OpenLegion is a production-grade AI agent framework and platform that deploys autonomous agent fleets in isolated Docker containers. Each agent gets its own budget, permissions, and secrets vault — with six security layers enabled by default. It requires only Python, Docker, and an API key. No Redis, no Kubernetes, no LangChain. Licensed under BSL 1.1 (source-available).

How is OpenLegion different from CrewAI or other agent frameworks?

OpenLegion container-isolates every agent, proxies all credentials through a vault, and enforces per-agent budgets — most frameworks don't. CrewAI and similar frameworks run agents in shared processes with no isolation, no cost controls, and API keys stored in config files. OpenLegion uses deterministic YAML workflows instead of letting an LLM decide task routing, making execution predictable and auditable.

What LLM providers does OpenLegion support?

100+ LLM providers through LiteLLM. This includes Anthropic (Claude), OpenAI (GPT), Google (Gemini), Mistral, Moonshot, and any OpenAI-compatible API. You can assign different models to different agents in the same fleet — no vendor lock-in.

Do I need Kubernetes or cloud infrastructure to run OpenLegion?

No. OpenLegion runs on a single machine with no external services. You need only Python 3.10+, Docker, and an LLM API key — no Redis, no Kubernetes, no LangChain, no external databases.

Can OpenLegion run on-premises in air-gapped environments?

Yes. The full stack runs entirely on your own infrastructure with no external dependencies beyond Docker and Python. No data leaves your network. The coordinator, agents, vault, and dashboard all run on a single machine, making it suitable for air-gapped, regulated, and on-premises environments.

What is an AI agent platform?

An AI agent platform is managed infrastructure for deploying, orchestrating, and governing autonomous AI agents in production. Unlike raw framework libraries that only provide agent logic primitives, a platform handles container isolation, credential vaulting, per-agent cost controls, observability, and deployment — so teams can ship agents without building DevOps from scratch.

What is an AI agent framework vs an agent platform?

A framework is a code library for building agent logic — tools, prompts, memory, and chains. A platform adds operational infrastructure on top: container isolation, credential vaults, per-agent budgets, deployment pipelines, and fleet-wide observability. OpenLegion is both: a Python framework for authoring agents and a self-hosted platform for running them in production with security and cost governance built in.

How does AI agent orchestration work in OpenLegion?

OpenLegion uses deterministic YAML DAG workflows — no LLM sits in the control plane deciding who does what. You define task graphs with sequential and parallel execution patterns, coordinated through a centralized Blackboard and pub/sub messaging. The orchestrator routes tasks based on the DAG definition, making every execution path predictable, repeatable, and auditable. Fleet model, not hierarchy — agents execute their assigned steps and report results back to the coordinator.

What does AI agent security mean for autonomous agents?

AI agent security addresses the unique threats autonomous agents introduce: credential leakage, prompt injection, resource abuse, and data exfiltration. OpenLegion's six-layer defense — runtime isolation, container hardening, credential separation, permission enforcement, input validation, and Unicode sanitization — mitigates each threat independently, so a breach in one layer does not compromise the others.

Your AI workforce starts here

Your AI workforce.
Deployed in minutes.

Name: OpenLegion
Availability: InStock
Author: OpenLegion

The AI agent framework and platform built for production.

Give each agent a job and a budget — they work 24/7 while your keys stay locked in a vault they never touch.

Anything a human does, your agents do around the clock.

Start free trial →Read the Docs

7-day free trial · No credit card required · 100+ LLM providers · No vendor lock-in

openlegion demo

Your team is spending hours on work that AI agents could finish while they sleep.

If a human can do it, an agent can too.

Built-in stealth browser. Runs 24/7.

Browse any websiteFill out any formWrite and run codeSend emails & messagesManage files & foldersResearch & summariseScrape data from sitesQualify sales leadsProcess spreadsheetsPost to social mediaMonitor for changesTrigger via Slack, Telegram, Discord

All agents run in isolated containers with vault-secured credentials and automatic spend caps.

What do you need to automate?

Use Cases

What role does your team need?

Pick a built-in multi-agent template or define your own autonomous agent fleet. Each agent gets its own container, budget, and tool permissions.

