Build your AI agent workforce
by describing the team you want.
The container-isolated multi-agent runtime built for production.
Describe what you need — a marketing agency, a sales team, a research desk — and the OpenLegion AI agent framework deploys a multi-agent fleet in minutes, with budgets, permissions, and vault-proxied credentials locked down by default.
Runs 24/7 · Per-agent budgets · Vault-secured credentials · Isolated containers · 100+ LLM providers
Your team is spending hours on work that AI agents could finish while they sleep.
If a human can do it, an agent can too.
Built-in stealth browser. Runs 24/7.
All agents run in isolated containers with vault-secured credentials and automatic spend caps.
How it works
From one prompt to a full team
Describe the function you need. OpenLegion creates the agent stack, assigns roles, and gives each agent the controls it needs to work safely.
Content Studio
Sales Pipeline
Deep Research
Dev team
Treasury team
Don't see your use case? Build any team with any combination of roles, tools, and budgets. Start building →
Templates
Start with a ready-made team
Content Studio
See how it worksSales Pipeline
See how it worksDeep Research
See how it worksCustom Workforce
See how it worksUse Cases
What role does your team need?
Pick a built-in multi-agent template or define your own autonomous agent fleet. Each agent gets its own container, budget, and tool permissions.
Your engineering team
Your sales team
Your content team
Your treasury team
Your custom team
From our customers
Real teams, running on autopilot
“We were spending $2,800/mo on a lead-research VA team. Replaced the whole thing with five OpenLegion agents in three days. They run 24/7, never call in sick, and frankly do better research than the humans did.”
“I'm not technical at all. I wrote what I wanted in plain English — "follow up with leads who haven't replied in five days, sound friendly not pushy" — and the agent figured the rest out. Closed three deals this quarter from that one workflow.”
“Two months in, the fleet runs our invoicing, content drafts, and customer research end-to-end. We saved enough on freelance hours to pay for Pro Max twice over. The hardest part was deciding what to automate first.”
Why OpenLegion
Built for production, not just demos
Most agent tools stop at chat. OpenLegion is designed for real workflows with budgets, permissions, isolated runtimes, and credentials agents never touch.
Features
Built for teams that can't afford things to go wrong.
The AI agent framework with security, cost control, and agentic automation baked in from day one.
AI agent security: your keys stay in a vault agents never touch.
Every agent calls through a credential proxy. API keys and wallet private keys never exist inside a container. Six independent security layers on by default.
How security works →Set a budget per agent. They stop the moment they hit it.
Per-agent daily and monthly caps with automatic hard cutoff. No surprise bills. No runaway API loops at 3am.
How cost control works →Fleet model coordination — you decide who does what.
Agents browse any website, operate any tool, execute onchain, run any task. MCP-compatible with built-in skills for browser, files, memory, wallet, and more. Fleet model — blackboard + pub/sub + handoff (no CEO agent) — with bounded execution and per-agent permission matrix.
How coordination works →Ready to put your first agent to work?
Get Started →Fleet Dashboard
See your fleet in real time
Every agent, every cost, every event — live. Chat with agents, monitor health, and track spend from one unified view.
researcher
Lead Researcher
claude-sonnet-4-6
engineer
Code Engineer
gpt-4o
reviewer
PR Reviewer
gemini-2.5-pro
writer
Content Writer
claude-haiku-4-5
qualifier
Lead Qualifier
deepseek-v3
outreach
Sales Outreach
mistral-large
This is your fleet, live.
Get started in minutes →Quick Start
Two paths to your first AI agent
No terminal. No config files.
We handle the containers, credentials, and infrastructure. Talk to the Operator — your fleet's foreman, auto-created when your VPS comes online.
Get Started →Three commands. One machine.
git clone https://github.com/openlegion-ai/openlegion.git && cd openlegion
./install.sh # checks deps, creates venv, makes CLI global
openlegion start # inline setup on first run, then launch agentsSecurity
AI agent security: built assuming agents will misbehave.
Defense-in-depth enabled by default. Six layers shown below.
Each agent runs in its own container
Docker containers or Docker Sandbox microVMs per agent — no shared process space.
Agents can't escalate privileges or consume your resources
Non-root user (UID 1000), no-new-privileges flag, memory and CPU resource limits enforced.
API keys and wallet keys live in a vault the agent never touches
Vault proxy holds API keys and wallet private keys — agents call through the proxy, never see secrets. Transactions are signed server-side.
Each agent only accesses what you explicitly allow
Per-agent ACL matrix controls which tools, files, and mesh operations are allowed.
