SSH Session
app-host.lab.internal
demo@app-host:~$
Connected
ShellYard
One workspace for the engineers who work with APIs, SSH, databases, and documentation.
Connect to the host. Test the API. Inspect the database. Document the fix. All inside one Space.
ShellYard brings remote access, diagnostics, docs and IPAM, credentials, API testing, database inspection, and AI-assisted troubleshooting into one desktop app.
No account required · BYO AI provider · Built for private infrastructure
- 1
Connect
SSH, RDP, VNC, SSM, serial
- 2
Test
HTTP, GraphQL, realtime APIs
- 3
Inspect
Postgres, MySQL, SQL Server, Redis, Mongo, SQLite
- 4
Diagnose
DNS, MTR, Nmap, SNMP, TLS
- 5
Ask
Magellan explains the context
- 6
Document
Runbooks, notes, IPAM, incident reports
The workflow
One window.
Whole incident.
Troubleshooting infrastructure usually means jumping between terminal apps, API clients, password vaults, network tools, database clients, spreadsheets, stale docs, and chat threads. ShellYard keeps the connection, context, output, documentation, and handoff together.
ShellYard turns scattered infrastructure work into shared operational memory.
Before vs. after
Your infrastructure workflow
is not a workflow.
It is a pile of tools, tabs, and tribal knowledge.
Before ShellYard
12 tabs. 6 tools.
3 stale docs.
1 person who remembers how it works.
After ShellYard
One Space
for the work.
L Lab Environment
Active Space - Connections 8
- Diagnostics 33 tools
- Docs / IPAM 14 docs · 3 subnets
- Credentials 12 entries
- APIs 5 collections
- Databases 6 engines
- Magellan BYO key
● Auditing every credential, command, query, and Magellan call.
ShellYard turns scattered infrastructure work into shared operational memory.
The differentiator
Test private APIs
without building tunnels by hand.
Postman-style clients are great when the API is reachable. ShellYard is built for the internal services behind jump hosts, VPNs, labs, and private networks.
HTTP Request
GET /health
api.lab.internal
↳ Route: app-host.lab.internal
Response
200 OK 142 ms
{ "status":
"healthy" } Magellan
Response looks healthy. The request succeeded through the SSH route. I can document this workflow.
No manual port forwards. No switching tools. No losing the infrastructure context around the request.
Organize the work
Spaces keep infrastructure work
separated and organized.
Use Spaces for clients, sites, projects, labs, environments, or teams. Each Space keeps its own connections, docs, IPAM, credentials, tool context, and audit trail.
Lab Environment
For individual labs, experiments, and reference networks.
Connections
8 saved
Docs / Runbooks
14
IPAM subnets
3
Credentials
12 entries
Recent activity
6 events today
HTTP collections
5
Personal Space
For individual work, labs, and personal infrastructure.
Client / Site Space
For MSPs, consultants, and teams managing separate environments.
Team Space
For shared operational workflows, documentation, credentials, and handoff.
The simpler stack
Replace tool sprawl
without replacing your whole stack.
Most teams pay across terminal clients, API tools, database tools, network utilities, docs and IPAM systems, and credential workflows. ShellYard brings the daily infrastructure workflow together — not your RMM, your ticketing system, or your monitoring stack.
- Terminal client
- API client
- Database client
- Network toolkit
- Docs / IPAM
- Credential vault
- AI browser tab
ShellYard
One desktop
workspace.
Remote access. Diagnostics. HTTP / GraphQL / Realtime. Six database engines. Docs and IPAM. Vault. Magellan AI. Audit trail. All inside one Space.
Starts at $0 · Pro $24/mo annually or $29/mo monthly — save $60/yr with annual
ShellYard does not replace your RMM, PSA, ticketing system, or monitoring stack. It collapses the daily operations workflow — connect, troubleshoot, document — into one workspace.
Remote access
Every protocol you use, in one tab strip.
- 8 connection types
- · Vault auto-fill
- · Multi-window
SSH, RDP, VNC, Telnet, serial, AWS SSM, embedded browser, and a local shell — same window, same auth model, same audit trail.
