Practical examples
This section collects concrete scenarios that come up every week. Not a feature list — a list of actions with the shortest click paths, SQL queries or API calls that do the work.
Per role
| Role | What you’ll find |
|---|---|
| Sysadmin | Triaging fleet changes, kernel updates, alert noise, drift, on-call |
| Auditor | Pulling evidence, offline verification, control coverage, retention |
| DevOps | SLOs, deploy gates, supply-chain CVE auto-fix, LLM observability |
| MSP | Cross-tenant triage, white-label, pre-issued EATs, multi-party signing |
Conventions on these pages
- Dashboard paths are written as
/agents/<id> → Kernel tab - API calls are
curlexamples withBearer $TOKEN; use your own token from/settings/api-tokens - SQL snippets are directly runnable in
psqlagainst the hub DB withset_config('app.current_tenant', '<uuid>', false)first — or replacecurrent_setting(...)with your tenant_id - EAT flow always refers to Ed25519-signed Emergency Action Tokens. Nothing in these examples runs as root on a host without an EAT passing through TOTP + audit log + transparency log
What is NOT on these pages
- Installation/onboarding — see Get started
- Architectural background — see Hub and Agent
- Pricing/sales — see monsys.ai