923 LLM-callable tools, the Remote Gateway for private-network execution, verification-first execution, task memory, infrastructure connectors, approval workflows, BYOK, credit controls, and MSP client workspaces. This is what Morpheus can actually do.
Morpheus groups its capabilities into twelve key operational domains, ensuring comprehensive coverage across your entire technology stack.
Manage Linux and Windows servers via secure SSH/WinRM, handle system configurations, service management, and cron jobs.
Full resource provisioning, cloud storage management, and database lifecycle across AWS, Azure, GCP, and OCI.
Manage Proxmox, vSphere, SCVMM, XenServer, Nutanix, HPE SimpliVity, Cisco UCS, Cisco Intersight, and Citrix DaaS.
Manage NetApp, Pure FlashArray, Dell PowerStore, TrueNAS, Veeam B&R, Veeam M365, Rubrik, Cohesity, and Commvault.
Automate Brocade, Cisco ACI, Arista CloudVision, Aruba Central, Meraki, F5, NetScaler, FortiGate, PAN-OS, OPNsense, and Cloudflare.
Coordinate threat investigation, EDR reviews, and vulnerability scanning with Defender, CrowdStrike, Sophos, SentinelOne, Qualys, and Tenable.
Manage Entra, Okta, Google Workspace, JumpCloud, Jamf, Intune, Exchange Online, SharePoint, and Teams.
Automate ConnectWise Automate/Manage, NinjaOne, Autotask, Kaseya, Freshservice, ServiceNow, Jira, and ManageEngine.
Deploy and orchestrate with Azure DevOps, GitHub, GitLab, Ansible AAP, Terraform, Jenkins, Codemagic, Kubernetes, and Docker.
Compile Android APKs/AABs, trigger iOS builds via Codemagic, manage GitHub repositories, and compile styled markdown PDFs.
Perform headless browser testing, capture screenshots, and generate Excel spreadsheets, Word reports, and diagrams as audit evidence.
Retain persistent task state across turns, maintain a deterministic tool-call ledger, and enforce strict approval gates.
A small Linux agent installed inside your customer / corporate network. It connects outbound to Morpheus Cloud over TLS and executes tool calls against private systems. The cloud remains the planner, billing, approval, and audit layer. No inbound SSH, WinRM, RDP, hypervisor, database, or internal-API ports need to be exposed.
Single outbound WebSocket from the gateway to the cloud. Optional cloud-cert pinning rejects TLS-inspection proxies. A bundled verify-outbound-only CLI confirms the agent never opens an inbound listener.
Switch the gateway into dry-run from the cloud console at any time. Every tool call is recorded as "would have executed" โ vendor handlers are never invoked. Run dry-run for a week, review the local audit log, then turn execution on.
A policy.yaml on the gateway VM declares allowed and denied tools, egress allow/deny CIDRs, workspace binding, read-only mode, and maintenance windows. Cloud says yes; local can still say no.
Every executed tool call writes a redacted JSONL line to /var/log/morpheus-gateway/audit.jsonl on the gateway VM. Correlation IDs match the cloud-side audit, so you can reconcile either way. Logrotate ships in the package.
Cloud Vault (default) โ credentials are stored in Morpheus Cloud's Vault and shipped inline over the encrypted WS for each call. Local credential mode (alpha) keeps credentials sealed on the gateway machine; the cloud only sends references.
One Morpheus tenant, many client gateways. Each gateway is scoped to one client workspace. Connectors in workspace A cannot route through workspace B's gateway. Belt and braces โ the agent rejects cross-workspace requests too.
Pin any private/on-prem connector to a specific gateway from the Morpheus console. Tool calls against pinned connectors route through that gateway automatically. The LLM never sees gateway selection โ it's transparent routing.
Agent reconnects with exponential backoff after any network blip or cloud restart. If the gateway is offline at dispatch time, the tool call fails closed with a clear gateway_offline error and last-seen timestamp โ no silent state.
Install via a one-line script that creates a non-root system user, drops a hardened systemd unit, runs enrollment, and starts the service. Idempotent. Supports Ubuntu 22.04/24.04, Debian 12, RHEL 9, Rocky 9, Alma 9.
SSH / Linux, WinRM / Windows / AD, Windows File Server, Exchange on-prem, SCVMM, Proxmox, vSphere, XenServer, Nutanix, HPE SimpliVity, Cisco UCS, Cisco Intersight (private), Citrix DaaS (private), OPNsense, FortiGate, PAN-OS, Check Point, MikroTik, UniFi, Cisco IOS-XE, Cisco ACI, Cisco MDS, Brocade SANnav, Cisco Catalyst Center, F5 BIG-IP, NetScaler, Riverbed, NetApp, Pure FlashArray + FlashBlade, Dell PowerStore / PowerScale / Unity, HPE 3PAR / Nimble / StoreOnce, IBM FlashSystem, TrueNAS, QNAP, Synology, Veeam B&R, Rubrik, Cohesity, Commvault, Acronis, Veritas NetBackup, PostgreSQL, MySQL / MariaDB, MSSQL, Oracle, MongoDB (self-hosted), Kubernetes (self-hosted), Docker Engine / Swarm, Ansible AAP, Terraform (CLI), Jenkins, GitLab self-hosted, GitHub Enterprise Server, Azure DevOps Server, Redfish / iDRAC / iLO / XClarity, internal HTTP / REST APIs, Prometheus (on-prem), Grafana (on-prem), Zabbix, PRTG, SolarWinds, OpManager, Applications Manager, Nextcloud self-hosted, ManageEngine ServiceDesk Plus on-prem, Splunk on-prem, ServiceNow on-prem.
