OpenGeni — The open agent runtime

9 min read Original article ↗

Open Source · Apache-2.0/github.com/Cloudgeni-ai/opengeni

Theopenagentruntime.
Embedit.Self-hostit.Ownit.

OpenGeni is a managed-agent service you run yourself. Sandboxed tools, live event streams, plugins, multi-tenancy, metering, and billing already wired in. Build your agent product on top of it, or stand it up across your org so everyone has agents plugged into your tools and data. Open source, deploy anywhere.

durable

postgres event log

sandboxed

pluggable execution

orchestrated

temporal workflows

Built to be embedded. Built to be deployed.

OpenGeni isn't a developer CLI for one machine. It's a runtime — a tiny operating system for agents that lives wherever you put it.

EMBED

Inside your product.

Bring real agents into your product. Your UI, your auth, our runtime. OpenGeni owns durable session state, event history, approvals, and final outputs — your customers never know it's there.

DEPLOY

Across your org.

Stand up one OpenGeni for your whole company. Any cloud. Your sandboxes, your secrets, your audit trail. A scalable agentic OS that grows with the team — not a single-machine CLI.

A durable, observable, interruptible agent service — with the boring infrastructure already wired in.

Sessions live in Postgres. Live events stream over SSE with NATS fanout. Long work is coordinated by Temporal. Tool execution happens inside a sandbox you choose. Repos and documents plug in as first-class agent tools.

Session-based API

SSE event stream

Temporal-orchestrated

Sandboxed tool exec

Repo + doc tools

Postgres event log

Accounts + workspaces

Scoped API keys

Usage events + limits

Stripe credits

Helm + Terraform deploy

One API in front. Postgres as truth, Temporal as the metronome, a sandbox at the edge.

Public clients only ever talk to the Hono API. Postgres is the durable source of truth, NATS handles realtime fanout, and Temporal coordinates long-running work.

[ WEB CLIENT ]React + Vite app[ YOUR PRODUCT ]embedded runtime[ SERVICE ]server-to-server[ CUSTOM CLIENT ]anything that speaks HTTP[ HONO API ]the public contract[ POSTGRES ]sessions · events · vectors[ TEMPORAL ]durable orchestration[ NATS CORE ]live event fanout[ WORKER ]OpenAI Agents SDK[ OBJECT STORE ]S3-compatible[ SANDBOX ]pluggable · session-scoped[ MCP TOOLS ]first-party + plug-ins

active path request packet

hover any node to isolate its connections

Postgres is truth.

If an SSE client misses live events, the API backfills from the event log by sequence number. Sessions replay. Always.

NATS is just the bus.

Realtime fanout only. Loss-tolerant: durability is somebody else's job (Postgres'). Keeps the hot path cheap.

Workers run agents.

Model calls, tool execution, sandbox commands, repo ops — all inside non-retryable Temporal activities, because side-effects.

Your data, your model, your perimeter. Pick the brain. Keep the keys.

Agent intelligence is too important to outsource blindly. OpenGeni runs the agent harness on the OpenAI Agents SDK, so the model is a swap — not a lock-in. Route prompts to a frontier API, an enterprise Azure tenant, a regional Bedrock deployment, or a GPU sitting in your own DC. Keys, traffic, and inference all stay inside the boundary you control.

provider matrixswappable per deployment

  • OpenAIDirect Responses + Chat Completions, default path
  • Azure OpenAIPin inference to your tenant, region, and compliance envelope
  • Anthropic · Gemini · Bedrock · MistralRouted via the LiteLLM provider extension
  • Ollama · vLLM · LM Studio · llama.cppSelf-hosted, OpenAI-compatible, never leaves your network
  • Anything elseImplement a ModelProvider — air-gapped and bespoke endpoints welcome

One indirection. Total control.

Every model call goes through a ModelProvider running inside your worker. Default is OpenAI; flip OPENGENI_OPENAI_PROVIDER=azure to pin inference to your Azure tenant, or hand the SDK a LitellmProvider to fan out to Anthropic, Gemini, Bedrock, Mistral, Ollama, vLLM — anything LiteLLM speaks.

Need air-gapped, region-locked, or audited? Implement the ModelProvider interface against your own endpoint. The harness doesn't care where the tokens come from.

keys live on the worker · prompts never round-trip the client · provider swaps per deployment

From POST /sessions to a healthy reply, in six durable steps.

step 01 / 06session lifecycle

◇ durablesignal returns ↺ temporal

01/Open a session

Client opens a session

Your client posts to the Hono API. The request is validated, a session row lands in Postgres, and an id comes back. Nothing has run yet — but the session is already replayable.

