Ship AI agents to your company. Safely.
You built the agent. Now how do you let the rest of the company use it — without exposing secrets, blowing budgets, or losing control? Agyn is an open-source, Kubernetes-native agent orchestration platform. Run any AI agent (Claude Code, Codex, custom) at scale with serverless execution, Terraform-managed configuration, and zero-trust networking where credentials never reach the LLM context.
| Problem | Agyn |
|---|---|
| Agents run on individual laptops | Centralized deployment on your infrastructure |
| Secrets passed directly to models | Secrets isolated, never exposed to the model |
| No budget visibility or limits | Spend caps at any level — per agent, per team, per org |
| No access control | RBAC, SSO, audit logs |
| Locked to one vendor | Agent-agnostic, model-agnostic |
| Can't scale | Horizontal scaling, auto-termination on idle |
An open-source, self-hosted alternative to Google AX, AWS Bedrock AgentCore, and Claude Code Cloud for running AI agents in production with full control over security and configuration.
| Capability | Agyn | Google AX | AWS AgentCore | Claude Code Cloud | kagent | Copilot Studio |
|---|---|---|---|---|---|---|
| Self-hostable | ||||||
| Run any agent container | ||||||
| Declarative config (IaC) |
|
|
|
|||
| Serverless (scale-to-zero) | ||||||
| MCP servers isolation | -- | -- | -- | |||
| Secrets never reach LLM | -- | -- | -- | |||
| Zero-trust networking | ||||||
| Per-conversation sandboxing |
- Google AX? — AX sandboxes conversations but not tools from the agent; Agyn isolates each MCP server in its own container and runs any agent without protocol adaptation. Comes with pre-built Claude Code and Codex agents out of the box.
- AWS AgentCore? — Agyn gives you the same serverless execution, self-hosted, with Terraform config and zero-trust access to internal services.
- Claude Code Cloud? — Agyn runs Claude Code as one of many agent containers on your own infrastructure with per-tool credential isolation.
- kagent? — Agyn adds serverless scale-to-zero, agent-agnostic containers, and security isolation beyond Kubernetes RBAC.
git clone --branch latest https://github.com/agynio/bootstrap.git
cd bootstrap
./apply.shOpen the console. Create an org. Deploy your first agent.
Want a ready-made fleet to play with? Apply agynio/demo-agent — a Terraform config that provisions a support, marketing, and data-engineer agent in one command.
For production installs, see Self-host install.
Stop clicking. Version your agent infrastructure.
resource "agyn_agent" "support" {
organization_id = agyn_organization.acme.id
name = "Support"
nickname = "support"
model = agyn_llm_model.gpt_4o.name
image = "ghcr.io/agynio/agent-runtime:v1.0.0"
init_image = "ghcr.io/agynio/agent-init-codex:v1.0.0"
idle_timeout = "5m"
availability = "internal"
}
resource "agyn_agent_mcp" "zendesk" {
agent_id = agyn_agent.support.id
name = "zendesk"
image = "ghcr.io/acme/zendesk-mcp:latest"
envs = [
{
name = "ZENDESK_TOKEN"
secret_id = agyn_secret.zendesk_token.id
},
]
}terraform init && terraform applySee the Terraform provider reference for every resource.
- Serverless runtime — agents spawn on message, scale to zero on idle. No always-on compute.
- Any agent container — Claude Code, Codex, or your own. No protocol adaptation required.
- MCP servers in separate containers — each tool gets its own filesystem and process tree. Credentials are injected only into the tool that needs them, never into the agent.
- Zero-trust networking — every agent gets its own x509 identity. Deny-by-default access to internal services.
- Declarative config — define agents and their harness in Terraform. Version-controlled, peer-reviewed, automated.
- Observability — token usage, compute, tracing, activity logs.
Full architecture: docs/operate/architecture.md.
| Video | What it shows |
|---|---|
 |
Agyn in 3 minutes — From clean cluster to a working agent answering a chat message. End-to-end tour. |
| Coming soon | Deploying agents with Terraform — Define an agent fleet as code, apply it, talk to them. |
| Coming soon | Inspecting a run with Tracing — Every LLM call, every tool execution, every context decision. |
Full docs live in docs/:
- Introduction — what Agyn is, concepts, architecture at a glance.
- Self-host install — bootstrap, production install, upgrades.
- Administer — Console + Terraform for orgs, agents, models, secrets, runners, apps.
- Use — chat, files, tracing, usage, port exposure.
- Build & extend — Gateway API, MCP servers, agent CLIs, apps.
- Operate — networking, identity, scaling, backups, security.
- Reference — glossary, service catalog, schema pointers.
- Troubleshooting — diagnostic playbook by symptom + FAQ.
Agyn is split across focused repositories. The most useful starting points:
| Repo | What it is |
|---|---|
agynio/platform |
This repo. Documentation hub. |
agynio/architecture |
Source-of-truth architecture and product specs. |
agynio/bootstrap |
One-command local install (k3d + Terraform). |
agynio/platform-charts |
Production Helm charts. |
agynio/api |
Protobuf schemas for every service. |
agynio/terraform-provider-agyn |
Terraform provider. |
agynio/agyn-cli |
Platform CLI. |
agynio/console-app · chat-app · tracing-app |
Browser UIs. |
agynio/agent-init-codex · agent-init-claude · agent-init-agn |
Agent CLI init images. |
Full list with descriptions: docs/reference/service-catalog.md.
Good places to start:
- Read the architecture docs to understand the system before touching code.
- Join the Discord for questions while you work.
AGPL-3.0