Your Personal Compute Network — command devices anywhere, from your WeChat chat window.
English · 简体中文
Nine of one user's personal devices — across data centers and laptops in multiple cities — all online in one workspace.
📖 Read the full vision: Overview of agentserver (slide deck, Apr 2026)
agentserver turns the laptops, desktops, cloud sandboxes, and even the phones scattered across your life into one Personal Compute Network — a single workspace you can command from a browser, a codex CLI, a Jupyter notebook, or a WeChat chat window. Each enrolled machine becomes a Connector; each session you drive from is a Browser. agentserver is the control plane that registers them, brokers their credentials, routes your prompts, and lets you (and your collaborators) drive everything from one place.
It is the answer to a question Addy Osmani frames as the path from L1 (no AI) to L8 (build your own orchestrator)*: once you are juggling 10+ agents across machines, you stop being a conductor and become an orchestrator. agentserver is the orchestration layer.
* Addy Osmani, Director, Google · Gemini & Cloud AI — talks.addy.ie/oreilly-codecon-march-2026
| Tool | Local agents | Cloud sandboxes | Cross-device peering | Cross-client session | Chat-app channel |
|---|---|---|---|---|---|
| OpenClaw / Claude Code Remote | one at a time | — | — | — | ✅ |
| Claude Code on the web | — | ✅ | — | — | — |
| Claude Code Agent Teams | — | ✅ (subagents) | — | — | — |
| agentserver | ✅ many | ✅ | ✅ | ✅ (CLI / Web / IM / Jupyter) | ✅ (WeChat / Telegram / Matrix) |
- One session, any device — Your codex session lives on the server, not on the laptop it started from. Pause a half-finished refactor at the office, then continue the same conversation from WeChat on the subway home. What changes between devices is the front-end, not the agent.
- Command from your pocket — Drive your agents from a WeChat / Weixin, Telegram, or Matrix chat. No terminal required when you are away from the desk.
- One workspace, every device — Cloud sandboxes, local laptops/desktops, and IM-bound agents all register into the same workspace and show up side-by-side in the Web UI.
- Codex-native — Built around the OpenAI codex CLI: devices enroll with
codex exec-server --remote, you drive them fromcodex --remote. No custom client to install on each machine. - Sandboxes that pause and resume — Per-task containers with idle auto-pause, running under Kubernetes with Agent Sandbox + gVisor for true multi-tenant isolation.
- "Old-school" coding still welcome — A built-in Jupyter notebook lets users who prefer hand-written code talk to the same workspace, the same files, and the same credentials the agents use.
- Multi-user collaboration — Invite friends or teammates into your Personal Compute Network; role-based access (owner / maintainer / developer / guest) decides who can do what.
- Credential & LLM proxy — Connectors never see real provider keys; per-workspace RPD quotas and usage tracking are enforced server-side.
- Audit log — Every codex session's input and output is persisted to an audit log (gateway-side WAL + server-side ingestion + retention) for post-hoc review and compliance.
- SSO ready — GitHub OAuth and generic OIDC (Keycloak, Authentik, …).
The fastest way to feel what agentserver does is to use the managed instance at agent.cs.ac.cn. Self-hosters get the same flow against their own domain.
Sign up at https://agent.cs.ac.cn.
Bring your own ChatGPT / Anthropic / API-key credential, or pick one of the managed model providers offered on-platform.
Install codex on every machine you want to enroll — laptop, desktop, home server, cloud VM:
# macOS
brew install codex
# everywhere else
npm i -g @openai/codexIn the Web UI, generate a registration command from the Connectors tab and run it on the device under tmux, systemd, or any detached supervisor so the connector survives logout:
The device shows up as Online alongside everything else in your workspace:
A Browser is a codex client you actually type into — usually your daily-driver laptop. Generate a Browser token from the Browsers tab and the printed codex --remote … command turns that machine into a command center that can dispatch work to any Connector. If you plan to drive everything from WeChat / Telegram / Matrix, skip ahead to step 6:
Prefer writing code by hand? Spin up a notebook environment from the Web UI. ctx is pre-injected into every kernel and gives you the same Connectors, files, and credentials the agents use:
We call this the "old-school" path — same workspace, no LLM in the loop unless you want one.
