Preview

Give your agent a Worker, not your keys.

A Worker is a scoped, audited identity for an AI agent. It can read your infrastructure and propose changes you approve - and it can never delete resources or read your secrets. Run it unattended on the model key you bring, and every action is logged.

Start freeHow it works

Free to start, no credit card · Bring your own model key

site-reliability-engineer
ork_agent_••••••••
Maintainer
Reads
flows freely, no approval
logsmetricsdeploymentsyour code
Proposes
queued for your approval, never runs on its own
deployrollbackopen a pull request
Never
impossible for a Worker, whatever it is asked
delete a projectread a secretread env vars

One identity. Reads flow, changes wait for you, secrets stay off limits.

Three things can happen. You control which.

Handing an agent your API key gives it the power to delete everything and read every secret. A Worker splits every possible action into three lanes - and only one of them can act without you.

Reads
flows freely, no approval
logsmetricsdeploymentsyour code
Proposes
queued for your approval, never runs on its own
deployrollbackopen a pull request
Never
impossible for a Worker, whatever it is asked
delete a projectread a secretread env vars

How a Worker run works.

From "here's the task" to "done, and logged" - with you in the loop for anything that matters. Click a step to see what happens.

propose
When it wants to act - ship a fix, roll back a bad deploy, open a pull request - the action does not execute. It is queued for your approval with the full context of why, and the run pauses there.

Pick how far it can go.

Two roles, set per Worker, changeable any time. Start read-only and graduate to proposing changes.

Observer

Reads, and nothing else.

  • Read logs, metrics & deployments
  • Browse your connected source
  • Summarise and diagnose
  • Propose or make any change
  • Touch secrets or env vars

Maintainer

Reads, and proposes changes you approve.

  • Everything an Observer can
  • Work in isolated sandboxes
  • Propose deploys, rollbacks & pull requests
  • Run a change without your approval
  • Delete resources or read secrets

Make it yours

Shape how each Worker works.

Roles decide what a Worker may do. These decide how it does it - its identity, its playbooks, and how big a job it can take on. None of them widen what its role allows.

Standing instructions

Tell a Worker who it is and how you work - "you are our release manager; always check production logs before proposing a deploy." It follows that on every run, on top of each task.

Skills

Hand a Worker reusable playbooks. Write a review or triage skill once, name it in a task, and the Worker loads the right one and follows your steps instead of guessing.

Swarm

For a big job, let one Worker fan the work out to parallel helpers and gather the results - a single Worker that scales into a team for one task, still under one approval queue.

Native to your whole orkestr account.

A Worker isn't a bolt-on bot. It already understands your projects, functions, environments, crons and jobs - so it can act in context, not guess. It sees exactly what its role allows, and nothing more.

Projects & deployments

Live status, deploy history, and rollouts across every project it is scoped to.

Serverless functions

Your functions, their logs and metrics - and, for a Maintainer, updates it can propose.

Environments & domains

Production, staging and preview environments, their branches, config and URLs.

Crons & jobs

Scheduled runs and one-off jobs - their timing, status, exit codes and output.

Logs & metrics

Container logs, CPU and memory, request rates - the signals it needs to diagnose.

Your source code

Browses the connected repo to reason about the real change, not just the symptom.

Scoped by its role and your approvals - you decide what each Worker can see and do, and can change or revoke it any time.

What people hand to a Worker.

Anywhere you'd want an agent to act on your infrastructure - without giving it the keys to wreck it.

Incident triage on autopilot

An error spike wakes a Worker. It reads the logs and metrics, finds the regression, and proposes a rollback - waiting for your nod.

Ship fixes from chat

Point your coding agent at a Worker. It reads the code, prepares the change, and opens it for approval - without ever holding your real key.

Give a vendor scoped access

Hand a contractor or third-party agent a Worker instead of credentials. They can read and propose; they can never delete or exfiltrate.

Unattended, auditable automation

Recurring checks and cleanups that run on their own model, pause at the gate for anything risky, and leave a full paper trail.

A team for your project

Run a team of specialists.

Give one project several Workers - each owning a slice. They do not step on each other, and everything that changes your infrastructure lands in the same approval queue: yours.

Release Manager

Reacts to a failed deploy

Pulls the build and runtime logs, diagnoses the likely cause, and proposes a rollback or fix - for your approval.

proposed: rollback checkout to v2.3.1

Code Reviewer

Reacts to a new pull request

Reads the diff the moment a PR opens and posts a review of what changed and anything risky it spots.

review posted: 2 things to check

Morning Reporter

Runs on a schedule

Each morning it checks deploys, health, and usage and posts a status digest to your Slack.

digest: 4 deploys, all healthy
Three Workers, one project - and one approval queue. Each acts only within its role; you decide what ships.

Built for the day the agent is wrong.

Every Worker assumes its agent can be manipulated by the data it reads. So the boundary does not depend on the agent behaving. Destructive actions are unreachable, secrets are off limits, and anything irreversible waits for a human. You delegate the work without surrendering control, and you keep a complete record of everything that happened.

Common questions

What can a Worker actually do?
Read your projects, logs, metrics, and deployment history; browse your connected source; use isolated environments; and propose deploys or rollbacks for your approval. It cannot delete resources, read secrets, or take any irreversible action without a human decision.
What if the agent is tricked or goes wrong?
Workers are built for exactly that. The assumption is that any agent can be manipulated by the data it reads, so the boundary never depends on the agent behaving. Even a fully compromised agent can only read non-secret state and queue requests for approval - nothing destructive is reachable, regardless of configuration.
Which agent or model do I use?
Any of them. Workers are framework-agnostic - connect Claude Code, Cursor, OpenHands, or your own agent. For unattended runs you bring your own model key. orkestr provides the identity, the permissions, the execution environment, and the audit trail.
How is this different from just making a limited API key?
A Worker is not only a narrower key - it is a governed identity. Reversible actions are approval-gated, destructive ones are unreachable by design, runs can execute unattended in an isolated environment, and every action is recorded against that identity. You also change its permissions or revoke it any time, without touching your own credentials.
Where does it run, and who can see it?
Unattended runs execute in isolated EU-hosted environments, operated from inside the EU. Every run is recorded in your account, so you have a complete, reviewable history of what your agents did.

Stop handing agents your keys.

Create a Worker, hand it to your agent, and let it work - safely.

Start free