What does it cost to run x1agent?

Around $170/month all-in to run on Google Kubernetes Engine Autopilot in us-central1, plus your own model spend on Anthropic / OpenAI / Vertex keys (billed direct). The software itself is free under BSL.

How does the permission model work?

Tokens live in a sidecar container. The agent calls localhost:9090; the sidecar attaches credentials, forwards, and writes one audit row per call. The agent's own container has nothing to read, so a jailbroken prompt cannot exfiltrate secrets.

Can I run x1agent on a cloud other than Google Cloud?

Yes. It is Kubernetes-native. The reference install ships for GKE because Autopilot is the cheapest way to run it (~$170/mo all-in), but the Helm chart works on any conformant cluster.

OPEN SOURCE · KUBERNETES-NATIVE · BRING YOUR OWN KEYS

Self-hosted on Kubernetes · private beta

Own the substrate.

x1agent is the agent platform you run yourself. Open source — your embeddings, your knowledge graph, your artifact store, all on your own cloud. Runs Claude Code as worker or orchestrator, so the MCP servers, skills, and prompts your team already wrote keep working.

Built on Kubernetes — pick any cloud you like. We ship a Google Cloud install first because it's the cheapest way to run it (around $170/month, all in). Set up in an afternoon. Walk away the day you stop wanting it.

Dark factory — manufacturing term for a fully-automated facility that runs lights-out, no humans on the floor. We're building the same thing for knowledge work.

your-namespace / session-9f2c live

01 — TWO ARCHITECTURES

Rent a product. Or own the engine room.

Most agent products are closed SaaS — a finished surface you log into, billed per seat. x1agent is the other shape: the layer underneath, run on your infrastructure, that you keep building on. The orchestrator is yours. The data is yours. The next ten orchestrators you write are yours too.

Closed SaaS

x1agent

What you get

A product

A substrate you build on

Embeddings live in

Their vector DB

Your cluster, your model, your schema

Knowledge graph

Their schema, their UI

Yours — add a node type, run a query

Where it runs

Their cloud

Your Kubernetes cluster, any provider

Source

Closed

Open source

Cost model

Per seat, per run, per task

~$170/mo flat infra + your model tokens

Permission model

Account-level

Pod-level sidecar — agent can't read secrets

When you outgrow it

Ask them to ship a feature

You wrote the layer. Add to it.

Exit

Export your data

Tear it down. Walk away.

Anything you'd automate with the SaaS option fits here too — plus the parts that need a long-running process, your own model routing, a sidecar permission model, and orchestrators that solve high-level tasks unattended. Tools sell you automations. We give you the factory floor.

02 — BUILDING BLOCKS

The data layer is the moat.

A great agent is only as good as the foundation underneath it. Embeddings of every doc and ticket. A knowledge graph of who, what, when. An artifact store the agent reads and writes. Building this is months of DE work. Owning it means nobody else can dictate what your agent gets to know — or who else gets to learn from it.

Embeddings, in your cluster.

Every doc, ticket, transcript, and repo, chunked and indexed in your own vector store. You pick the model, the dimensions, the freshness policy. Custom retrieval is a code change, not a support ticket. Nothing gets sent to a third-party index unless you decide to.

A knowledge graph you can extend.

Customers, accounts, tickets, deals, releases — entities and relationships in your own SurrealDB, with your schema. Add a node type, run a Cypher-style query, join against your warehouse. The "who is this customer and what have they done" structure that turns a plausible answer into a correct one.

03 NOVEL

Claude Code, worker or orchestrator.

Same claude CLI your engineers run locally — runs sandboxed in a sidecar as a worker, or as the top-level orchestrator that spawns its own workers. Your existing MCP servers, skills, prompts, and sub-agents just work.

Artifact store, not chat log.

Briefs, dashboards, charts, preview URLs — written to GCS, addressable, reviewable. The agent's output is something you can link, not a transcript to scroll.

Interactive or unattended.

@mention in Slack. Trigger by webhook. Run on a cron. Same agent, three modes — pick whichever fits the job.

03 — IN PRACTICE

Three teams. One platform.

Pick a department. Watch what the agent actually does — every tool call, every credential check, every artifact it hands back when it's done.