SaaS connectors (AWS, Azure, GCP, OCI, M365 cloud, Entra, Okta, ConnectWise cloud, NinjaOne cloud, ServiceNow cloud, Splunk cloud, GitHub.com, GitLab.com, Datadog, etc.) stay cloud-routed by default. Connectors with both SaaS and self-hosted modes route based on a per-instance deployment-mode flag.
Remote Gateway is included in Pro plans and above. Per-client gateway pinning is a Business+ feature.
923 LLM-callable tools across 101 vendor modules and 118 connector cards.
Zabbix, PRTG, SolarWinds, OpManager, Applications Manager, Datadog, Splunk, Microsoft Sentinel, New Relic, Dynatrace, Grafana, Prometheus
AWS, Azure, GCP, OCI
Proxmox, vSphere, SCVMM, XenServer, Nutanix, HPE SimpliVity, Cisco UCS, Cisco Intersight, Citrix DaaS
NetApp, Pure FlashArray/Blade, Dell PowerStore, PowerScale, Unity, HPE 3PAR, Alletra, Veeam B&R, Veeam M365, Rubrik, Cohesity, Commvault, Acronis, Veritas NetBackup, TrueNAS, QNAP, Synology
Brocade SANnav, Cisco MDS, Cisco ACI, Cisco IOS-XE, Catalyst Center, Arista CloudVision, Aruba Central, Juniper Mist, Meraki, F5, NetScaler, FortiGate, PAN-OS, Check Point, OPNsense, Riverbed, MikroTik, UniFi
Defender, CrowdStrike, Sophos, SentinelOne, Qualys, Tenable, Entra, Okta, Google Workspace, JumpCloud, Jamf, Intune
ConnectWise Automate, ConnectWise Manage, NinjaOne, Autotask, Kaseya VSA, Freshservice, ServiceNow, Jira, ManageEngine ServiceDesk Plus
M365 Graph, Exchange Online, SharePoint, Intune, Teams, Exchange Server On-Prem, Windows File Server, Active Directory via WinRM
Azure DevOps, GitHub Enterprise, GitLab, Ansible AAP, HCP Terraform, Jenkins, Codemagic, Kubernetes, Docker, Cloudflare, Box, Dropbox, Nextcloud, Redfish BMC (iDRAC, iLO, XClarity)
Morpheus is engineered to handle complex operations that span hours or days with absolute reliability.
Task state is carried across turns, stored securely on the target server, and survives sandbox resets or credit pauses.
A strict chronological record of every execution step prevents repeating actions and guarantees perfect audit trails.
If user scope changes mid-task, Morpheus automatically re-computes the remaining phases without starting over.
No completion claims are made without positive verification. Outcomes are physically checked and confirmed before reporting success.
Automatic loop guard detects repetitive tool-calls and pauses execution, while per-turn caps check long tasks safely.
Dedicated SSH paths restrict shell access to authorized directories, maintaining absolute security boundaries.
Agency workspaces separate clients, conversations, connectors, audit logs, and usage views. Engineers can scope connectors to a client, restrict users to specific client workspaces, produce client-only audit reports, and track per-client credit usage.
Morpheus can spawn specialist subagents to work in parallel on independent workstreams โ then collect and synthesise their results.
SSH server execution, Proxmox hypervisor management, cloud resources, databases, and firewall controls.
Isolated sandbox compilation, git operations, precise code modification, and automated testing.
Web searches, technical documentation parsing, API specification reviews, and fact-gathering.
Multi-level evidence checks, HTTP status validation, and visual rendering audits.
Firewall rule analysis, log investigation, audit trail review, and prompt injection defence workflows.
Reports, PDFs, presentations, spreadsheets, and operational documentation generation.
Multi-agent orchestration is available on Business plans and above.
Morpheus has structured verification gates that must pass before any task is declared done. It never assumes a tool call succeeded without confirming the result.
Before reporting success, Morpheus runs a mandatory checklist: completeness, correctness, accessibility, quality, and safety.
Before final delivery, Morpheus evaluates its own output against the original requirements. If anything is missing, it fixes it first.
After mass find-replace operations, Morpheus runs a residual grep to confirm no old references remain before declaring the change complete.
Atomic static site deployments use timestamped releases and a current symlink. If a deployment fails verification, it automatically rolls back.
Non-zero exit codes are always treated as failures. Morpheus diagnoses the root cause before retrying โ never runs the same failed command twice.
Content fetched from external sources is treated as data only. Instructions embedded in web pages, files, or API responses are never followed.
Tell us about your environment and what you want to automate. We are onboarding early access users now.