You vibecoded the app.Vibeops the rest.

DunOps connects to your stack and runs the deployment work — DNS, certs, rollbacks, credentials — through a chat thread. You describe the outcome. It handles the ops.

Start for free See it in 60 seconds

thread / connectworkspace ready · 14 connectorsauto-demo

Watching:

Talks to the stack you already run on

VercelCloudflareAWSGitHubGitLabDatadogSentryPagerDutySlackLinearNotionRenderFly.io1PasswordVaultVercelCloudflareAWSGitHubGitLabDatadogSentryPagerDutySlackLinearNotionRenderFly.io1PasswordVault

Repo to green padlock, in one sentence.

Point DunOps at a repository and a domain. It reads your deploy, creates the DNS record, issues the cert, and verifies HTTPS — in the time it takes to write the message. No tab-switching. No propagation prayer.

The old way

Vercel → import → 6 tabs of waiting
Cloudflare → A record → refresh, refresh, refresh
Re-issue cert → SSH in → curl, curl, curl again
Paste the URL in Slack. Pray.

0 tabs

Opened during the run

~15s

Message to green padlock

Connect my docs-site repo to docs.dunops.com

Run plan · run_4f2a

Connect docs-site to docs.dunops.com

Active

Detect framework & build settings

Next.js 14 · pnpm · output: .next

2.1s

Verify DNS authority for dunops.com

Cloudflare zone · 4 nameservers OK

0.8s

Propose record changes

CNAME → cname.vercel-dns.com

…

Preview · Cloudflare zone

3 changes proposed · 0 destructive

Dry run

Op	Type	Name	Value	TTL
add	CNAME	docs	cname.vercel-dns.com	Auto
add	TXT	_vercel	vc-domain-verify=…	Auto
keep	A	@	76.76.21.21	Auto

Approval · cloudflare:dns:write

Apply DNS changes & issue certificate

Awaiting you

Will modify dunops.com zone and request a new Let’s Encrypt cert for docs.dunops.com. Rollback is one click — your zone snapshot is taken automatically.

Prod deploys without the clicky-clicky.

Connect your CI and your host. DunOps watches for green builds and promotes on your signal — or on a schedule you set. Every promotion is logged, reversible, and requires no one to find the right button in the right dashboard.

The old way

Open Vercel → squint at build hashes → click “promote”
Ping someone with prod access. Wait. Ping again.
Stare at Datadog for 20 minutes hoping nothing pages
Slack “shipped 🚢”. Refresh. Pray.

0 dashboards

Tabs opened to ship

2 approvals

Per prod deploy, recorded

Promote claw-code-parity staging build to production

Gate checks · staging build 9c4a7b1

9 checks across CI, perf, errors, & cost

Running

CI · 248 tests · 0 failures

GitHub Actions · run #4128

2m 4s

Performance · p95 latency 217ms (≤ 300ms)

Datadog · /api/* over 1h

14s

Error budget · 0.04% (≤ 0.1%)

Sentry · last 24h, staging

Cost delta · +$3/mo projected

Lambda invocations · vs last 7d

+ 5 more · linter, types, a11y, bundle size, SBOM

all green

2-key approval · production

Promote 9c4a7b1 to claw-code-parity · iad1

1/2 approved

ix · approved 14:11 waiting on dev or sre on-call

Pager at 2am? Don't wake up. Just text it.

Describe what's wrong. DunOps reads your recent deploys, identifies the last stable build, and rolls back — or tells you exactly why it can't. No war room. No runbook. No one has to own the 3am shift.

The old way

3 PagerDuty pings · Sentry on your phone, half-blind
Squint at Vercel: which one was last green again?
Promote the old build. Pray it's compatible.
Write the Slack message yourself. Badly. Half-asleep.

10s

From “go” to healthy

Confirmed

Postmortem drafted & signed

Signal · sentry + datadog

api-gateway error rate 4.2% (baseline 0.05%)

Degraded

Spike started 14:02 UTC, ~3min after deploy a91f3b. Suspected cause: changed middleware ordering in src/auth.ts. Suggested: roll back to e210cc8 (last healthy).