SESSION 7a4f · ORCHESTRATOR · CHIEF OF STAFF

Wakes itself at six. Standup waiting when you do.

Tickets land in your queue overnight. The orchestrator picks them up on its 6am heartbeat — spawns workers on disjoint surfaces, supervises each one through tests and CI, drafts a morning standup.

You wake to PRs ready for review and a digest of what shipped while you slept. Not an empty queue.

scheduler linear github slack ci runners

Schedule: heartbeat · 06:00 UTC

Morning sweep — pick up overnight Linear queue. 7a4f3c91

running 47 events

Platform wake scheduler heartbeat

Triggered by scheduler · 06:00:01 UTC · heartbeat

Morning sweep. Linear queue: 4 ready-for-worker tickets. RC release queue: 2 awaiting smoke. Sentry: clean. Spawning workers on disjoint surfaces.

spawn_session X1A-44 worker/x1a-44-share-dialog-fix 06:00:14

spawn_session X1A-46 worker/x1a-46-admin-settings-llm-keys 06:00:17

spawn_session X1A-43 worker/x1a-43-system-message-pills 06:00:21

Standup posted to #engineering. Queue size: 3 active workers. Picking up next ready-for-worker ticket on next state_change wake.

2026-05-10 morning standup html 4.7 KB

Persistent share_id: 019e0e8a-7d12 linked from session 7a4f3c91

SESSION 8a73 · SUPPORT-BOT · SENTIMENT-AWARE

Asks before sending. Self-hosted agents you can actually deploy.

Customer ticket lands. The agent looks them up, drafts a measured reply, escalates to on-call if they're paying enough to warrant it — and then stops.

Nothing sensitive ships without your approval. The platform asks; you answer; the work continues. That's the trust mechanism that makes self-hosted agents real.

slack memory graph linear email pagerduty

Frustrated customer — paying $2.1k/mo, broken 3 days. 8a73c2d1

running 18 events

This has been broken for 3 days. We're paying $2.1k/mo and getting nothing back. Can someone actually respond?

@frustrated-customer · slack

Customer found. MRR $2.1k, 14-month tenure. Sentiment hot, escalation policy says page on-call when MRR > $2k AND sentiment hot. Drafting reply, paging.

mcp__linear__save_issue

Frustrated customer escalation · priority=Urgent · SUP-127

Permission request · tool_scope · once

The agent is asking for email:send.

Send the draft reply to frustrated@acme.com (subject: Re: Service issue — we're on it). Tool: mcp__email__send_email.

Approved.

Permission approved: email:send (once). Grant id: 019e0f3c-1a55.

mcp__email__send_email

to: frustrated@acme.com
subject: Re: Service issue — we're on it
→ sent (msg_id 8c4a2)

Sent. SUP-127 paged to on-call. I'll thread the reply back here when @frustrated-customer responds.

Draft reply to @frustrated-customer document · 1.2 KB

Draft reply to @frustrated-customer html 1.2 KB

Persistent share_id: 019e0f3c-1a55 linked from session 8a73c2d1

SESSION 6f1e · MONTH-END-CLOSE · CRON

Closes the books before the controller opens her laptop.

Cron fires Monday at 6. Pulls QuickBooks transactions, reconciles against last quarter's variance band, charts revenue vs plan, flags anomalies, drops a PDF in Drive, posts the digest to #finance-ops.

The controller's first act on Monday is reading the digest, not building it.

scheduler quickbooks charts drive slack

Schedule: every Mon 06:00 UTC

Q2 close · 12,408 transactions reconciled. 6f1e44b9

completed 24 events

Platform wake scheduler heartbeat

Triggered by schedule · 06:00:01 UTC · Mon

mcp__quickbooks__list_transactions

quarter=Q2  →  12,408 transactions exported

mcp__memory__search_nodes

variance_band:Q2-baseline  →  1 hit

Bash

./scripts/reconcile.ts --baseline=q1  →  3 anomalies, total variance $14,200

3 anomalies above the Q2 baseline variance band. Charting revenue vs plan; flagging anomalies for the controller's review.

mcp__charts__render

series=[revenue_actual, revenue_plan]  →  digest-chart.png

mcp__google_drive__upload_file

Finance/Month-end/2026-Q2-close.pdf  →  uploaded

mcp__slack__send_message

#finance-ops · Q2 close digest ready. +4.2% vs plan, 3 flagged.