{ "initialMessage": "diagnose drift in prod",
  "resources": [...], "tools": [...] }

Tool execution lives in a sandbox you choose, on a contract you can extend.

OpenGeni delegates execution to a SandboxClient — the same contract the OpenAI Agents SDK speaks. Repos and files mount in as real filesystem paths. Sandbox session state is part of the saved run state, so the next turn picks up exactly where the last one left off.

WORKERrunStream()OpenAI Agents SDKINTERFACESandboxClient.createSession().applyManifest().deserialize().delete()containerremote sandboxtrusted localno-op (none)your own ↗

$ implements SandboxClient

Bring your own runtime.

Anything that satisfies the OpenAI Agents SDK SandboxClient contract is a valid backend: create / resume / delete a session, deserialize state for durable resume, materialize a manifest of resources. Add yours next to the ones we ship.

Surface
createSandboxClient(settings)

Resources
Manifest with gitRepo + s3Mount entries

State
deserialize / serialize SandboxSessionState

OPENGENI_SANDBOX_BACKEND=

docker

Docker

default for self-host

OPENGENI_SANDBOX_BACKEND=

modal

Modal

remote, burstable

OPENGENI_SANDBOX_BACKEND=

local

Local

dev convenience — not isolation

OPENGENI_SANDBOX_BACKEND=

none

No-sandbox

talk-only / planning

Plus anything else that implements the SDK contract — wire it up in createSandboxClient and you have a new backend.

Sandbox preparation profiles

Secure by default. Nothing leaks in unless you say so.

Out of the box no host environment enters the sandbox. Opt into a preparation profile when you want one — an Azure profile that runs a built-in az login --service-principal hook, a GitHub profile that passes through a local token and git identity — or list extra variables explicitly via an allowlist. Model provider keys stay with the worker.

Default image

Tuned for infra work out of the box.

Ships with Terraform, Checkov, Azure CLI, GitHub CLI, git, jq, curl, shell utilities, and bundled Terraform / Checkov skills. Swap OPENGENI_DOCKER_IMAGE for your own when you outgrow it.

Tools are MCP servers. We ship a few. You plug in the rest.

Every tool the agent reaches for goes through the Model Context Protocol — including the ones we ship by default. Point OPENGENI_MCP_SERVERS at any compatible server and select it per session.

▸ tools = mcp(servers)

Plug in any MCP server.

A session attaches tools by id; the worker connects the matching MCP servers, prefixes their tool names, and hands them to the agent. Built-ins are convenient defaults — your enterprise search, your vector DB, your custom MCP server slot in the same way.

  • Streamable HTTP MCP transport
  • Per-server allowedTools allow-list
  • Tool names auto-namespaced (serverId__tool)
  • Connect in parallel, tool list cached

Every agent needs an inbox. We built one that doesn't lose messages.

Per-session FIFO. One workflow per session, one turn at a time. Postgres row-locking under the hood — FOR UPDATE SKIP LOCKED — so you never have to think about it.

▸ session_turns · for update skip locked

One workflow per session. One turn at a time.

Plumbing, not a feature. You don't think about it. It's just here so your agent stops dropping turns the moment a user gets impatient and double-sends.

▸ what you get for free

Three things you'd otherwise have to build.

  • 01Idempotent submits

    Duplicate turn requests collapse on a key. Double-clicks, retries, network blips — they don't multiply work.

  • 02Live edits

    Reorder, edit, or cancel queued turns before they run.

    PATCH /turns/:id · POST /turns/reorder · DELETE /turns/:id

  • 03Backpressure

    Long-running turns don't drop user messages. They queue. The workflow drains the head as it finishes each one.

Tasks. Let the agent run itself.

Like ChatGPT Tasks or Claude's scheduled prompts: a saved agent run that fires once, on an interval, or on a calendar. You can create them — or the agent can create and manage its own. Durable on Temporal Schedules, with overlap policies that won't trample the previous fire.

task · weekday-09:00 · created by agentbuffer_one · reusable_session

User: "keep an eye on our infra repos for drift."
Agent: created task — every weekday at 09:00, scan repos and post a summary to #ops.

Tasks are tools. The agent can create, edit, pause, and delete its own — or you can manage them by hand. Either way, fires durably and resumes if a worker dies mid-run.

Once

"remind me at 4pm Friday"

Recurring

"every weekday at 09:00"

Calendar

"first of the month, 06:00 UTC"

overlap policy

  • allow_concurrentfire even if previous still running
  • skipdrop new fires while one is in flight
  • buffer_onekeep at most one queued behind the current run

run mode

fresh chat each fire

new_session_per_run

keep the thread

reusable_session

One stack. Every cloud.

