongs to one workspace and one site. A device identity is independent of its hardware, so it can represent a Linux computer, OpenWrt router, ESP32, gateway or another connected product.

DEVICEEdge agentSends HTTPS heartbeat
FELANIAIngest & classifyStores latest metrics
YOUConsole or APISee and automate

Each heartbeat includes CPU, memory, disk, Wi-Fi signal when available, hostname, IP address, uptime, load average, kernel, agent version and operating-system metadata. Felania retains telemetry for 30 days by default.

Remote ToolkitFelania Agent supports diagnostics, service discovery, service status and logs, network and DNS checks, service restart, guarded agent update, controlled reboot and heartbeat interval changes. Full results are retained in the audited command history. Arbitrary shell commands are intentionally not supported.

Device lifecycle

Archive

Owners remove an identity from the active fleet and invalidate its token while preserving telemetry, deployments and audit history.

Restore

An archived identity returns as Pending with a newly rotated one-time device token. The old token remains invalid.

Active-work guard

Archive is blocked while the device has an active deployment, Runbook or queued/running command.

Audit-safe purge

Permanent purge is available only for an archived identity with no deployment, Runbook or command history and requires its exact name.

Console workflow: open Console → Devices and choose Archive. Archived identities appear below the active inventory with Restore and, when safe, Purge controls.

Find a device quickly: search by device name, site, OS, hostname, agent version or platform. Sort the active inventory by attention status, name, site, last seen or version. The same search also filters archived identities.

STATUS MODEL

A small state model you can trust.

Online

Heartbeat received in the last two minutes.

Warning

Device is reporting but explicitly needs attention.

Offline

No heartbeat has arrived for more than two minutes.

Pending

Identity exists, but its first heartbeat has not arrived.

TOKENS & SECURITY

Two credentials, two responsibilities.

fle_…

Device token

Lives on one device. It can only send telemetry for that identity. Use it with the heartbeat endpoint.

fla_…

Platform API key

Lives in your trusted backend or automation. It can read and manage the fleet in its workspace.

Never place a Platform API key in browser JavaScript or firmware distributed to customers. Create separate keys for each integration and revoke them from the console when no longer needed.

PLATFORM API

Connect Felania to your own product.

Create a Platform API key from Console → API. Send it as a Bearer token on every management request. The API is versioned under /api/v1 and returns JSON.

TerminalList devices
curl https://felania.com/api/v1/devices \
  -H "Authorization: Bearer fla_YOUR_PLATFORM_API_KEY"
JavaScriptNode.js
const response = await fetch("https://felania.com/api/v1/summary", {
  headers: { Authorization: `Bearer ${process.env.FELANIA_API_KEY}` }
});

const fleet = await response.json();
console.log(`${fleet.online}/${fleet.total} devices online`);

Platform API keys are limited to 120 requests per minute per key. Device heartbeat limits are separate.

API REFERENCE

Available endpoints.

GET/api/v1/summaryFleet totals by status
GET/api/v1/devicesList devices and latest metrics
GET/api/v1/devices/archivedList archived identities and purge eligibility
POST/api/v1/devicesCreate a device and one-time token
GET/api/v1/devices/:idRead one device
GET/api/v1/devices/:id/telemetryLatest 100 telemetry points
GET/api/v1/releasesRelease and deployment history
POST/api/v1/releases/preflightResolve digests and validate image/device platforms without deploying
POST/api/v1/releasesCreate a Compose release and start rollout
POST/api/v1/releases/{id}/redeployDeploy a stored version with a new protected snapshot
POST/api/v1/releases/{id}/archiveHide a release while preserving audit history
POST/api/v1/applications/{slug}/actionsStop, start, restart, uninstall or purge an application
GET/api/v1/blueprintsList Ready and Draft Blueprint definitions
POST/api/v1/blueprints/{id}/previewRender and validate a Blueprint without deploying
POST/api/v1/blueprints/{id}/deployCreate a guarded release from a Ready Blueprint
POST/api/v1/deployments/{id}/cancelStop future targets and recover a running canary
POST/api/v1/deployments/{id}/retryRetry with the original encrypted snapshot
POST/api/v1/deployments/{id}/rollbackRoll back a successful release
PATCH/api/v1/devices/:id/update-policyChoose automatic or manual agent updates
POST/api/v1/devices/:id/commandsQueue an allowlisted operation
GET/api/v1/devices/:id/commandsRead command status and results
GET/api/v1/runbooksList validated Runbooks and recent runs
POST/api/v1/runbooks/{id}/runStart a Runbook with validated parameters and targets
GET/api/v1/runbook-runs/{id}Read target, step and output transcript
POST/api/v1/runbook-runs/{id}/cancelStop future steps and fleet phases
GET/api/v1/registry-credentialsList saved registry identities without passwords
GET/api/v1/registry-credentials/{id}/catalogBrowse a bounded Registry V2 repository page
GET/api/v1/registry-credentials/{id}/tagsList explicit tags for one repository
GET/api/v1/registry-credentials/{id}/images/inspectRead digest, size and platforms for one tag or digest
DELETE/api/v1/devices/:idArchive a device
POST/api/v1/devices/:id/restoreRestore an identity and rotate its one-time token
DELETE/api/v1/devices/:id/purgePermanently remove an unused archived identity
POST/api/v1/ingest/heartbeatSend device telemetry

See it before you connect hardware.

The public demo runs entirely in your browser, so you can explore incidents and recovery without an account.

Open interactive demo →