Roll back the last deploy of api-gateway and tell Slack why

Rollback plan · 4 steps

Revert api-gateway → e210cc8

Confirm to apply

Promote e210cc8 on Vercel (api-gateway)

prod · iad1 + sfo1

…

Drain stale nodes & warm cache

/health · /status · /v1/ping

…

Verify error rate < 0.5% for 60s

Datadog query · auto-monitor

…

Post incident summary to #incidents

draft + offending diff attached

…

New · Playbooks

Save the chat. Re-run it forever.

Any DunOps thread can become a Playbook — a typed, parameterized graph you run from a button, a webhook, or another chat. Same steps. Same approval gates. Same outcome, every time.

A graph you can actually readApprovals, branches, parallel apply — all visible, all editable on the canvas.
Parameterized inputs, not hardcoded valuesRepo, domain, region, scope — every step takes inputs at run time, not edit time.
Triggered from chat, webhook, or scheduleSlack command, cron, HTTP webhook, or another thread — pick the trigger that fits.
Approval gates preserved per stepEach node carries its scope and approver. The audit trail tags along automatically.

Explore Playbooks See it in chat

playbooks / release-claw-code-parity.pbklive

Trigger

Slack / cron / chat

every Mon · 09:00 UTC

Preflight

Verify build is green

github · vercel

Plan

Compute DNS + cert diff

cloudflare · vercel

Approval

2-key required

on prod scope

Apply

Promote + DNS + cert

parallel · 3 hosts

Verify

p95 latency & errors

datadog · 5m window

Notify

Slack #releases summary

with diff + run link

Integrations

Talks to the tools you already run on.

Connect Vercel, Cloudflare, GitHub, AWS, or 40+ other providers in under a minute. DunOps reads everything. It writes nothing until you approve the plan.

New connectors weekly

Hosting & Runtime

Vercel
Cloudflare
AWS
Render
Fly.io
Kubernetes

Code & CI

GitHub
GitLab
CircleCI
GitHub Actions

Observability

Datadog
Sentry
PagerDuty
Grafana

Notify & Secrets

Slack
Linear
Notion
1Password
Vault
Doppler

MCPBring your own connector via MCP.Anything with an HTTP API — internal services, niche providers, your own platform — works in minutes.Don't see your tool? Request it

Alternatives

We're honest about the alternatives.

Scripts break silently. AI assistants hallucinate permissions. IaC is powerful but it isn't a chat. Here's where each one actually sits.

What you need	DunOps	Scripts + dashboards The status quo	Generic AI ChatGPT · Cursor · Copilot	IaC Terraform · Pulumi
Time to first working action From idea to a real change applied, on day one.	Minutes	Hours, if it works	Code, not action	Days of scaffolding
Understands natural language Describe the outcome, not the syntax.	Native	Bash flags	Native	HCL / TypeScript
Shows diff before running DNS, env vars, alias changes — visible up-front.	Every action	Inline maybe	Code diffs only	terraform plan
Enforces approval gates Apex DNS, prod aliases, credential rotation pause.	Per-scope policy	If you remembered	Not the model's job	Via PR review
Full audit trail Every plan, tool call, approval, signed and searchable.	Built-in	Shell history	Chat history only	tf state + git
Reusable without re-writing Same flow, drift-free, parameterized at run time.	Playbooks	If you wrote it	Not a concept	Modules
Manages complex multi-resource state State files, drift detection, large-scale graphs.	Per run, no state file	DIY	DIY	Core competency
Runs entirely offline / air-gapped No network, no model calls, no audit upload.	Cloud product	Bash on a laptop	Cloud product	CLI runs local

Who it's for

Built for people who ship a lot.

Not built for DevOps teams with ticketing systems. Built for the people who are the DevOps team.

Solo founders

You're building three things at once. You don't have time to remember which Cloudflare account holds which domain. DunOps holds that context for you.

