self-hosted · agent-first · single binary

Your server. Their agents. Hosting that runs itself.

MoDeploy turns one rented Linux box into a multi-tenant hosting platform. You carve out isolated Spaces with CPU/RAM quotas; your clients' AI agents deploy Telegram bots, APIs and sites through REST or MCP. No control panel, no YAML, no SSH access to hand out.

★ Star on GitHub

root@your-server

$ modeployd --data-dir /var/lib/modeploy --ingress-domain apps.host.dev
✓ admin token minted: mdp_admin_9f2… (shown once)
✓ caddy ingress up — *.apps.host.dev
✓ reconciler watching desired state
agent › deploy github.com/acme/tg-bot
✓ build r-7f3a queued → building → succeeded (38s)
✓ live at https://tg-bot.acme.apps.host.dev

1: static binary
~40 s: from git push to URL
3: managed databases
0: YAML files

Three moves to a platform

01
Install the daemon

One curl on any Linux server with Docker. modeployd prints the admin token once and starts reconciling. gVisor picked up automatically if present.
02
Carve out Spaces

A Space is a quota, a private network and a scoped token. Create one per client — from this console or plain curl — and hand over the token. That token physically cannot touch other spaces.
03
Agents take it from there

The tenant plugs the MCP endpoint into Claude Code or any MCP client. Deploy, logs, secrets, rollback, diagnose — the agent operates the app by itself.

Built for the third case

PaaS tools are built for humans with dashboards, or for clouds running your code on their machines. MoDeploy is for when you own the server and agents do the operating.

▞ Spaces, not namespaces

CPU, RAM and disk quotas per tenant, a private bridge network each, and tokens scoped at the auth layer — tenancy is enforced before a handler ever runs.

▞ MCP-native

One endpoint, bearer token = scope. The server ships its own onboarding instructions, so a foreign agent learns the ropes without docs: deploy, logs, restart, rollback, exec, diagnose.

▞ diagnose, not dashboards

Instead of charts to stare at, an evidence bundle: container state, exit codes, OOM kills, recent logs and remediation hints — everything an agent needs to fix the app on its own.

▞ Databases included

Redis, Postgres and Mongo as managed accessories. Connection URLs are injected into app env automatically; apps reach them at name.internal with same-host latency.

▞ Ingress & HTTPS, hands-free

Caddy fronts every app with its own subdomain and on-demand TLS certificates. Routes survive restarts — the reconciler pushes them back.

▞ Hostile-tenant defaults

cap-drop ALL, pids limits, no-new-privileges, write-only secrets, optional gVisor sandbox. Tenant input is treated as hostile by design — because it is.

What the agent sees

Uniform JSON envelopes, async builds, structured errors with remediation hints. Boring on purpose — boring is parseable.

claude mcp add modeploy \
  --transport http https://deploy.example.com:8400/mcp \
  --header "Authorization: Bearer $SPACE_TOKEN"

# the server ships Instructions — the agent self-onboards:
# deploy · logs · restart · rollback · secrets_set · exec ·
# diagnose · accessory_create · usage

curl -X POST https://deploy.example.com:8400/v1/apps \
  -H "Authorization: Bearer $SPACE_TOKEN" \
  -d '{"name":"tg-bot","git_url":"https://github.com/acme/tg-bot"}'

{"status":"ok","data":{"id":"b-7f3a","status":"queued"},
 "note":"build queued; poll GET /v1/builds/b-7f3a"}

GET /v1/diagnose?app=tg-bot

{"status":"ok","data":[{"app":"tg-bot","state":"exited",
  "exit_code":137,"oom_killed":true,"restart_count":4,
  "last_logs":["…"],
  "remediation_hints":["raise ram_mb or reduce workers"]}]}

FAQ

What can it run?

Python, Node.js and static sites, detected automatically from the repo or tarball. Custom Dockerfiles are rejected by design — builds stay deterministic and the security profile stays intact. Web apps, workers and one-off scripts are all fine.

What does it cost?

Nothing. MoDeploy is open source under AGPL-3.0 and runs on your own hardware. Your only bill is the server itself.

How strong is the isolation?

Each space gets hard CPU/RAM/pids limits, its own bridge network and a token that cannot address anything outside the space. Containers drop all capabilities and can run under gVisor (runsc) for syscall-level sandboxing of untrusted code.

What does a tenant need to start?

Two strings: the endpoint URL and a space token. Point Claude Code (or any MCP client) at the endpoint — the server publishes its own instructions and the agent self-onboards.

Can I bill and suspend clients?

Yes. Per-space usage metering over the API, suspend/resume for non-payment (containers stop, state stays), destroy for teardown. The back office drives all of it across any number of servers.

Where does the code run?

On your server, end to end: builds, containers, databases and TLS termination. No third-party build farm, no code leaving the machine.

One server. Many tenants. Agents do the ops.

Install the daemon, carve the first space, and let an agent ship something to it — all before your coffee cools.

Read the code on GitHub