Your engineering team

PMEngineerReviewer

Your sales team

ResearcherQualifierOutreach

Your content team

ResearcherWriterEditor

Your custom team

Any RoleAny ToolAny Budget

tests passing

LLM providers supported

CVEs reported

markup on LLM usage

Discord GitHub ★ 73

Features

Built for teams that can't afford things to go wrong.

The AI agent platform with security, cost control, and agentic automation baked in from day one.

AI agent security: your keys stay in a vault agents never touch.

Every agent calls through a credential proxy. Keys never exist inside a container. Six independent security layers on by default.

How security works →

Set a budget per agent. They stop the moment they hit it.

Per-agent daily and monthly caps with automatic hard cutoff. No surprise bills. No runaway API loops at 3am.

How cost control works →

Deterministic AI agent orchestration — you decide who does what.

Agents browse any website, operate any tool, run any task. MCP-compatible with 50+ built-in skills. YAML-defined workflows — every execution path predictable, auditable, and under your control.

How orchestration works →

See all AI agent platform features including browser automation, persistent memory, MCP extensibility, and multi-agent orchestration →

Ready to put your first agent to work?

Start free trial →

Fleet Dashboard

See your fleet in real time

Every agent, every cost, every event — live. Chat with agents, monitor health, and track spend from one unified view.

Fleet Overview

Live

6 agents·$8.42 today·118,940 tokens

5 online1 degraded

researcher

Lead Researcher

claude-sonnet-4-6

Online

Activitystreaming

Heartbeatevery 5m

Cost today$1.24

engineer

Code Engineer

gpt-4o

Online

Activitythinking

Heartbeatevery 10m

Cost today$3.87

reviewer

PR Reviewer

gemini-2.5-pro

Online

Activityidle

Heartbeatevery 30m

Cost today$0.56

writer

Content Writer

claude-haiku-4-5

Online

Activitytool

Heartbeatevery 15m

Cost today$0.18

qualifier

Lead Qualifier

deepseek-v3

Degraded

Activityidle

Heartbeatevery 20m

Cost today$0.42

outreach

Sales Outreach

mistral-large

Online

Activitystreaming

Heartbeatevery 5m

Cost today$2.15

This is your fleet, live.

Try it free for 7 days →

Quick Start

Two paths to your first AI agent

Easiest — no setup required

No terminal. No config files.

1. Create your account

2. Select a plan

3. Configure your agents

4. Run your fleet

We handle the containers, credentials, and infrastructure.

Start free trial →

Full control — on-premise support

Three commands. One machine.

Requirements: Python 3.10+, Docker (running), an LLM API key (Anthropic / Moonshot / OpenAI)

git clone https://github.com/openlegion-ai/openlegion.git && cd openlegion
./install.sh                     # checks deps, creates venv, makes CLI global
openlegion start                 # inline setup on first run, then launch agents

Read the docs →

Security

AI agent security: built assuming agents will misbehave.

Six layers enabled by default. Four shown here.

Each agent runs in its own container

Docker containers or Docker Sandbox microVMs per agent — no shared process space.

Agents can't escalate privileges or consume your resources

Non-root user (UID 1000), no-new-privileges flag, memory and CPU resource limits enforced.

API keys live in a vault the agent never touches

Vault proxy holds all API keys — agents call through the proxy, never see secrets.

Each agent only accesses what you explicitly allow

Per-agent ACL matrix controls which tools, files, and mesh operations are allowed.

All six layers explained in detail →

Under the hood

Three zones of protection

Your multi-agent fleet runs in three isolated zones — user, coordinator, and sandboxed containers. Nothing any agent touches can reach your API keys, other agents, or the host machine.