Scan a QR code on the platform to attach your personal WeChat account, switch the bound agent to Codex (via codex-app-gateway) mode, and you can now type instructions — in natural language — into any WeChat chat and have them executed on the right device:
This is the headline experience: command compute from anywhere your phone has signal.
Add friends or teammates to your workspace so they can share Connectors, Browsers, and credentials with role-scoped permissions:
World (OpenAI, Anthropic, GitHub, …)
▲
│ egress
┌───────────┴────────────┐
│ credentialproxy / │
│ llmproxy (:8081) │
│ • key injection │
│ • RPD quota / usage │
└───────────┬────────────┘
│
WeChat / Telegram ──▶ imbridge ──▶ ┐
Web Console ──────▶ agentserver ──┤ ┌──────────────────┐
(:8080) │ │ sandbox pod / │
• REST API ├───▶│ container │
• Web UI │ │ └─ codex │
• registry │ └──────────────────┘
│ │
│ └──▶ local Connector (laptop, desktop, HPC, …)
│ └─ codex exec-server --remote
▼
PostgreSQL
(users, workspaces,
connectors, browsers,
quotas, sessions)
Browser (codex) ──▶ codex-app-gateway (:8086) ─▶ per-workspace codex app-server subprocess
Jupyter notebook ──▶ codex-app-gateway (:8086) ─▶ same path, shared `ctx` runtime
Connector (codex)──▶ codex-exec-gateway (:6060) ─▶ rendezvous for `codex exec --remote` executors
Sandbox URLs ──▶ sandboxproxy (:8082) ─▶ subdomain routing to sandbox services
| Service | Default Port | Role |
|---|---|---|
| agentserver | :8080 |
Main API, Web UI, connector / browser / member registry |
| llmproxy | :8081 |
LLM API proxy with per-workspace rate limiting and usage tracking |
| sandboxproxy | :8082 |
Subdomain-based routing to sandbox services |
| credentialproxy | — | Server-side injection of provider credentials |
| imbridge | — | IM channel bridge (WeChat / Weixin, Telegram, Matrix) |
| codex-app-gateway | :8086 |
Per-workspace codex app-server subprocess + ws bridge for Browser sessions and Jupyter clients |
| codex-exec-gateway | :6060 |
Rendezvous endpoint for codex exec-server --remote Connectors |
- Stateless harness — Decouple the brain (model + harness) from the hands (Connectors and tools). Sessions are append-only event logs that live outside the context window. Workers are cattle, not pets — a worker that dies mid-turn loses nothing.
- Hybrid cloud–local mesh — Cloud and local Connectors share one workspace registry. Discovery happens through agent cards; the LLM picks a tool and a router decides where the call goes. Agent discovery, not network mesh.
- Async collaboration via mailboxes — Agents hand off work through inboxes in durable storage. The receiver does not need to be alive when the message is sent. The mailbox is the source of truth.
helm install agentserver oci://ghcr.io/agentserver/charts/agentserver \
--namespace agentserver --create-namespace \
--set database.url="postgres://user:pass@postgres:5432/agentserver?sslmode=disable" \
--set ingress.enabled=true \
--set ingress.host="cli.example.com" \
--set baseDomain="cli.example.com"Download from GitHub Releases, or install via Homebrew:
brew install agentserver/tap/agentserverSee the API reference for full endpoint documentation.
