Frequently Asked Questions
Product
awaBerry Anywhere
awaBerry Anywhere is a zero-trust remote access platform that gets any device — cloud server, laptop, Raspberry Pi, or any System-on-a-Chip (SoC) hardware — securely online in minutes and keeps it under your full control from anywhere in the world.
It is built around two integrated pillars: Connect (device onboarding via tailored installers, Docker containers, or guided one-click flows) and Remote (access via remote desktop, SSH terminal, web tunnels, and file management). No VPN. No open firewall ports.
No. awaBerry uses outbound-only HTTPS connections — your devices reach out to awaBerry's infrastructure, never the other way around. This means zero inbound ports need to be opened on your router or firewall, and no VPN client is needed anywhere.
Every connection is secured by zero-trust architecture: each request is explicitly authenticated and authorised regardless of network location or prior history.
awaBerry Anywhere supports macOS, Linux (all major distributions), and Windows. It also supports a wide range of System-on-a-Chip (SoC) devices — Raspberry Pi, NVIDIA Jetson, BeagleBone, Orange Pi, and many others — via the Bespoke Installer, which builds a custom OS image tailored to your exact hardware and network configuration.
Docker deployment is available for any existing Linux infrastructure without requiring host OS modifications — including NAS devices and containerized server stacks.
There are four purpose-built onboarding paths:
Add Existing Device — a guided, single-click initialisation flow for any already-running Windows, Mac, or Linux machine. The fastest path for devices already powered on.
Bespoke Installer — awaBerry generates a custom OS image pre-configured for your hardware and network. Ideal for SoC devices, true headless setups, and fresh installations.
Docker Deployment — deploy awaBerry as a container on existing Linux infrastructure. No host OS changes needed. Ideal for NAS devices or containerised server environments.
Shared Device — access a device that has been shared with you by another user via the Agentic API, with precisely the permissions the owner defined.
The Bespoke Installer is a custom OS image generated specifically for your hardware and network environment — not a generic image that requires manual configuration afterwards. Use it when you want a true headless setup for SoC devices (Raspberry Pi, Jetson Nano, etc.) or when deploying a fresh machine without ever connecting a monitor or keyboard.
You configure your Wi-Fi credentials, flash the image to an SD card or USB stick, insert it into the device — and receive an email notification the moment the device boots and registers. No manual SSH scanning, no IP hunting.
Once a device is registered in your dashboard, you have access to the full Remote suite:
🖥️ Remote Desktop (VNC & RDP) — full graphical control over macOS, Linux, and Windows. Use your browser for quick sessions or native clients (Apple Screen Sharing, Microsoft Remote Desktop, Remmina, RealVNC) for sustained work.
⌨️ SSH Terminal — a fully functional SSH session directly in your browser. No PuTTY, no VPN, no local client needed.
🧠 Smart Terminal — an AI-assisted command environment that understands intent, proposes commands, and executes them securely.
🌐 Web-to-Local — encrypted tunnels to any local port on the remote device — reach your router admin panel, local dev server, or dashboard as if on the same network.
📂 File Browser — drag-and-drop file management on any connected device, directly from your browser.
Web-to-Local creates an encrypted, zero-trust tunnel between your browser and any TCP port running locally on your remote device. This lets you reach internal services — your router admin panel, a local development server, a database, or a private dashboard — as if you were physically on the same network.
You configure the tunnel from the awaBerry portal (selecting the target device and port) and access it via a generated URL. No port forwarding on your router. No VPN. No static IP.
Yes. Via the Agentic API you can create a project scoped to a specific device, define exactly what the guest can do (terminal only, remote desktop, web-to-local ports), generate a unique Project Key and Secret, and share it — all within two minutes. You never share your account credentials.
When the work is done, delete the project from the dashboard — access is revoked immediately with zero residual artifacts. No VPN provisioning. No SSH key management.
Product
Smart Automation Framework
The Smart Automation Framework bridges the gap between plain-English instructions and autonomous, local device execution. You describe what you want — in plain English — and the framework uses the Google Gemini CLI to generate a deterministic script (JavaScript, Python, or Shell) that runs directly on your device, on a schedule, forever.
The key insight: AI is used once to write the logic. After that, execution costs zero AI tokens — it's pure local compute.
No. You describe what you want in plain English. The Gemini CLI translates your description into the necessary code, explores your device's local environment, and produces a working, ready-to-run script. You do not need to read, write, or modify the generated code to use it.
If you do have coding experience, you can review and fine-tune the generated scripts — but it is not required.
The framework separates "writing" from "running". Token costs only apply during the Setup phase, which happens once:
📝 Project Setup (one time): ~7,000–18,000 tokens via a reasoning model such as Gemini 2.5 Pro — paid once to generate the script.
▶️ Project Execution (every run): Zero AI tokens. The pre-generated script runs locally using only your device's CPU.