User Zone— Full Trust

CLI / Telegram / DiscordSlack / WhatsApp / WebhooksDirect agent communication

Mesh Host— Trusted Coordinator

FastAPI on :8420Blackboard (SQLite)PubSub + Message RouterCredential Vault (API Proxy)Orchestrator + Permission MatrixContainer Manager + Cost Tracker

Agent Containers— Untrusted / Sandboxed

Agent 1

FastAPI :8400+ each

Own /data volume

Own memory DB (SQLite + vec)

384MB RAM / 0.15 CPU default

Non-root, no-new-privileges

Agent 2

FastAPI :8400+ each

Own /data volume

Own memory DB (SQLite + vec)

384MB RAM / 0.15 CPU default

Non-root, no-new-privileges

Agent 3

FastAPI :8400+ each

Own /data volume

Own memory DB (SQLite + vec)

384MB RAM / 0.15 CPU default

Non-root, no-new-privileges

Learn more about AI agent orchestration →

Built for enterprise.

On-premises deployment, air-gapped environments, SOC 2-aligned credential isolation, deterministic audit trails, per-agent cost governance, and role-based access — all enforced by default. The engine is ~30,000 lines of Python with 2,100+ tests and a minimal dependency surface.

On-premises & air-gapSOC 2-alignedDeterministic audit trailsDeterministic workflowsPer-agent cost governanceRole-based access

Talk to us about enterprise deployment

Comparison

How OpenLegion is different

Most AI agent tools were built for demos — OpenLegion was built for production.

OpenLegion is the only AI agent framework shipping vault-proxied credentials, container isolation, and per-agent budget enforcement as defaults — with zero CVEs reported since launch.

Based on public security disclosures and community reports.

Feature comparison between typical AI agent frameworks and OpenLegion
Aspect	OpenClaw & Others	OpenLegion
API Key Storage	In agent config files	Vault proxy — agents never see keys
Agent Isolation	Process-level	Docker containers / microVMs
Cost Controls	None	Per-agent daily & monthly budgets
Task Routing	LLM CEO agent decides	Deterministic YAML DAG
Test Coverage	Minimal	2,100+ tests across unit + integration + E2E
Codebase Size	430,000+ lines	~30,000 lines (engine, auditable)

OpenLegion launched in February 2026. GitHub star counts reflect project age, not production readiness.

FAQ

Frequently asked questions

Do I need to be a developer to use OpenLegion?

No. The managed hosting at app.openlegion.ai requires no coding — start a free trial, pick a template, add your LLM API key, and your agents are live in minutes. The self-hosted version requires Python 3.10+ and Docker. Either way, the built-in team templates (Dev Team, Sales Pipeline, Content Studio) work out of the box with no configuration needed.

Do I pay for LLM usage on top of the subscription?

Yes — you bring your own API keys from Anthropic, OpenAI, Google, or any of 100+ supported providers. You pay providers directly at their published rates. OpenLegion charges for the platform and infrastructure only. There is zero markup on model usage.

What kinds of tasks can OpenLegion agents actually automate?

Any task a human performs on a computer with a browser or terminal. Agents can browse and interact with any website, log into web applications, fill out forms, extract data from any page, send emails and messages, manage files and folders, write and execute code, process documents, post to social platforms, monitor pages for changes, and run custom automations — all 24/7 without supervision. Common deployments include sales outreach pipelines, competitive research, lead qualification, developer workflows, invoice processing, content production, and internal task automation.

How does OpenLegion handle API key security?

Through blind credential injection — agents never see API keys. Keys are stored in a vault on the mesh host. When an agent calls an LLM, the request goes through a vault proxy that injects the credential at the network layer, tracks token usage, and enforces budget limits. Even a fully compromised agent cannot access your API keys.

Is OpenLegion enterprise-ready?

Yes — OpenLegion is designed for enterprise deployment. It includes on-premises support (including air-gapped environments), deterministic YAML workflows, per-agent cost governance, role-based access controls, credential isolation via vault proxy, and an audit-ready codebase of ~30,000 lines with 2,100+ tests. All security layers are enabled by default.

More questions answered — including architecture, LLM providers, and AI agent orchestration. See the full FAQ →

Your AI team is one deploy away.

7-day free trial · No credit card required · 100+ LLM providers · No vendor lock-in

Start free trial →Join our Discord

Your AI workforce.
Deployed in minutes.

If a human can do it, an agent can too.

What do you need to automate?

I need to automate my team's workflows

I need to build AI-powered products

I need a custom AI workforce

Deploy for my enterprise