Small platform teams

Two reviewers on every prod DNS change. One audit trail your team can actually read. No more “wait, who deployed this?” in Slack at 9pm.

Agencies & freelancers

Twelve client workspaces. One interface. No credential sprawl, no missed renewals, no emergency Sunday morning.

Who it’s for

Built for people who ship a lot

Solo founder

“I ship 3 side projects a month. Dun keeps them straight.”

user · what's live and what's stale

dun · 4 live · 1 paused · stale: weekend-app · indie-news pinged 12d ago

Adi · acme-blog · indie-news · weekend-app · slow-cal

Agency lead

“13 client workspaces. One audit log per client, no missing.”

user · audit acme · 7 days

dun · 31 changes · 0 unapproved · 2 reverted · CSV ready

Mira · 13 workspaces · audit ready

Startup CTO

“Two reviewers required for prod DNS — agent enforces it.”

user · drop CNAME api.acme.com

dun · blocked — prod DNS needs 2 approvers · invited @theo

Theo · seed-stage · prod safety on

Pricing

Priced for engineers, not committees.

Start on the free plan. Upgrade when your shipping cadence demands it — not before.

Hobby

$0/ forever

Get started. No card.

1 seat
20 workflow runs / mo
3 connectors
Save up to 3 Playbooks
Single-key approvals
7-day audit retention
Standard model routing
Community support

Start free

Most engineers

Pro

$24/ seat / mo

For active shippers.

Up to 5 seats
500 workflow runs / mo
All connectors
Unlimited Playbooks
2-key approvals on prod scope
90-day audit retention
Smart model routing
Email + Slack support · 1 biz-day SLA

Start Pro

Team

$72/ seat / mo

For teams with standards.

Unlimited seats
Unlimited workflow runs
All connectors + custom MCP
Workspace Playbook library
Custom approval policies
1-year audit retention
Premium model routing + BYOK
Dedicated channel · 4-hour SLA

Start Team

Questions about volume or enterprise? Talk to us

FAQ

Questions we've actually been asked.

What's a Playbook, exactly?

A typed, parameterized graph behind a chat thread. Action nodes, decision gates, retry edges, parallel fan-outs — saved, named, and re-runnable from a button, a webhook, or another chat. Eleven ship with every new workspace; you can save your own once canvas authoring lands.

How does DunOps know what to do?

It plans first. Every request becomes a typed graph of steps you can read top-to-bottom before anything runs. Tools are restricted by workspace scope; risky steps (apex DNS, prod aliases, credential rotation) always pause for a human go. No autonomous mutations, ever.

Does DunOps ever store my credentials?

Provider tokens are encrypted at rest and scoped per workspace. We never log, ship to a model, or surface them in chat — they live inside the connector adapter that calls the provider on your behalf. You can rotate or revoke any token from the integrations panel.

What's actually free, and what isn't?

The Hobby plan is free forever: 1 workspace, 1 user, 20 workflow runs / month, 3 connected providers. No card. You hit a paid plan when you bring teammates in, want more runs, or need 2-key prod approvals — not before.

How do I know if my stack is supported?

First-class connectors today: Vercel, Cloudflare, AWS, Render, Fly.io, Kubernetes, GitHub, GitLab, CircleCI, GitHub Actions, Datadog, Sentry, PagerDuty, Grafana, Slack, Linear, Notion, 1Password, Vault, Doppler. If it has an HTTP API, MCP bridges it. If it doesn't yet — request it, we add new connectors weekly.

What if I don't like a change after it's applied?

Every mutating run takes a snapshot first. One click reverts — DNS records, alias swaps, credential rotations, env vars. The rollback is part of the same audit trail, signed and reversible for 24h.

Do you replace my DNS provider, host, or CI?

No. DunOps drives the dashboards you already pay for. You keep your accounts, your billing, your OAuth scopes. We're read-only until you approve a change.

Shipping shouldn’t be the scary part.

You already have an AI that writes the code. Give yourself one that ships it.

Start for free Read the docs