Done. Digest in Drive (PDF), posted to #finance-ops, persistent share for the controller. Next run: 2026-08-04 06:00 UTC.

Q2 close digest document · 184 KB

UNTRUSTED ZONE

The agent never sees your credentials.

Tokens live in a sidecar. The agent calls localhost:9090; the sidecar attaches the credential, forwards, audits. A jailbroken prompt can ask — there's nothing in the container to read.

your-namespace / session-9f2c live

↳ THE PLATFORM, RUNNING

Above the boundary, that diagram. Below it — the same session, in flight. The orchestrator asked permission before opening PR #79; you approved it; the review summary is a persistent share you can re-open weeks later.

Account-level git identity — ship X1A-42 against main. 019e0f0d

running 32 events

Session started · 10:33 PM

Pick up X1A-42 — account-level git identity. Smallest possible change. Branch from main, PR target main per new flow.

Schema migration drafted (046_user_git_identity.sql). Domain entity + ports + postgres adapter wired. me-routes scoped to session userId. Pod-spec emits GIT_AUTHOR_* / GIT_COMMITTER_* on the agent container. 67 / 67 auth tests pass.

Bash

git push -u origin worker/x1a-42-account-git-identity

Permission request · tool_scope · session

The agent is asking for github:pull-requests:write.

Open PR #79 against x1agent/x1agent (base: main, head: worker/x1a-42-account-git-identity).

Approved.

mcp__github__create_pr

→ https://github.com/x1agent/x1agent/pull/79

Status: ready_for_review. PR open against main. CI: passing (3/3). Linear X1A-42 → In Review. Review summary attached as a persistent share.

04 — ARCHITECTURE

Built on Pods.

Functions are the right tool for a request that fits in 15 minutes. The orchestrator runs for hours and shells out to whatever the work needs — git, bash, npm test, anything you put in the image. That's a Pod.

The sidecar that holds your tokens is a long-lived process; a function can't keep state between calls. Preview environments and GPU pods come for free when you run on Kubernetes. KEDA scales the worker pool down to zero between jobs, so you pay for what's running, not for a room sitting empty.

Curated by your platform team.

MCP servers, default tools, permissions — wired up once, inherited by every agent. Your platform team owns the config; the marketing analyst never sees it.

Memory in your cluster.

Vector store, knowledge graph, artifact bucket — on your infrastructure, scoped per workspace. The org owns its memory.

Agent never sees your secrets.

Tokens live in a sidecar. The agent calls localhost:9090; the sidecar attaches the credential, forwards, audits. A jailbroken prompt finds nothing in the environment to read.

Diagram up top shows the boundary. Full trust model in the repo.

05 — INFRASTRUCTURE

Runs cheap. Runs yours.

A working cluster on Google Kubernetes for the price of a couple of seats on the SaaS alternatives. No per-seat math. Add users until you run out.

monthly · GKE Autopilot · us-central1 EST

GKE Autopilot control plane ~$74

Worker pool — e2-standard-2 ×2 ~$50

Cloud SQL or self-hosted PG ~$15

GCS + egress ~$10

Misc — NAT, DNS, certs ~$15

Total ~$160–180

Plus your model spend. Bring your own Anthropic / OpenAI / Vertex key — billed direct, not through us.

install.sh ~30 MIN

# 30-min install
terraform apply
helm install x1agent ./chart
# done. open the URL it prints.


# changed your mind?
terraform destroy

The Helm chart is the only lock-in. Read it before you install. on github.

06 — INTEGRATIONS

Plugs into the stack you already have.

Auth, knowledge graph, files, messaging, code, MCP — each domain is a contract, not a hardcoded integration. Today we ship the providers below. Implementing your own takes a couple hundred lines of TypeScript.