Under the hood
Defense-in-depth — trust zones at every layer
Your multi-agent fleet runs across four trust tiers — untrusted external input, sandboxed agents, the trusted mesh, and a loopback-only internal tier — plus an operator-or-internal permission tier. Agents only message each other through the mesh, gated by per-agent ACLs; the mesh holds the keys.
CLI / Telegram / DiscordSlack / WhatsApp / WebhooksSanitized via prompt-injection guardsFastAPI on :8420Blackboard (SQLite + WAL)PubSub + Message RouterCredential Vault (API Proxy)ACL Matrix + Lane RouterBrowser Service :8500 (per-agent Camoufox)Agent 1
FastAPI :8400 (per container)
Own /data volume
Own memory DB (SQLite + vec)
384MB RAM / 0.15 CPU default
UID 1000, cap_drop=ALL, no-new-privileges, read-only FS
Agent 2
FastAPI :8400 (per container)
Own /data volume
Own memory DB (SQLite + vec)
384MB RAM / 0.15 CPU default
UID 1000, cap_drop=ALL, no-new-privileges, read-only FS
Agent 3
FastAPI :8400 (per container)
Own /data volume
Own memory DB (SQLite + vec)
384MB RAM / 0.15 CPU default
UID 1000, cap_drop=ALL, no-new-privileges, read-only FS
Built for serious workloads.
Self-hosted on-premises deployment, defense-in-depth credential isolation, deterministic audit trails, per-agent cost governance, and a per-agent permission matrix — all enforced by default. The engine is ~77,000 lines of Python with 5,800+ tests and a minimal dependency surface.
Comparison
How OpenLegion is different
Most AI agent tools were built for demos — OpenLegion was built for production.
OpenLegion ships vault-proxied credentials, container isolation, and per-agent budget enforcement as defaults — no CVEs reported as of v0.1.0.
Based on public security disclosures and community reports.
| Aspect | OpenClaw & Others | OpenLegion |
|---|---|---|
| API Key Storage | In agent config files | Vault proxy — agents never see keys |
| Agent Isolation | Process-level | Docker containers / microVMs |
| Cost Controls | None | Per-agent daily & monthly budgets |
| Task Routing | LLM CEO agent decides | Fleet model — blackboard + pub/sub + handoff (no CEO agent) |
| Test Coverage | Minimal | 5,800+ tests across unit + integration + E2E |
| Codebase Size | Sprawling | ~77,000 lines (engine, auditable) |
OpenLegion launched in February 2026. GitHub star counts reflect project age, not production readiness.
FAQ
Frequently asked questions
Do I need to be a developer to use OpenLegion?
No. The managed hosting at app.openlegion.ai requires no coding — sign up, pick a template, add your LLM API key, and your agents are live in minutes. The self-hosted version requires Python 3.10+ and Docker. Either way, the built-in team templates (Dev Team, Sales Pipeline, Content Studio) work out of the box with no configuration needed.
Do I pay for LLM usage on top of the subscription?
Every paid subscription includes a welcome bundle of LLM credits that never expire — use them from day one with no API keys needed. You can also bring your own API keys from Anthropic, OpenAI, Google, or any of 100+ supported providers and pay those providers directly with zero markup on model usage.
What kinds of tasks can OpenLegion agents actually automate?
Any task a human performs on a computer with a browser or terminal. Agents can browse and interact with any website, log into web applications, fill out forms, extract data from any page, send emails and messages, manage files and folders, write and execute code, process documents, post to social platforms, monitor pages for changes, and run custom automations — all 24/7 without supervision. Common deployments include sales outreach pipelines, competitive research, lead qualification, developer workflows, invoice processing, content production, and internal task automation.
How does OpenLegion handle API key security?
Through the vault proxy — agents never see API keys. Keys are held in the mesh process on the mesh host. When an agent calls an LLM, the request goes through a vault proxy that injects the credential at the network layer, tracks token usage, and enforces budget limits. Even a fully compromised agent cannot access your API keys.
Can I run OpenLegion in production?
Yes — OpenLegion is designed for production deployment. It includes on-premises support, a fleet model with blackboard + pub/sub + handoff coordination, per-agent cost governance, a per-agent permission matrix, credential isolation via vault proxy, and an auditable codebase of ~77,000 lines with 5,800+ tests. Defense-in-depth controls are enabled by default.
More questions answered — including architecture, LLM providers, and agent coordination. See the full FAQ →
Technical definition
What is OpenLegion?
OpenLegion is a container-isolated multi-agent runtime with credential vault proxy, per-agent budgets, and a fleet coordination model (blackboard + pub/sub + handoff, no CEO agent) — designed for teams that need secure, cost-controlled agent fleets in production.
Your AI team is one deploy away.
Paid from day one · 100+ LLM providers · Money-back in 14 days