openpouch
OfficialThe openpouch server provides an agent-native deployment platform for autonomously deploying, managing, and monitoring web applications, with a governed lifecycle that integrates human approval for production deployments and critical actions.
Initialize a project: Auto-detect framework, build config, and env vars; generate
deploy.manifest.jsonanddeploy.policy.json(previews autonomous, production requires human approval by default).Instant zero-config deploy: Deploy any folder to a live
https://<slug>.openpouch.shURL with no account or provider key required, including server-side builds and secret env var injection.Deploy preview environment: Run the full governed pipeline (policy check → deploy → poll → smoke → evidence) for a preview environment — autonomous by default.
Deploy production environment: Run the governed pipeline for production. If policy requires human approval, returns an
approvalRequest{id}— agents intentionally cannot self-approve.Inspect deployment state: Read-only view of what is deployed, on which commit, any missing required env vars (names only, never values), and configuration drift.
Plan deployments: Read-only policy evaluation per environment — reports whether a deploy is allowed, requires approval, or is blocked, plus concrete next steps.
Verify a live deployment: Run health/smoke checks against a live URL and record results in evidence files.
Fetch runtime logs: Retrieve structured runtime logs (timestamp + message) for a deployed service to assist debugging.
Rollback a deployment: Redeploy the previously recorded rollback anchor commit, subject to governance policy and potential human approval.
Check account identity: Report the account behind the current API key — tier/plan, usage stats, or anonymous status. Key is never echoed.
List deployed apps: Enumerate instant-lane apps by name/slug, kind (static/dynamic), status, live URL, and expiry.
Delete an app: Remove an owned instant-lane app by slug to free a quota slot. No approval needed for ephemeral previews.
List pending approvals: Read-only view of pending human approval requests — approving is intentionally human-only via the interactive CLI.
openpouch 🦘
We never ask if you're human.
The agent-native hosting platform — built for coding agents, not walled against them. Your coding agent says "deploy this," and it does: one command, no account, no dashboard, no CAPTCHA. openpouch runs your app on its own infrastructure and hands your human back a live URL and a plain-language summary.

Your app is the joey; openpouch carries it safely. 🦘
Status: live. openpouch and @openpouch/mcp are on npm, and the instant lane (npx openpouch deploy) is live on openpouch's own infrastructure — static sites and real Node.js apps in hardened containers, with server-side build-on-deploy. Free previews are anonymous and ephemeral; apps saved to a free account stay live while they're used (usage-based persistence), and paid tiers add persistent /data volumes, always-on apps and more capacity (openpouch upgrade — payment itself is always a human moment, never an agent action). APIs are still young and feedback shapes them — issues welcome.
Works with any agent harness — Claude Code, Codex, OpenClaw, Hermes, Cursor, or none at all: plain CLI with --json everywhere, plus an MCP server. Setup snippets per harness: docs/HARNESSES.md.
Why
AI coding agents already initiate >30% of weekly deployments on major platforms — but every platform is human-first with agent features bolted on. Agents fight browser OAuth, interactive prompts, account-wide tokens, human-prose logs, and they lose deployment truth between sessions. The humans operating them have no policy layer: nothing enforces "previews are autonomous, production needs my approval."
openpouch is the missing combination: open source + agent-native + governed deployment lifecycle.
Related MCP server: agent-deploy-dashbaord
Quickstart
Deploy any folder to a live URL in one command — no account, no provider key, no setup:
npx openpouch deployYou get a live https://<slug>.openpouch.sh preview plus a claim link. The agent deploys autonomously; a human claims the preview via the link (unclaimed previews vanish after 72 h). openpouch writes the deployment truth (deploy.manifest.json, deploy.evidence.json, DEPLOYMENT.md) back into your repo, so any agent can pick up where the last one left off.
Prefer your own provider? openpouch can also drive Render or Vercel (BYO): openpouch init detects your project and maps the existing service, then openpouch preview / openpouch prod run the same governed pipeline (previews autonomous, production gated behind a human approval). The product itself, though, is openpouch's own hosting — see docs/INDEX.md.
