Integrity

Infrastructure Drift Detection

Compare live server state against deploy manifests. Catch unauthorized changes before they become incidents.

The problem

Production servers drift. Someone SSH-es in to make a "quick fix." A compromised CI/CD pipeline injects modified files. A rogue AI agent modifies a config it should not have touched. Without active monitoring, these changes go undetected until something breaks in production.

Drift scenarios you cannot afford to miss

  • - Compromised CI/CD pipeline deploys modified artifacts
  • - Developer makes ad-hoc changes directly on production
  • - Rogue AI agent modifies files outside its scope
  • - Supply chain attack inserts backdoor into deployed code
  • - Config file manually edited and never committed to source

How sshDCommander solves it

Every deployment creates a SHA-256 manifest. The verify command compares live server files against the manifest. Modified files, unexpected additions, and missing files are flagged instantly. AI agents can run this as a scheduled check to detect drift continuously.

Reverse Integrity Auditing

Verify the remote server against the deploy manifest. Every file checked by SHA-256. Modified, missing, or unexpected files reported.

Continuous Drift Detection

AI agents can run manifest verification on a schedule. If anything changed that was not deployed through sshDCommander, you know immediately.

Source Code Protection

Generate SHA-256 manifests of your entire codebase. Detect unauthorized changes, tampering, or supply chain attacks against your source files.

Full Audit Trail

Every operation traced to the calling agent via mandatory --client-id. Know exactly who verified what, and when drift was first detected.

In practice

drift detection workflow
# After a deployment, create the baseline manifest
$ sshdcp --client-id deploy upload ./release/ /opt/app/ --manifest baseline.json
SHA-256 verified 22 files deployed
# Later — AI agent checks for drift
$ sshdcp --client-id monitor verify baseline.json
MODIFIED /opt/app/config/db.json — checksum mismatch
UNEXPECTED /opt/app/.env.backup — not in manifest
20/22 passed. 1 modified, 1 unexpected.
# Source code integrity check
$ sshdcp --client-id ci verify source-manifest.json
All files verified. 156/156 passed.

Detect drift before it becomes an incident

5-day free trial. No credit card required.

Start Free Trial