⚡ Optional AI summarisation at runtime (e.g. extracting data from a PDF): ~100–500 tokens per run via the lighter Gemini 2.5 Flash Lite model — only if explicitly configured.
The framework excels at tasks that previously required bespoke software development:
🌐 Intelligent Web Automation — bypass complex logins, navigate single-page apps, and extract structured data using headless browsers (Playwright / Puppeteer) generated from a plain-English description.
🗂️ Local System Management — parse log files, sort and categorise incoming documents, manage local databases, automate file system operations.
🔗 API & Service Orchestration — fetch data from endpoints, transform JSON/XML payloads, push sanitised results to dashboards or CRMs on a schedule.
🏛️ Legacy System Bridging — interact with older software UIs or terminal interfaces that have no modern API, via OS-level automation scripts.
Scripts run locally on your device — not in the cloud. The awaBerry Anywhere client installed on your device acts as the Edge Agent. Execution happens on the target machine's own CPU. Data never leaves the device unless your script explicitly sends it somewhere.
This is a deliberate design choice: it keeps your data local, avoids cloud processing fees, and means the script can access local files, local databases, and local network services directly — things a cloud runner simply cannot reach.
The framework uses Google Gemini CLI, installed directly on your device. You configure it with your own Google Gemini API key. For the one-time setup phase, a reasoning model such as Gemini 2.5 Pro is used. For optional runtime summarisation, the lighter Gemini 2.5 Flash Lite model is called selectively to keep costs minimal.
Using your own API key means you stay in control of costs and data — no intermediary handles your prompts or outputs.
Yes. When combined with the Agentic API, the Smart Automation Framework can act as a fleet-wide orchestrator. A single automation project can issue commands to multiple registered devices, collect results, aggregate data, and write back — all within a precisely defined permission boundary.
This is the foundation of what awaBerry calls the "Power of Combination" — local intelligence combined with programmatic reach across your entire infrastructure.
Product
awaBerry Agentic API
The Agentic API is awaBerry's "Device Access as a Service" layer. It allows scripts, AI agents, CI/CD pipelines, and human collaborators to connect securely to your registered devices via uniquely generated Project Keys and Secrets — with precisely scoped, zero-trust access and instant revocation.
You define what a project can do (which devices, which users or scripts, which filesystem paths, which commands) and the API enforces those boundaries for every connection.
It serves three distinct use cases, each common in modern teams:
🤖 AI Agents & Scripts — give your automation scripts, LLM agents, or MCP servers authenticated access to specific devices and file paths. Ideal for data aggregation, AI-driven analysis, and autonomous IT operations across a fleet.
👷 Support & Collaboration — share a device with a support technician or remote developer in under two minutes. No VPN, no SSH key exchange. Revoke the moment the work is done.
🔧 IT Operations — automate installs, monitoring, backups, and configuration management across your entire device fleet using privileged or least-privilege scoped projects.
Permissions are enforced across four independent dimensions — no dimension inherits from another:
👤 Privilege Level — standard user or root access.
📁 Filesystem Scope — all folders, or a named list of specific paths only.
✏️ Write Permissions — read-only or read-write, independently configurable per filesystem scope.
⌨️ Command Scope — all commands allowed, or an explicit allowlist of permitted commands only.
For shared user access you can additionally enable or disable remote desktop (VNC/RDP) and Web-to-Local port forwarding capabilities.
Delete the project from the Agentic API dashboard — access is terminated immediately. There are no residual credentials, no background sessions, and no cleanup required. The Project Key and Secret that were issued cease to function the instant the project is deleted.
Total time to fully revoke access: under five seconds.
Yes. The Agentic API is designed to integrate directly as an MCP (Model Context Protocol) server in agentic AI workflows. An AI agent authenticates with a Project Key, reads from and writes to scoped directories, executes permitted commands, and operates entirely within the defined permission boundary — with zero access to anything outside that boundary.
This makes it the secure bridge between your AI models and your physical or virtual infrastructure, without exposing anything beyond what the project explicitly permits.
Create a project scoped to the target device, enable "Allow access via user connections (awaBerry Anywhere)", and optionally enable remote desktop or Web-to-Local ports. Use the built-in email draft button to share the Project Key and Secret with the technician. Total provisioning time: under two minutes.
The technician logs in using those credentials, accesses only what the project allows, and when done — you delete the project. Access terminated. No cleanup. No revocation tickets.
awaBerry Anywhere is the human-centric access layer — you, logged into your account, accessing your own registered devices via the web portal or native clients.
The Agentic API is the programmatic and delegation layer — it lets scripts, AI agents, or other people access your devices using scoped, time-limited Project Keys, without requiring an awaBerry account or login. It is the mechanism for sharing and automation at scale.
Together they cover every access pattern: personal use, team collaboration, script-driven automation, and AI-agent orchestration — all on the same zero-trust foundation.
