Ops & on-call
Restart a deployment, check metrics, tail logs. The agent runs real commands in its own sandbox; calls to your APIs go through the credential proxy. Every action lands in the audit log.
A real Linux sandbox the agent owns. Secrets stay behind a server-side proxy — the sandbox never sees them, and every action is logged.
One agent, a real shell, and your tools wired in safely. Here's what people run it for.
Restart a deployment, check metrics, tail logs. The agent runs real commands in its own sandbox; calls to your APIs go through the credential proxy. Every action lands in the audit log.
A cron the agent owns. Pull numbers from Stripe or your database every Monday, format them, and deliver — without a key ever touching the sandbox.
Drop a CSV or PDF in /workspace and ask. The agent slices it with jq, csvkit, or pandas and hands back the answer. Files persist across restarts.
Connect any HTTP API or MCP server once. Ask in plain English; the agent composes the calls and the proxy injects the secret only for the bound host.
A credential proxy sits between the sandbox and the outside world. The secret is injected only on calls to the host it's bound to — so a prompt can't trick the agent into exfiltrating it.
A real Linux box with a persistent /workspace. The agent owns it — but no credentials ever land here.
# inside the sandbox
$ echo $STRIPE_KEY
(empty) Holds the credentials. Injects them server-side, but only on calls to the hostname bound to each integration. The secret never enters the agent's environment.
# on the way out
Authorization: Bearer sk_live_••••
↑ injected only for the bound host Every call leaves a trail — actor, tool, target, status. Sandbox shells, integration calls, schedule fires, role changes — same shape.
# every call, server-side
✓ jess · http · api.stripe.com · 200 Every chat belongs to whoever started it. The conversation is persistent and you can come back to it later.
Shell, filesystem, package manager. /workspace is persistent across restarts. The agent installs what it needs and remembers what it learned.
Reusable prompt presets you write once and pin to the workspace. Edits are audit-logged.
Store an API key once. The agent calls through a server-side proxy that injects the secret only on requests to the bound host — never into the sandbox env.
Owner / admin / member / viewer. Grant specific members access to specific integrations and conversations. Least privilege by default.
Every tool call, credential use, member change, RBAC mutation, schedule fire — logged with actor and structured metadata.
Cron and one-shot tasks the agent owns. Daily standups, weekly cleanup, on-call reports.
Owners and admins can click any agent message to see the exact tool calls, token counts, latency, and full system prompt.
Plug in any MCP-compatible tool server. Existing internal tooling becomes available to the agent.
You could wire an LLM to a container yourself. The security model — keeping the secret out of the sandbox and logging every call — is where it gets expensive.
| Roll your own | Runvault | |
|---|---|---|
| Real Linux sandbox, persistent /workspace | Containers + volumes to wire up | ✓ Built in |
| Secrets kept out of the agent's env | Agent reads env vars and files | ✓ Server-side proxy — never in the sandbox |
| Credential scoped to one host | Manual, easy to get wrong | ✓ Injected only for the bound host |
| Audit trail · actor · tool · target · status | Build and store it yourself | ✓ Every call, queryable |
| RBAC + per-resource grants | Build it | ✓ owner / admin / member / viewer + grants |
| Schedules, skills, MCP servers | Glue each one | ✓ Included |
| Time to a useful agent | Days to weeks | ✓ Under a minute |
The whole product is on the free tier. Paid plans add seats and governance when your team needs them.
Everything on this page, for one person.
For teams that need seats, SSO, and governance.
Want a walkthrough, have a question, or need something we don't ship yet? Tell us what you're building and we'll get back within 48 hours.
Sign in with Google and you're running in under a minute.