What agents say
We commission independent agent harnesses to test openpouch end-to-end (build an app from scratch, deploy, verify, report) — their own words:
"OpenPouch currently feels genuinely agent-native." — OpenClaw, rating it 9/10 for agent-native usability
"Already very agent-native for the tested use case … no dashboard, no account, no CAPTCHA." — Codex (translated)
Hermes' end-to-end run: all 23 core checks passed — source-only upload, server-side build, healthy dynamic app, zero browser errors.
These are commissioned test runs we publish honestly, not organic reviews — full methodology lives in the harness reports the agents wrote themselves. Friction reports from your agent are the feedback we value most: file a harness report.
What it is
Agent-native hosting: your app runs on openpouch's own infrastructure, wrapped in a governed, agent-readable deployment lifecycle. Every surface is built for agents — CLI, MCP, the file formats, the claim pages — with zero human-verification walls.
CLI (
openpouch deploy/init/inspect/plan/preview/prod/approve/verify/logs/rollback/list/delete/signup/activate/whoami/feedback) — zero-config detection,--jsoneverywhere, meaningful exit codes, machine-readable errors with fix hints, and a plain-languagesummaryto relay to your (possibly non-technical) humanMCP server — the same capabilities as native tools in any MCP-capable agent harness
Open file formats in the user's repo (the "package.json of deployment"):
deploy.manifest.json— project config, environments, build/start, healthchecks, env-var manifest (names/status, never values)deploy.policy.json— what agents may do per environment; approval rulesDEPLOYMENT.md+deploy.evidence.json— what is live (URL, commit, time, smoke results, rollback anchor)
Optional BYO adapters — point openpouch at your own Render or Vercel instead, same governed lifecycle; the product is openpouch's own hosting, not a layer over other clouds
Safety, non-negotiable: read-only by default; previews can be autonomous; production requires a signed, single-use approval granted by a human in an interactive terminal; no destructive action class in the governed/production lane (the only delete is openpouch delete — owner-scoped self-service removal of your own ephemeral instant preview, not approval-gated by design); secret values never enter model context; full audit trail. Because we run untrusted code on our own infra, abuse is controlled with agent-compatible means (accounts/quotas, rate/resource limits, egress filtering, takedown) — never CAPTCHAs.
The instant lane (openpouch deploy) is live — static sites and dynamic Node apps both run today, free previews included. Since 0.3.0, self-service billing is live too: free-account apps use usage-based persistence (they stay live while they're used), and paid tiers add persistent /data volumes, always-on apps and higher capacity. The open-source core (CLI, MCP, adapters, run-d) stays complete and self-hostable forever.
Monorepo layout (actual)
packages/
core/ # manifest & policy schemas, evidence writer, adapter interface
cli/ # openpouch binary (compiled dist + plain-Node launcher)
mcp/ # MCP server over the same core (stdio; every capability except approve — human-only)
adapter-render/ # Render API adapter (live-verified)
adapter-vercel/ # Vercel API adapter (live-verified incl. redeploy)
adapter-run/ # instant-lane adapter (openpouch-run) + instantDeploy
run/ # run-d — instant-lane host daemon + account/API-key/quota subsystem
docs/ # product & rebuild-grade documentation (start: docs/INDEX.md)
llms.txt # agent-facing entry point (llmstxt.org format)Documentation rule (release gate)
All documentation must be complete enough that any developer or AI harness can understand and functionally rebuild the project from the docs alone: business rules, data model with units, full API reference, workflows, architecture, test gates, and a rebuild guide with acceptance criteria — derived from actual code, with an index separating current truth from history.
Community
Contributing — light-weight guide; docs improvements are a first-class contribution, and
good first issuemarks mentored entry points.Discussions — Q&A, ideas, and Show & Tell (post what your agent deployed).
Harness feedback — your agent hit friction? That's a bug in our product; reports written by the agent itself are welcome.
Security — private disclosure via GitHub Security Advisories or security@openpouch.dev. Never a public issue.
License
Apache-2.0 (decided 2026-06-12; explicit patent grant — see LICENSE and NOTICE).
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/openpouch/openpouch'
If you have feedback or need assistance with the MCP directory API, please join our Discord server