A Helm chart and Terraform stacks for AWS, Azure, and GCP. Pick a profile, point it at managed services or bring your own, and the same runtime that boots on your laptop runs in production — non-root pods, rolling updates, PDBs, topology spread, optional HPA, secrets via ExternalSecret, NetworkPolicy on by default.

values.yaml (excerpt)helm · terraform

  • product access modelocal · configured · managed
  • billing modedisabled · stripe
  • sandbox backenddocker · modal · local · none
  • sandbox prep profilesnone · azure · github
  • storage apis3-compatible · aws-s3 · azure-blob · gcs
  • secretsSecret · ExternalSecret · Key Vault / Secrets Manager
  • pod securitynon-root · no privesc · caps dropped
  • availabilityrolling · PDB · topology spread · HPA opt-in

full chart in deploy/helm/opengeni

▸ deployment profiles

profilecloudruntimedepsnote
local-composelocaldocker-composedisposabledev / smoke
local-kuberneteslocalkubernetesin-clusterkind / minikube
preview-prgenerickubernetesin-clusterephemeral PR envs
azure-managedazurekubernetesmanagedAKS + Postgres + Blob
azure-existing-servicesazurekubernetesexternalBYO Postgres / Blob
aws-managedawskubernetesmanagedEKS + RDS + S3
aws-existing-servicesawskubernetesexternalBYO RDS / S3
gcp-managedgcpkubernetesmanagedGKE + Cloud SQL + GCS
gcp-existing-servicesgcpkubernetesexternalBYO Cloud SQL / GCS
kubernetes-externalgenerickubernetesexternalany conformant cluster
self-contained-kubernetesgenerickubernetesin-clusterairgapped / offline

Dependency modes: managed (cloud-native services), external (BYO Postgres / Temporal / object store), inCluster (upstream charts), or disabled. In-chart Postgres, Temporal, MinIO, and NATS are disposable — production should pick managed or external.

Boring choices, on purpose. Every box is the part that's already proven.

  • 01BunWorkspace runtime
  • 02HonoPublic API
  • 03React + ViteReference web client
  • 04TemporalDurable orchestration
  • 05PostgresSource of truth
  • 06DrizzleType-safe ORM
  • 07pgvectorDocument embeddings
  • 08NATS CoreRealtime fanout
  • 09MinIO / S3Object storage
  • 10OpenAI Agents SDKAgent harness
  • 11MCPTool protocol
  • 12LiteParseDoc parsing / OCR
  • 13Better AuthManaged user auth
  • 14StripeCheckout + webhooks
  • 15HelmProduction chart
  • 16TerraformAWS / Azure / GCP
  • 17ResendTransactional email

One contract. Real endpoints. No magic SDK required.

The Hono API is the public contract. Build with curl, fetch, or anything that speaks HTTP. The included React app is just one client.

Routes shown without the /v1 path prefix for clarity. The shipped API mounts everything except /healthz under /v1.

Teach your coding agent OpenGeni. One install, in any repo.

A skill for skill-aware coding agents — install it in any repo and your agent knows how to integrate with OpenGeni and configure its sandboxes. It points at the source when it needs exact details.

~ install

$ npx skills add Cloudgeni-ai/opengeni --skill opengeni

▸ what the agent learns

  • How to integrate OpenGeni from a client app
  • How to configure sandboxes and MCP servers
  • Where in the source to look for current details
  • Vocabulary, workflows, and architecture

not a client SDK · not required to run OpenGeni

Shipped, in flight, and on the horizon.

  • ShippedOpen-source core — Apache-2.0, contribution + security guidesshipped
  • ShippedProduction deploy — Helm chart, Terraform for AWS / Azure / GCP, eleven deployment profilesshipped
  • ShippedMulti-tenant access modes — local, configured, managed (Better Auth + email verification)shipped
  • ShippedAccounts, workspaces, scoped API keys (ogk_*, SHA-256 hashed, delegable permissions)shipped
  • ShippedUsage events, static + rolling limits, credit ledger, Stripe checkout + webhooksshipped
  • NextOutbound webhooks for session and usage events
  • NextFirst-class agents and environments API resources
  • NextClient SDK — streaming, timeline projection, approvals, interrupts
  • NextMore OpenAI Agents SDK-compatible sandbox backends
  • LaterDeeper Temporal / OpenAI Agents SDK durability integration