Local LLM · RAG Docs · Deterministic Execution

The conversational
control plane.

CertMate Agent maps your entire certificate infrastructure to natural language and deterministic slash commands. Run a local LLM as a sidecar to your cluster. Secure by default, strictly audited, zero external dependencies.

Designed for operators. Execute complex renewals, deploy hooks, and global cache clears via deterministic slash commands like /renew example.com, or query your live configuration naturally.

Deterministic Actions

Slash commands bypass the LLM entirely for critical operations. Sub-50ms latency for querying status, listing expiring certificates, or triggering specific deploy hooks.

Local LLM via LM Studio

Zero data leaves your infrastructure. Plug in any OpenAI-compatible local model (defaulting to Gemma 4) to securely query your infrastructure and internal documentation.

Strict Access Control

Read tools execute inline. Write tools queue a pending_action requiring explicit human confirmation. Admin-only operations are gated via cryptographically secure tokens.

Local RAG Engine

Built-in document indexer chunks and embeds CertMate's documentation locally. Ask /docs DNS-01 validation and get precise, cited answers without hitting external APIs.

Operate at the speed of thought.

The web component widget drops into any administrative dashboard. It streams responses via SSE, manages conversation state locally, and gracefully handles complex data structures like JSON payloads and markdown tables.

certmate-agent

/expiring 14

System connected. 2 certificates expiring within 14 days:

DomainExpiryStatus
api.production.internal6 daysAction Required
cdn.example.com12 daysAction Required

/renew api.production.internal

Proposed Action: Renew Certificate
Target: api.production.internal

Deploy the sidecar today.

Available as a standalone Python package or Docker container. Ready to integrate with your existing CertMate deployment in minutes.