AUTH

googlegithub oauth

next: okta

GRAPH

surrealdb

next: neo4j

FILES

gcsgoogle drive

next: s3, onedrive

MESSAGING

slack

next: teams, discord

CODE

github

next: gitlab

AI RUNTIME

claudecodexopencodegemini

next: any sdk that speaks tools

MCP

any mcp serveratlassiangithub mcp

next: managed catalog

values.yaml HELM

# Wire it up once. Every agent inherits.
providers:
  messaging:
    name: slack
    botToken: { secretRef: slack-bot }
  files:
    name: google-drive
    serviceAccount: { secretRef: gdrive-sa }
  graph:
    name: surrealdb

# MCP catalog — every agent inherits these tools.
mcp:
  servers:
    - atlassian
    - github
    - acme-internal

07 — COMMERCIAL

The software is free. Forever.

We charge for one thing: helping you install and configure it. One-time, fixed fee. After that you own it — fork it, gut it, swap the orchestrator, replace us. The only lock-in is the Helm chart.

SELF-INSTALL

Run it yourself.

BSL licensed — source-available, free for self-hosting, converts to Apache 2.0 after the change date. Helm chart, Terraform module, walkthrough. No gated features. No call-for-pricing tier above this one. If you want the version we'd run, that's this version.

Full source. Forks welcome.
Helm + Terraform, no proprietary control plane.
Community support — GitHub issues.

Read the chart on GitHub

INSTALL & CONFIGURE

RECOMMENDED

Fixed fee

We install it with you.

Cluster bootstrapped, MCP catalog wired, permission model dialed in, your first orchestrators in production. After that we leave. No retainer, no per-seat license, no "renewal".

Cluster stood up on your cloud — your VPC, your egress rules.
Sidecar permission model wired to your IDP.
Orchestrators built with your team — keep the patterns.

Talk to us

We don't charge for model usage. We don't charge per agent. We don't charge per task. If you can install a Helm chart, you don't need us.

FOR

Built for teams who'd rather operate it.

If your instinct on hearing "agent platform" is to ask where the embeddings live, who can read the knowledge graph, and how to extend it — this is for you. Platform leads. Heads of data. Infra-minded CTOs. The engineers who'd rather own the substrate and build the dark factory than rent a finished surface.

08 — SIGN UP FOR DEMO

We onboard teams one at a time.

Tell us what you'd build first. We'll set up a call, walk through your cluster, and decide together if this is the right fit.

The software is free. We charge only for install/configure help.
Self-hosted. Your VPC, your secrets, your audit log.
Direct line to the people who write the code.

Own the substrate.

Rent a product. Or own the engine room.

The data layer is the moat.

Embeddings, in your cluster.

A knowledge graph you can extend.

Claude Code, worker or orchestrator.

Artifact store, not chat log.

Interactive or unattended.

Three teams. One platform.

Wakes itself at six. Standup waiting when you do.

Asks before sending. Self-hosted agents you can actually deploy.

Subject: Re: Service issue — we're on it

Closes the books before the controller opens her laptop.

Q2 2026 close · generated 06:01 UTC

Flagged anomalies (3 · total $14.2k)

Next steps for controller

The agent never sees your credentials.

Built on Pods.

Curated by your platform team.

Memory in your cluster.

Agent never sees your secrets.

Runs cheap. Runs yours.

Plugs into the stack you already have.

The software is free. Forever.

Run it yourself.

We install it with you.

Built for teams who'd rather operate it.

We onboard teams one at a time.

Own the substrate. Build the dark factory. Build the dark factory. Ship while you sleep. Build the dark factory. Ship while you sleep. Build the dark factory. Ship while you sleep. Build the dark factory. Ship while you sleep. Build the dark factory. Ship while you sleep.

Rent a product. Or own the engine room.

The data layer is the moat.

Embeddings, in your cluster.

A knowledge graph you can extend.

Claude Code, worker or orchestrator.

Artifact store, not chat log.

Interactive or unattended.

Three teams. One platform.

Wakes itself at six. Standup waiting when you do.

Asks before sending. Self-hosted agents you can actually deploy.

Closes the books before the controller opens her laptop.

The agent never sees your credentials.

Built on Pods.

Curated by your platform team.

Memory in your cluster.

Agent never sees your secrets.

Runs cheap. Runs yours.

Plugs into the stack you already have.

The software is free. Forever.

Run it yourself.

We install it with you.

Built for teams who'd rather operate it.

We onboard teams one at a time.

Own the substrate.