Building an AI platform is hard. We did it for you.

Open source, self-hosted, tested with Fortune 50s.

01 / 09 · Agentic Chat

For non-developers too

While developers use Claude Code (more about it later), the chat is for everyone else: support, sales, accounting, HR. People sign in with SSO — Entra ID, Okta, any OIDC provider. Every tool call runs under that person’s own identity. No shared service accounts.
AI is a democratic tool here. Everyone uses it. If you’re an HR, you should also be able to connect to it and use it.
Platform architect, 10,000-person mobile gaming company
02 / 09 · Apps & Skills

The chat window becomes the UI

A skill is a folder with instructions and scripts. Same format Claude Code and Codex use, so skills move in both directions.

Apps render real UI inside the conversation — dashboards, boards, forms. Both start personal. Making one team- or org-wide is a reviewed promotion step.

Sorry, I just built my first MCP app… it actually renders metrics in the UI.
Infrastructure engineer, Fortune 50 company
03 / 09 · Projects

Shared context, not sixty private chats

A project holds everything for one goal: chats, files, scheduled tasks, instructions. Files an agent writes persist across chats and runs. Scheduled tasks save output to the same place. Sharing follows the platform’s permission model, re-checked on every file operation.
Could we have one chat with the same team members that is also interacting with an agent — bringing in multiple people from that team?
Platform lead, Fortune 50 company
04 / 09 · Agent Runtime

Someone built a great agent. Now ship it to 1,000 people.

Agents run server-side, in sandboxed containers with their own filesystem. Nothing executes on users’ machines. A run starts from a schedule, an email, or a webhook. Agents, skills, and hooks built in Claude Code migrate over. Per-user execution and cost limits cap how hard an agent can hit downstream systems.
Another team took down Jira for two days because their agent is just beating the crap out of it.
Platform team, Fortune 50 company
05 / 09 · MCP Orchestrator

MCP servers in K8S, behind an approval flow

MCP servers run as containers in your own Kubernetes. They publish to one catalog. Anyone can submit a server; security reviews and approves it. Promotion from dev to staging to production is a human gate. Each environment has its own credentials and network egress policy. No tokens pasted into env vars.
When any kind of user can start adding MCP, it goes to review, to security, they approve it, and then automatically it’s added for your usage or for team usage.
Developer Experience PM, 10,000-person mobile gaming company
06 / 09 · RAG

RAG, but with source system’s permissions

Connect Confluence, Jira, drives, and internal docs into knowledge bases. Documents are indexed together with their ACLs. A query returns only what that user could already open in the source system. Embeddings sit in pgvector, in your own Postgres. Nothing leaves your infrastructure.
We don’t want to just give people blanket access to ERP data.
IT & support lead, networking hardware company
07 / 09 · LLM & MCP Proxies

Gateway manages secrets

One OpenAI-compatible endpoint in front of Azure OpenAI, Vertex, Anthropic, and self-hosted models. Users get virtual keys; real provider keys never leave the vault. Every token is attributed to a person. The MCP gateway handles the OAuth that breaks everywhere else — dynamic client registration, on-behalf-of token exchange. Tools load on demand: a 70-tool Jira server costs ~600 context tokens, not ~60,000.
People are saying, hey, we need to somehow distribute this singular API key to 1,000 people so they can just use this endpoint.
Senior Director of Tools & Infrastructure, Fortune 500 game studio
08 / 09 · Security & Guardrails

Static guardrails preventing data exfiltration

When a tool call returns sensitive data, the conversation is marked tainted. Tools that could leak it switch off — email, web requests — for the rest of that conversation. Enforced at the proxy, deterministically. Not requested in a system prompt. You define the configuration.
I’m already sweating right now. That’s a dangerous combo, right?
Senior Director, watching an agent hold a salary tool and an email tool at once
09 / 09 · Observability & Cost Tracking

Every token, tool call, and dollar — attributed

Every request is traced: prompt, tool calls, tokens, cost. Every trace is attributed to a person, a team, and an agent. Traces export over OpenTelemetry to the Grafana or Splunk you already run. Budgets and per-user limits cap runaway spend. Each person sees their own usage.
I really liked that thing that shows costs per request. That’s just top-tier.
Head of Engineering, 200-person software company
Santiago Barclay

“We came across Archestra while searching for an infrastructure layer to scale and secure our internal agents. From our very first interactions, the energy, depth of knowledge, and speed of the Archestra team made the potential obvious. Archestra stood out for the team's security-first mindset, its open-source nature, an intuitive UI, and a deployment experience that just works.”

Santiago BarclayHead of Cybersecurity at Akua, payments infrastructure for Latin America

Quick Start

#Requires: Docker
$docker pull archestra/platform:latest
$
docker run -p 9000:9000 -p 3000:3000 \ -e ARCHESTRA_QUICKSTART=true \ -e ARCHESTRA_BETA=true \ -v /var/run/docker.sock:/var/run/docker.sock \ -v archestra-postgres-data:/var/lib/postgresql/data \ -v archestra-app-data:/app/data \ archestra/platform
#Full guide: Deployment Guide

Contributors

Thank you for contributing and continuously making Archestra better, you're awesome 🫶

Contributors