- OpenSSH-compatible: keys, certs, password, jump-host chains, agent forwarding
- RDP via the platform-native client; embedded browser for switch / firewall web UIs
- AWS SSM Session Manager — no open ports, no public IPs, no SSH keys
- Vault auto-fill into every session type; credentials never visible in the UI
HTTP / GraphQL / Realtime
API client that knows your infrastructure.
- SSH-tunneled requests
- · 4 import paths
- · GraphQL · WebSocket · SSE · MQTT
Full HTTP REST workflow — collections, environments, scripts, tests, and a runner that does sequential or parallel iterations with HTML and JSON reports. Imports from Postman v2.1, OpenAPI 3.x, cURL, and HAR. The differentiator is routing: any request can flow through an active SSH session, so internal-only APIs are reachable without staging port forwards.
- Pre-request and post-response scripts; assertions on status, headers, body
- Auth presets — Basic, Bearer, API key, OAuth2 (auth code / client creds / password), Digest, AWS SigV4
- GraphQL with query + variables editors; WebSocket, SSE, MQTT for realtime
PostgreSQL
Schema browser, query editor, live Health
MySQL
Schema browser, query editor, live Health
SQL Server
T-SQL editor, schema browser, live Health
SQLite
Open any .sqlite file — no server needed
Redis
Key browser, command shell, live Health
MongoDB
Collection browser, live Health
Data Inspector
Six engines. One workspace. SSH-tunneled.
Engine-aware query editor, schema browser, and live Health dashboards on every supported database. Routing inherits the connection — point a database at a saved SSH host and the connection tunnels automatically.
Network diagnostics
33 tools, one Ask Magellan button.
Probes, capture, decode, calc, and device-side workflows — every diagnostic surface attaches its current output to Magellan with one click. The point is not the count; the point is no tab-switching. Filter by category, or click any tile to see exactly what it does.
Host Probe
Ping, TCP probe, and traceroute snapshot for a single host.
Ping Sweep
ICMP across an IP range in parallel, live results.
Port Scanner
Lightweight TCP port scan against any host or range.
Nmap
Service detection and deep port scanning when you need it.
Network Discovery
Layered Nmap + ping sweep over a subnet with results table.
AP Scanner
Wireless access point discovery with channel + signal data.
IPAM Auto-Discovery
Scan a subnet and populate IPAM with discovered hosts.
MTR
Per-hop latency and loss with reverse DNS + ASN annotation.
Packet Capture
Per-interface filter, save to PCAP for Wireshark.
TLS Inspector
Certificate chain, ciphers, SANs, and expiry in one view.
DNS
Forward, reverse, MX, TXT, NS, SOA lookups against any resolver.
WHOIS / RDAP
Domain and IP registry lookups, RDAP-first with WHOIS fallback.
NTP
Probe NTP servers and check offset, stratum, and jitter.
SNMP Browser
Walk MIBs with v1 / v2c / v3, bundled standard MIBs included.
Syslog Viewer
Live syslog server with severity filters and search.
Bandwidth Monitor
Live SNMP-based interface bandwidth charts per device.
DHCP Tools
DHCP discover, request, and lease inspection over the wire.
Encoders / Decoders
base64, hex, URL, JWT, hash, and more — bidirectional.
JSON / YAML Formatter
Pretty-print, validate, and convert between JSON and YAML.
Subnet Calculator
IPv4 / IPv6 ranges, supernets, splits, and reverse-lookup math.
PoE Budget
Calculate power available on a PoE switch budget vs draw.
Cron Calculator
Validate cron, preview next 50 firings, DST-aware in any TZ.
MAC Tracker
Find which switch port a given MAC address landed on.
AD Browser
Browse Active Directory users, groups, and OUs.
JWT verify + sign
Decode, verify (HMAC / RSA / ECDSA / PSS), and mint JWTs.
Cert Toolkit
Generate keys, build CSRs, self-sign, sign with your CA, inspect PEMs.
AAA Tester
TACACS+ and RADIUS probes — PAP, EAP-MD5, EAP-PEAP, EAP-TLS.
