Single-click agent infrastructure · Apache 2.0

Your own agent swarm.
On a runtime you actually control.

Agenterra provisions a dedicated VPS, drops a 19-package agent runtime onto it, wires up seven channels, and gates every consequential action behind approvals you can audit three years later. One email address in. A working swarm out. No shared tenancy. No black box.

Provision a workbench → Read the architecture
APACHE 2.0· OVH· HETZNER· AWS· SAML / SCIM· OBJECT-LOCK COMPLIANCE

Most “agent platforms” are someone else’s database with your prompts in it. Agenterra is your runtime, your VPS, your audit trail, your keys.

Section 01 · Capabilities

What ships with every workbench

Four guarantees, every workbench, every region. The same code path runs in staging and production — only the Object-Lock writer is different.

A dedicated runtime, not a shared seat

A VPS provisioned in the region you choose, hosting the Hermes runtime: 19 @aixiom/* packages, a Goose-adapter loop, and a Loom LangGraph orchestrator. Your agents, your processes, your resource ceiling.

caravan · forge · 12-state temporal

Seven channels, one mental model

Email, web, Telegram, WhatsApp, Slack, Discord, SMS. Same four-step setup pattern across all of them: identify, authorize, verify, name. New channels register through one contract.

relay · bridge · ChannelKind enum

Approvals as a policy layer

Hard rules are server-side and never user-overridable: spend ≥ $10 always per-action, bulk-outbound > 5 always per-batch. Reversibility windows on the rest — Gmail Undo Send, Calendar cancel — before anything ships.

ledger · janus · property-tested

A ledger that outlives the agent

Every action of consequence appends a SHA-256-chained, Ed25519-signed event. Replicated to S3 Object Lock in Compliance mode. Three-year retention. Non-revocable. The same chain admins audit is the chain you audit.

ledger · cosign · 3y compliance
Section 02 · Provisioning

From an email address to a running swarm in six steps

The provisioning workflow is a 12-state Temporal workflow with idempotent activities. Enter an email; the system picks the lowest-latency OVH datacentre by default (Hetzner and AWS available), selects a plan, runs cloud-init with a streaming log, binds a subdomain under *.tenants.agenterra.io, and lands you in the Activity Stream of a workbench that already knows who you are.

01
Identity
email + OIDC
02
Region
OVH · HZN · AWS
03
Plan
resource tier
04
Cloud-init
streaming log
05
DNS
*.tenants.agenterra.io
06
Ready
workbench open

The same flow runs in staging without the Object-Lock writer. Production cuts over only after a documented exit gate. docs/phases/PHASE_1_EXIT_GATE.md

Section 03 · Operator surface

One surface. Everything your agents do.

  • Stream Perplexity-Computer-style task feed. Every assistant turn shows its plan, tool calls, and result. Status pills always carry a textual label.
  • Agents grid Sortable, filterable. Drafter, classifier, translator, responder, approver, ingestor, and your own.
  • LangGraph canvas Pan-zoom DAG of your workflow. Every workflow terminates in an immutable ledger write. That node is anchored and non-removable.
  • Chat composer Direct conversation with your Hermes instance. Picks any tool exposed by the VPS — agents, LangGraph nodes, channels. ⌘↵ to submit.
  • Inbox · Approvals Human-in-the-loop queue with hard rules enforced server-side. Approve, reject, or modify before execution.
Section 04 · Locked policy

Four properties we won’t let you turn off

These are not toggles. They are enforced by code paths the application cannot route around. The file shipping the enforcement is named beside each.

01

Tenant isolation by construction

Every multi-tenant table sits in a tenant_table_catalogue. A cross-tenant access suite asserts both row-level deny and catalogue exhaustiveness.

enforces packages/steward
02

Ledger as the integrity backbone

Every action of consequence appends a SHA-256-chained, Ed25519-signed AuditEvent that replicates to S3 Object Lock Compliance mode.

enforces packages/ledger
03

Approvals before automation

Hard rules are server-side and never user-overridable. Spend ≥ $10 always per-action; bulk-outbound > 5 always per-batch. Property-tested under tests/property/.

enforces tests/property/approval-bypass
04

Reversibility before execution

Auto-approved outbound actions schedule a reversibility window — Gmail Undo Send, Calendar cancel — before the action actually goes out.

enforces packages/relay
Section 05 · Models · voice · billing

Your models. Your keys. Your bill.

