agentry Beta
Self-hosted infrastructure for internal apps & automations

Run the internal tools your AI builds — on infrastructure you own.

agentry is the runtime, connection, and deploy layer for the internal apps and automations your AI builds. Point any agent at a Linux box you control; agentry gives it a sandbox to work in, ships what it builds as a real container, and serves it at a private URL — without your code or data ever leaving your own infrastructure.

Get started — free →

Free in early access · bring your own model, no token markup · macOS & Linux. Read the docs →

Any AI agent Claude Code · Cursor Roo · the dashboard Your model Claude · GPT · Gemini open weights agentry Your server Isolated containers Docker crm docs api ops your-app.agentry.live
No markup
on the AI tokens you bring
0
inbound ports on your server
100%
your hardware, your data
Any
MCP agent & AI model
What agentry is

Not an app builder. The infrastructure underneath one.

The AI writes the code. agentry is everything that makes that code into running software on your own machines — and it works with whatever agent you already use. Three layers, one connection.

Sandbox

Somewhere real to work

An isolated environment on your server with a filesystem, a shell, package managers, and any databases or keys you wire in — so the agent builds against the real thing, not a stub.

Connection

A URL with no open ports

An end-to-end encrypted link carries traffic between agentry and your server, so apps get an HTTPS URL anyone can reach while the machine itself stays off the open internet. No DNS, firewall, or certs to manage.

Runtime & deploy

Build once, run, roll back

Every deploy is a container image kept in your registry. Ship an update or roll back to any previous build in a click — the URL and custom domain stay put. Take the image and run it anywhere.

Harness-agnostic by design. If it speaks MCP, it works — the CLI exposes one server, agentry mcp, and your agent picks it up like any other.

Internal apps

Build internal tools without handing your data to anyone.

Most of the software a team actually needs is internal — dashboards over a production database, admin panels, tools that touch customer records. Putting those on a hosted builder means routing your data, or a tunnel to it, through someone else's cloud. agentry doesn't.

Runs next to your data

The app sits on your own server, right beside the database it reads. The connection to your data never leaves your network.

Nothing exposed

Your machine opens no inbound ports — there's nothing on it for the internet to scan, find, or attack. It works behind a firewall or NAT.

Locked to your team

Make a deployment org-only with one setting, or add real user logins — email/password and SSO with Google, GitHub, Microsoft, or any OIDC provider — with no auth code in your app.

ops.internal
This week
Revenue · $148k
+12%
Dashboards over prod. Reads your real DB. Stays in-house.
leads.internal
Pipeline
Leads · 24 open
+6 today
Acme Co. $50k · qual
Linde GmbH $120k · demo
Pied Piper $8k · new
Hooli $30k · won
Customer records. Never leave your machine.
helpdesk.internal
Internal assistant
What's our refund policy for annual plans?
Pro-rated after 14 days, per policies/refunds.md.
Who approves the exceptions?
Ask anything…
Answers over private docs. None of them leave.
How you use it

From empty server to live app, in three steps.

The first step takes a minute. The rest is just prompting your agent and clicking deploy.

1

Connect a server

Paste one line on any Linux box — your laptop, a $5 VPS, bare metal. It connects over an encrypted link and registers in seconds. No DNS, no firewall rules, no certificates.

2

Point your agent at it

Wire up Claude Code, Cursor, Roo, or any MCP client once, then just ask: "use agentry to build me…". It works in a real sandbox on your server.

3

Ship it

One click builds a container, runs it on your server, and hands back a public URL. Roll back, add a domain, or move it to a bigger box whenever you like.

🔒 encrypted 🔒 end to end 🔒 encrypted You Cursor · Claude Code · Roo talking MCP to the CLI agentry mcp agentry Your server laptop · home box · VPS running your sandbox + app No inbound ports Works behind a NAT, firewall, mobile hotspot. your-app.agentry.live Public URL for what you build — served on the same connection.
Automations

Write automations by describing them.

Tell your agent what you want — a morning report, a webhook that files incoming data, a nightly backup. It writes the automation, runs it on your server, and records every run.