Bulk Command
Send the same command to multiple devices in one run.
Batch SSH
Parallel SSH execution across many hosts with output table.
Config Backup
Pull device configs and store them in the active Space.
Config Diff
Compare two backups line by line; spot drift fast.
File Transfer
TFTP / FTP / SFTP transfers with progress and validation.
TFTP Server
Tiny TFTP server for firmware and config delivery.
Every tile attaches its current output to Magellan with one click. Or jump to all features.
Documents, IPAM, and Spaces
Documentation that lives where the work happens.
- Team and Enterprise: per-Space CMK
- · Group-scoped credentials
- · IT Glue + Hudu importers
A Space is an isolation boundary for credentials, connections, documents, IPAM, HTTP collections, database connections, and audit trails. Personal Spaces stay private. Shared Spaces unlock multi-user collaboration on Team. Team and Enterprise both mint a customer-managed KMS key per Shared Space — credentials shared into a Space are decryptable only by Space members, and cryptographic erasure on offboarding wipes them under the AWS pending window.
- Documents, runbooks, IPAM (subnets + hosts), snippets, password-protected share links — Team and above
- IT Glue and Hudu importers — bring the docs you already maintain
- Per-Space audit-log export, filterable by actor / action / target on Enterprise
Magellan
Magellan understands
the work around the prompt.
Magellan uses context from ShellYard tools — terminal output, HTTP responses, database results, diagnostics, config diffs, docs, and IPAM — to explain what happened and help document the fix.
Ask Magellan
- >
Explain why this API returned 401.
- >
Summarize this terminal session into a runbook.
- >
Compare these switch configs and tell me what changed.
- >
Search this Space for anything related to DHCP failures.
- >
Create an incident report from this troubleshooting session.
- >
What should I check next?
Magellan
Replied · 1.2 sMagellan found a failed API request, a recent config change, and a related runbook in this Space. Suggested next step: verify the upstream service and document the SSH-routed API test.
Attached context
Terminal output HTTP response Config diff Runbook IPAM subnet Diagnostic result
You control what context is attached. ShellYard shows every snapshot before send and redacts secrets client-side.
Five-stage flow: Explain → Suggest → Draft → Review → Execute. You always run the command. Magellan never executes autonomously.
Built for
Built for the people who
actually touch infrastructure.
MSPs
Per-client isolation is the whole job. One Space per client — connections, credentials, docs, IPAM, audit, and tool context never bleed between clients. Per-Space customer-managed KMS on Team and Enterprise; cryptographic erasure on offboarding.
Explore MSP workflowsNetwork Engineers
The kit you actually use — SSH, serial console, SNMP browser, MTR, Nmap, TLS inspector, packet capture, config backup + diff — in one cross-platform desktop. Every tool's output snapshots into Magellan with one click.
Explore network workflowsDevOps / Platform
Test internal APIs without standing up a port-forward. Any HTTP / GraphQL / realtime request routes through your active SSH session — alongside six DB engines, real terminals, and BYO-key AI that never proxies through us.
Explore DevOps workflowsIT Teams
One way every engineer connects, troubleshoots, documents, and hands off. Shared Spaces with audit trail, Magellan grounded in the workspace, IT Glue and Hudu importers for the docs you already maintain. Onboarding goes from a wiki crawl to a Space invite.
Explore team workflowsBuilt for private infrastructure
For teams that work with private networks, credentials, internal APIs, and sensitive operational context.
Desktop-first
Sessions run from the operator's machine, not a hosted backplane.
On-device execution
Terminal, network tools, HTTP requests, and database queries run locally.
BYO AI provider
Your Anthropic / OpenAI / Gemini / Ollama key. ShellYard takes no AI markup.
Space-scoped context
Magellan only sees what you attach inside the active Space.
User-controlled attachments
Every snapshot the model receives is visible before it sends.
Local-first Free tier
Encrypted SQLite vault on disk with the master key in your OS keychain; nothing syncs off the machine.
KMS-backed sync where applicable
Cloud-synced vault and Documents are encrypted on the cloud side.
Per-Space audit trail
Every credential access, command, query, and Magellan call is logged.