Helm Values
| Parameter | Description | Default |
|---|---|---|
image.repository |
Server image | ghcr.io/agentserver/agentserver |
image.tag |
Server image tag | latest |
database.url |
PostgreSQL connection string | (required) |
backend |
Sandbox backend | k8s |
baseDomain |
Base domain for subdomain routing | "" |
baseScheme |
URL scheme for generated URLs | https |
idleTimeout |
Auto-pause idle sandboxes after | 30m |
persistence.sessionStorageSize |
Per-sandbox ephemeral storage | 5Gi |
persistence.userDriveSize |
Per-workspace shared disk size | 10Gi |
persistence.storageClassName |
Storage class for PVCs | "" (cluster default) |
workspace.resources |
Resource limits/requests for sandbox pods | 1Gi/1cpu limits |
agentSandbox.install |
Install Agent Sandbox controller | true |
ingress.enabled |
Enable Nginx Ingress | false |
ingress.host |
Ingress hostname | agentserver.example.com |
ingress.tls |
Enable TLS (cert-manager) | false |
gateway.enabled |
Enable Gateway API HTTPRoute | false |
Environment Variables (Main Server)
| Variable | Description | Default |
|---|---|---|
DATABASE_URL |
PostgreSQL connection string | (required) |
BASE_DOMAIN |
Base domain for subdomain routing | - |
BASE_SCHEME |
URL scheme (http or https) |
https |
IDLE_TIMEOUT |
Auto-pause timeout (e.g. 30m) |
30m |
LLMPROXY_URL |
Base URL of the LLM proxy service | - |
PASSWORD_AUTH_ENABLED |
Enable password-based auth | true |
OIDC_REDIRECT_BASE_URL |
External URL for OIDC callbacks | - |
GITHUB_CLIENT_ID |
GitHub OAuth client ID | - |
GITHUB_CLIENT_SECRET |
GitHub OAuth client secret | - |
OIDC_ISSUER_URL |
Generic OIDC issuer URL | - |
OIDC_CLIENT_ID |
Generic OIDC client ID | - |
OIDC_CLIENT_SECRET |
Generic OIDC client secret | - |
SANDBOX_NAMESPACE_PREFIX |
K8s namespace prefix | agent-ws |
NETWORKPOLICY_ENABLED |
Enable K8s NetworkPolicy isolation | false |
NETWORKPOLICY_DENY_CIDRS |
CIDRs to deny in network policies | - |
AGENTSERVER_NAMESPACE |
agentserver's own K8s namespace | - |
STORAGE_CLASS |
K8s storage class for PVCs | (cluster default) |
USER_DRIVE_SIZE |
Per-workspace storage size | 10Gi |
USER_DRIVE_STORAGE_CLASS |
Storage class for workspace drives | inherits STORAGE_CLASS |
INTERNAL_API_SECRET |
Shared secret for internal endpoints (recommended) | - |
Environment Variables (LLM Proxy)
| Variable | Description | Default |
|---|---|---|
LLMPROXY_LISTEN_ADDR |
HTTP listen address | :8081 |
LLMPROXY_DATABASE_URL |
Proxy's own PostgreSQL connection URL | - |
LLMPROXY_AGENTSERVER_URL |
agentserver internal API URL for token validation | (required) |
LLMPROXY_DEFAULT_MAX_RPD |
Default max requests per day per workspace (0 = unlimited) | 0 |
OIDC Authentication
GitHub OAuth:
helm upgrade agentserver oci://ghcr.io/agentserver/charts/agentserver \
--reuse-values \
--set oidc.redirectBaseUrl="https://cli.example.com" \
--set oidc.github.enabled=true \
--set oidc.github.clientId="your-client-id" \
--set oidc.github.clientSecret="your-client-secret"Callback URL: https://cli.example.com/api/auth/oidc/github/callback
Generic OIDC (Keycloak, Authentik, etc.):
helm upgrade agentserver oci://ghcr.io/agentserver/charts/agentserver \
--reuse-values \
--set oidc.redirectBaseUrl="https://cli.example.com" \
--set oidc.generic.enabled=true \
--set oidc.generic.issuerUrl="https://idp.example.com/realms/main" \
--set oidc.generic.clientId="agentserver" \
--set oidc.generic.clientSecret="your-secret"# Prerequisites: Go 1.26, Node.js, pnpm, bun
# Build everything (frontend + backend)
make build
# Build individual components
make backend # Go binary → bin/agentserver
make frontend # React frontend → web/dist/
make llmproxy # LLM proxy binary → bin/llmproxy# Terminal 1: Start backend
go run . serve --db-url "postgres://..."
# Terminal 2: Start frontend dev server
cd web && pnpm install && pnpm devPull requests welcome — the repo is dogfooded against itself.
- Hosted instance — agent.cs.ac.cn (closed beta — sign up and we'll let you in)
- Issues & feature requests — github.com/agentserver/agentserver/issues
- Business / partnership inquiries — agentserver@mryao.org
- Like the project? ⭐ a star on GitHub helps more people find it.