Describe it, don't build it
Plain language in, a running automation out. You never touch cron syntax or webhook plumbing.
Runs on your infrastructure
Your server, your database. The automation lives with the app it belongs to — same code, same data, same deploy.
Every run, recorded
A built-in dashboard shows every run and webhook delivery — status, payloads, Run-now, and Replay.
How automations work →
Things you can say
  • "Post our open PRs to Slack every weekday at 9."
  • "When Stripe says a payment succeeded, log it and ping Slack."
  • "Every 5 minutes, check our endpoints and alert me if one is down."
  • "Back up the orders table to S3 every night."
More examples →
Everything it does

The unglamorous parts of shipping — handled.

The agent writes features; agentry covers the platform work that usually eats your week. None of it leaves your server.

Instant deploys & rollback

Every deploy is saved as a versioned image. Ship an update, or roll back to any past build in a click — same URL, seconds later.

Custom domains

Serve from app.yourco.com. Add a couple of DNS records; HTTPS certificates are provisioned and renewed for you.

Built-in authentication

Put a login on any app — email/password plus Google, GitHub, Microsoft, or any OIDC provider. Your code reads the user from a header; you write no auth.

Services, wired once

Bind Postgres, Redis, S3, a vector store, or an AI key to your server once — every app the agent builds picks up the credentials automatically.

One-click server updates

Keep the agentry runtime current from the dashboard. It pulls the latest, swaps itself in, and rolls back automatically if anything looks wrong.

Many servers, many apps

Prototype on your laptop, ship to a production box, keep a staging host on the side. Switch between them in a click; bindings follow each server.

The economics

One server. Every app. A bill you control.

agentry itself is free. You have exactly two costs — and both stay small, because one machine hosts everything and you pay your AI provider directly, at cost.

Hosting · flat, shared across every app
A small server ~ / month Comfortably runs
Hetzner CX22
2 vCPU · 4 GB
~$5 several apps + live sandboxes
Hetzner CX32
4 vCPU · 8 GB
~$10 a dozen-plus apps

The number that matters: this is per server, not per app. Ten internal tools on one CX22 is still ~$5/month. Per-app platforms bill you again for every app — and again for each add-on database. Build twenty tools here and your hosting bill doesn't move.

AI · pay your provider directly, no markup
Model ~ / 1M tokens Good for
Open / Flash tier cents cheap, high-volume iteration
Claude Sonnet ~$3 / $15 the all-round sweet spot
Frontier (Opus / GPT) premium the hardest problems

You bring the key; agentry never resells tokens or adds a margin. Because you choose the model, you choose the price — prototype on something cheap, switch to a frontier model only for the hard parts, no re-wiring.

Rough figures, early 2026 — check each provider for current rates. Want the worked-out example? See the cost breakdown →

Security model

Zero trust, by the textbook definition.

Every request authenticates. Every connection is encrypted. Nothing is trusted because of where it came from. agentry sits in front of your server, not on it — and four properties keep it that way.

End-to-end encrypted, verified on every request, with no implicit trust by network location.

  1. 01

    Per-device identity

    Every device and every server authenticates with its own certificate — no shared passwords or API keys. Lose a laptop? Revoke that one device. Everything else stays live.

  2. 02

    Your server stays private

    agentry handles the public-facing side. Your server doesn't. No port forwarding, no public IP, no SSH key handed to a third party.

  3. 03

    Per-org isolation

    Every certificate carries an organization identifier, checked on every request. One company's sandboxes and apps are unreachable from another's connection — even with a perfectly valid device cert.

  4. 04

    Audit by default

    Sandbox created. Server enrolled. Deploy started. Device revoked. Every state change lands in your organization's audit log with the actor, IP, and timestamp — nothing to turn on.

Why agentry

You keep everything.

Other AI builders host your app, hold your data, and meter your usage. agentry is the opposite bet: it's the front door, and your machine is the house. Bring your own model, your own server, your own data — and keep all three.

You own it

Code, data, and the running apps all live on hardware you control. Turn agentry off and nothing moves — it was already yours.

Zero lock-in

Every app is a standard container. Take the image and run it on any Docker host, with or without us. No data to extract, no export wizard.

Zero trust, end to end

Per-device certificates, mutual TLS on every hop, per-org isolation, audit by default. Your server never opens an inbound port.

Free, genuinely

No metered tier, no token markup, no per-app fee. You pay your server provider and your model provider — nothing to us.

Bring a server.

Free in early access. Your code, your data, your apps — yours to keep.