Audit export on Team
CSV export filtered by actor, action, target. Per-Space on Enterprise.
Full details — what's encrypted where, what Magellan can and cannot see, audit-log coverage — live on the security page.
First 5 minutes
Your first 5 minutes in ShellYard.
A clear path to the moment ShellYard earns the workspace label.
- Step 1
Add an SSH connection.
- Step 2
Open a terminal or run a health check.
- Step 3
Test an internal API through the connection.
- Step 4
Ask Magellan to explain the output.
- Step 5
Save the result as a runbook or note.
Pricing
Pick a tier.
Or stay on Free forever.
Free is genuinely free, no card. Pro starts with a 14-day trial; Team gets 30 days. Credit card required, cancel before the trial ends with no charge.
Free
For individual evaluation and personal infrastructure workflows. No account required — download and start.
$0forever
No account required. No credit card. Free is a real evaluation tier — keep using it forever or upgrade when you need persistent workflows.
- SSH, Telnet, RDP, VNC, serial, AWS SSM, local terminal, embedded browser
- DNS, WHOIS, NTP, ping sweep, port scanner
- Subnet calculator, encoders, JSON / YAML formatter
- Cert checker, AP scanner, JWT verify + sign
- SQLite with live Health dashboard
- REST client capped at 1 collection / 25 requests
- BYO Anthropic, OpenAI, Gemini, or Ollama / OpenAI-compatible key
- Local AES-256-GCM vault, master key in OS keychain (device-only)
- Personal Space, single user
Pro
For solo operators, consultants, and power users who want persistent workflows.
$24/ month, billed annually
$24/mo annually ($288/yr) or $29/mo monthly — save $60/yr with annual. 14-day free trial — credit card required, cancel any time before day 14 with no charge.
Everything in Free, plus
- Packet capture, MTR, SNMP browser, TLS inspector
- Nmap, DHCP, host probe, syslog viewer
- Config backup + diff, AAA Tester, Cert Toolkit
- Unlimited collections, environments, runner, scripts and tests
- Postman v2.1, OpenAPI, cURL, HAR imports
- GraphQL + Realtime (WebSocket, SSE, MQTT) clients
- Webhook Receiver
- Postgres, MySQL, SQL Server (T-SQL), Redis, MongoDB
- Live Health dashboards on every engine
- HTTP requests and database connections through any active SSH session
- Personal vault envelope-encrypted under your per-user CMK
- AI provider keys sync the same way
- 1 Shared Space
Team
For teams managing shared infrastructure workflows.
$49/ seat / month, billed annually
$49/seat/mo annually ($588/seat/yr) or $59/seat/mo monthly — save $120/seat/yr with annual. 3-seat minimum. 30-day free trial — credit card required, cancel any time before day 30 with no charge.
Everything in Pro, plus
- Up to 25 Shared Spaces with per-Space audit trail
- Customer-managed KMS key per Shared Space
- Group-scoped credentials (key rotates on member removal)
- Cross-Space credential moves re-encrypt in one click
- Bulk command runner, batch SSH, IPAM auto-discovery
- Per-Space documents, runbooks, IPAM, snippets, HTTP collections, DB connections
- IT Glue and Hudu importers
- Public document share links
- CSV export, per actor / action / target
Limits
- 5 MiB / document, 1 GiB / Space, 90-day version history
Enterprise
For organizations that need stronger isolation, retention, and compliance-oriented controls.
From $99/ seat / month, billed annually
From $99/seat/mo billed annually ($1,188+/seat/yr). 10-seat minimum. Custom annual contracts.
Everything in Team, plus
- Unlimited Shared Spaces
- Per-Space audit-log filtering and export for client reporting
- Schedule a Space CMK for deletion; every credential, document, and version becomes unrecoverable after the AWS pending window
Limits
- 10 MiB / document, 5 GiB / Space, unlimited version retention
Contracts
- Custom annual contracts; security review under NDA
Stop losing
infrastructure context.
Download ShellYard and try the workflow: connect to a host, test an internal API, ask Magellan, and save the fix as a runbook.