Bring your own model

Anthropic, OpenAI, Gemini are wired in. BYO keys available by tier — Team and above. If a key fails the probe, the platform falls back to a tier-allotted model and surfaces the degraded state in the workbench.

anthropic · openai · gemini

Voice on the same surface

Deepgram and Whisper for transcription. ElevenLabs for synthesis. A round-trip voice conversation lives inside the same chat composer that handles text and tool-calls.

deepgram · whisper · elevenlabs

Honest metering, honest billing

Stripe Checkout, Stripe Portal, Stripe Tax. Per-tenant cost dashboard with stacked compute / storage / egress breakdowns. Idempotent metering — retries don’t double-charge.

stripe · tally · idempotent
Section 06 · Dual shell

Two operator surfaces. One design language.

If you hold both roles, you build muscle memory once. Ten-item rail, ten-item rail. Same component vocabulary. Same palette. Same motion. Different navigation manifest.

SURFACE · T

Tenant Workbench

The operator surface. End users create agents, route channels, monitor activity, drive workflows via chat. Ten-item rail. Sticky composer.

  • New agent · /agents/new
  • Stream · /
  • Inbox · Approvals · /inbox · /approvals
  • Connections · /connections
  • VPS · LangGraph · /vps · /langgraph
  • Ledger · /ledger
SURFACE · A

Admin Console

The platform surface. SRE and platform operators inspect fleet health, perform read-only impersonation, audit the immutable ledger, manage SAML / SCIM, sub-scopes, cost, incidents.

  • Fleet · /admin
  • Tenants · /admin/tenants
  • Provisioning · /admin/provisioning
  • Channels health · /admin/channels
  • Ledger audit · /admin/ledger
  • SAML / SCIM · /admin/identity
Section 07 · Enterprise

What enterprise teams actually ask about

Factual, no decoration. Items marked PENDING are code-complete with live measurement still to close — speak to us about pilot timing.

  • SSO SAML 2.0 plus OIDC for Google, Apple, Microsoft, GitHub, LinkedIn. MFA on every account. Recovery flows audited end-to-end.
  • SCIM User and group provisioning against the directory of record.
  • Read-only impersonation Admins view a tenant as the tenant would. The impersonation banner is non-dismissible and emits a ledger event with operator identity and entry id.
  • Customer-AWS deploys Bring your own AWS account. The platform deploys into your VPC instead of ours. PHASE 4 · LIVE MEASUREMENT PENDING
  • OWASP ASVS V14 Frontend extension covering the four-modality copilot bypass surface. Property tests ≈4,350 assertions.
  • License Apache 2.0 on the runtime. No vendor lock-in by construction.
CHANNEL MATRIX — SEVEN CHANNELKIND VALUES
email
web
telegram
whatsapp
slack
discord
sms
Section 08 · Tiers

Tiers

The structure is fixed. The numbers are not — founders will publish concrete tier limits before v1.1. PRICING DATA GAP

Solo
Talk to us
For builders running a single workbench.
  • One workbench, one region
  • Shared model allotment
  • Single channel
  • 3-year ledger retention
Get started
Team
Talk to us
For teams running production agent operations.
  • Multiple workbenches
  • BYO model keys
  • All seven channels
  • Approvals queue with per-role routing
  • Voice round-trip
Talk to us
Enterprise
Talk to us
For organisations with compliance and SSO requirements.
  • SAML / SCIM
  • Customer-AWS deploy
  • Sub-scope delegations
  • Dedicated support
  • 3-year ledger retention SLA
Contact sales
Section 09 · FAQ

Direct answers

Is this really my VPS, or a logical partition?

A real VPS. Provisioned through Caravan (OVH) or the cloud provider of your choice. You can SSH in. We do not.

What if I want to run my own model gateway?

BYO keys at the Team tier. Provide a credentials secret and the runtime calls your endpoint. Probe failures surface in the workbench as a degraded badge.

How do I get my data out?

Ledger exports to CSV. Every export emits a ledger event. The full hash chain is verifiable against the cosign-signed image manifest that produced it.

Can I delete the audit log?

No. The 3-year Object-Lock Compliance retention is non-revocable. This is a design constraint, not a bug. Staging environments run with Object-Lock disabled.

What’s the relationship between AIXIOM and Agenterra?

AIXIOM is the open-source runtime — the 19 @aixiom/* packages and the LangGraph orchestrator. Agenterra is the hosted product deployed at agenterra.io. The runtime is Apache 2.0; the hosted experience is what you pay for.

What happens if Anthropic or OpenAI changes their API?

Upstream model adapters sit behind a single contract surface in aixiom-core. Adapter swaps are additive — no breaking changes to existing exports, per the Module Partitioning Specification.

Provision a workbench in six steps.

Email in. Region picked. Plan chosen. Cloud-init streamed. DNS bound. Ready.

Get started · app.agenterra.io → Read the architecture