OpenCompany

Introduction

What OpenCompany is, who it's for, and how the system fits together.

Introduction

Run any AI agent safely and productively. OpenCompany is an open-source platform to configure agents declaratively, deploy them to sandboxed environments, connect them to your tools, and control everything through permissions and audit trails.

It runs as a managed cloud or self-hosted on your infrastructure — same codebase, same API.

What an agent looks like

oc-agent.yaml
runtime: claude-code
name: pr-reviewer
description: Reviews pull requests for code quality and security issues
model: opus

One file in a git repo makes a directory an agent. The oc-agent.yaml defines which runtime to use and optional metadata — everything else is up to you and your runtime.

What it does

  • Declarative agent config — define agents in oc-agent.yaml. Runtime and metadata in one file, version-controlled in git. Instructions and tools stay in runtime-native formats.
  • Sandboxed sessions — agents run in isolated VMs. Each session gets a full clone of the agent's workspace (config, scripts, files from prior sessions).
  • Integration gateway — agents connect to external services (Slack, GitHub, Linear, etc.) through a permission-enforcing proxy. Agents never see secrets.
  • Fine-grained permissions — every integration action is individually permissioned: off, on, or ask (pauses for human approval). Scoped to specific resources (channels, repos, teams).
  • Full audit trail — every action an agent takes is logged. Every integration call, every file persisted, every sub-agent spawned.
  • Workspace persistence — workspace changes persist back to git via ocr persist. Agents carry state across sessions through files, not hidden platform state.

System overview

The API is the product. The CLI (oc), web dashboard, and agent runtime (ocr) are all clients of the same API. Anything you can do in the dashboard, you can do from the CLI.

Two CLIs

  • oc — management CLI. Used by engineers on their machines to configure agents, manage sessions, set up integrations. Full API access.
  • ocr — runtime CLI. Used by agents inside their sandboxed VMs. Minimal surface area. All calls proxy through the gateway which enforces permissions and injects credentials.

Core concepts

ConceptWhat it is
OrgA team or company. All agents, integrations, and billing live under an org.
AgentA directory in a git repo with an oc-agent.yaml. The platform provisions a sandboxed VM from it.
SessionA running instance of an agent in a sandboxed VM.
SkillA capability added to an agent. Resolved at provisioning.
IntegrationA connection to an external service, with per-agent permissions.
SecretAn encrypted value injected as an env var at runtime. Never in git, never visible to the agent.
AutomationA trigger that spawns sessions automatically (cron, webhook, events).

Licensing

  • The server (API, gateway, provisioner, dashboard) is licensed under BSL-1.1 — source-available, converts to MIT after 4 years.
  • The CLI, integrations, skills, agent templates, and registry are MIT.
  • Enterprise self-hosting is fully supported from the same codebase.

Architecture

High-level overview of the OpenCompany platform architecture.

On this page

IntroductionWhat an agent looks likeWhat it doesSystem overviewTwo CLIsCore conceptsLicensing