Built for AI application developers
Agent orchestration, serverless functions, database queries, state management, file storage, and template rendering. All integrated, all permission-controlled.
Multi-provider AI agents
Deploy conversational AI with any provider. Agents call tools, other agents, and maintain state across conversations.
Multi-provider support
OpenAI, Anthropic, Mistral, and Ollama. Switch providers per agent without code changes. Add custom endpoints for proxies or self-hosted models.
Tool calling
Agents call functions, queries, other agents, skills, state, and file search as tools. Parallel tool execution where possible. Approval flow for sensitive operations.
Agent-to-agent orchestration
Agents call other agents as sub-tools via async queue. Results stream back via Redis Streams. No recursive blocking.
Skills system
Reusable instruction documents. Preload into system prompts for always-on guidance, or expose as tools for progressive disclosure.
Streaming responses
Server-Sent Events with reconnectable Redis Streams. Clients can reconnect to any active stream from any position.
Function parameter defaults
Pre-fill tool parameters per agent with Jinja2 templates. Lock sensitive values like user_id so the LLM cannot override them.
Serverless Python execution
Write Python, deploy instantly. Isolated Docker containers with automatic execution tracking and nested call trees.
Isolated containers
Pre-warmed Docker container pool with configurable memory (512MB), CPU (1 core), disk (1GB), and timeout (300s) limits. Recycled after N executions.
Execution tracking
AST injection adds tracking decorators to all function definitions. Nested calls build execution trees with timing, input/output, and error data.
Multiple triggers
Execute via API (sync or async), webhooks, cron schedules, or agent tool calls. Each trigger type is tracked in execution history.
Package management
Admin-approved Python packages only. Whitelist control, hot-reload into running containers, and version pinning.
Database queries & state
SQL templates for external databases. Key-value state for agent memory. Both usable as agent tools.
SQL query templates
Parameterized SQL with :param_name placeholders. Input/output schema validation. Read and write operations with timeout and row limits.
Multiple databases
PostgreSQL, ClickHouse, and Snowflake. Connection pooling with automatic invalidation on config changes. Encrypted credentials.
Persistent state
Namespace-based key-value storage. Private or shared visibility. Optional TTL expiration. Agents declare read-only or read-write access per namespace.
Locked query parameters
Lock sensitive parameters (user_id, email) so the LLM can't override them. Jinja2 template support for dynamic defaults from agent input variables.
Everything else you need
Role-based access control
Permission format: service.resource.action:scope. Wildcards, scope hierarchy (:all grants :own), and custom prefixes for external apps.
Declarative config
YAML configuration with idempotent apply, SHA256 change detection, env var interpolation, reference validation, and dry-run. Auto-apply on startup.
Authentication
OTP email login, external OIDC (Authentik, Auth0, Keycloak), API keys with scoped permissions. JWT access + refresh tokens.
File collections
Upload, version, and search files. Metadata validation against JSON Schema. Content filtering and post-upload processing hooks.
Template engine
Jinja2 templates for emails and dynamic content. Variable validation, XSS auto-escaping, render and send endpoints.
Request logging
Every request logged to ClickHouse. Permission tracking, duration metrics, user attribution. Auth endpoints automatically redacted.
Ready to build?
Three commands to install. Open source. Deploy anywhere.