{"slug": "show-hn-hezo-self-hosted-teams-of-ai-agents-that-never-see-your-real-secrets", "title": "Show HN: Hezo – Self-hosted teams of AI agents that never see your real secrets", "summary": "Hezo, a self-hosted platform for teams of AI agents, launches to let users manage autonomous agents without exposing secrets. The system encrypts keys with AES-256-GCM, sandboxes agents in Docker containers, and substitutes secrets at the network edge. Users can bring their own AI models and set hard budget caps per agent and project.", "body_md": "# A whole AI workforce.\n\nAnd you're the boss.\n\nHezo hires AI agents, runs them, and ships their work — without ever handing them your keys.\n\n## Three moves to a working team.\n\n### Create a project\n\nDescribe the work to the CEO. It scopes the project and provisions a team — each in its own container.\n\n### Set the direction\n\nLay out the project plan, then hire or customize agents, tune their prompts, and give any agent **its own model**.\n\n### Approve and run\n\nAgents work **autonomously on a heartbeat**. You watch live, approve sensitive actions, cap the spend, and **change direction any time**.\n\n## Chat with the CEO. The Coach does the rest.\n\n**Market Research** team: one researcher and one analyst, sharing your Claude key. They'll start with positioning and pricing\n\n#### CEO Your point of contact\n\nThe CEO sees every project, ticket, and roster. Ask how things are going or tell it to hire a role — replies **stream back live**, and anything consequential returns as an **approval**.\n\n#### COACH Teams that improve every ship\n\nWhen a ticket completes, the Coach reviews it and writes durable **learned rules** back onto the agent. The same mistake doesn't happen twice — no prompt-tuning by hand.\n\n## Agents never hold your secrets.\n\n**api.stripe.com**→ swap in the real key\n\n#### AES-256-GCM Encrypted at rest\n\nKeys and tokens sit behind a master key that lives in memory only, never on disk. Hezo can't unlock itself without you.\n\n#### DOCKER Sandboxed\n\nEvery agent runs in a per-project container — no host access, all traffic through the proxy. A bad run's blast radius is one box.\n\n#### SELF-HOSTED Yours\n\nYou own the machine, the keys, the spend, and the data. Git commits are signed host-side with your project key.\n\n## Bring your own providers. Mix freely.\n\n## Everything a team of agents needs to ship.\n\n**Secret substitution** at the egress proxy — placeholders in, real keys swapped in only for allowed hosts.**Encrypted at rest**(AES-256-GCM) behind one master key only you hold.** Per-project Docker isolation**, with all agent traffic forced through the proxy.** Verified git commits**, signed host-side with your project key.- An\n**append-only audit trail** of every action and secret use.\n\n- An\n**org chart of roles**— CEO, Coach, Captain, and workers — that coordinate. - A\n**task board** with per-task rules and an agent-maintained progress summary. **Heartbeat execution**: agents wake on a schedule to pick up work, gated by budget.** Multiple projects**, each an independent team in its own container.\n\n**Bring your own providers**; mix models freely, down to one per agent.** Hard budget caps**— daily, weekly, monthly — per agent and per project.- Agents\n**pause** when a window is exhausted and resume when it rolls over.\n\n**Long-term memory**— the CEO remembers your standing preferences across every conversation.** Durable project documents**— PRDs, specs, and research, kept with full version history.- Work\n**carries cleanly across runs** instead of evaporating between sessions.\n\n**Bring references in**— upload mockups, images, and PDFs for the team to work from.- Agents produce\n**interactive HTML & SVG deliverables**, not just text. **Preview their work in-app** on any device, as it's built.\n\n- A\n**mobile-first web app**— oversee, chat, and approve from any device. **MCP in and out**— a built-in server so any client can drive your teams, plus external MCP servers that give agents the tools you already use.- One\n**self-contained binary**: web app, API, realtime, database, and vault.\n\n## Not tabs. Not someone else's cloud.\n\n## Questions, answered.\n\n## Do I need to host my own models?+\n\n[providers](/docs/ai-models/)you want. Hezo runs the agents; the models stay with them.\n\n## Can agents see my API keys?+\n\n[placeholders](/docs/security/secret-protection/); the real value is substituted at the network edge, only for hosts you've allowed.\n\n## Is my data sent anywhere?+\n\n[self-hosted](/docs/deployment/self-hosting/). Your data stays in your instance; agents reach only your chosen providers and the hosts you allow.\n\n## Can I run multiple projects?+\n\n[team](/docs/concepts/projects-and-teams/)and\n\n[isolated container](/docs/security/container-isolation/).\n\n## How are agents kept from running up a huge bill?+\n\n[budgets](/docs/concepts/budgets-and-costs/)per agent and project; agents pause when a window is exhausted and resume when it rolls over.\n\n## Up and running\n\nin one command.\n\n```\ncurl -fsSL https://hezo.ai/install.sh | sh\n```\n\n[Your first project →](/docs/getting-started/first-project/)", "url": "https://wpnews.pro/news/show-hn-hezo-self-hosted-teams-of-ai-agents-that-never-see-your-real-secrets", "canonical_source": "https://hezo.ai", "published_at": "2026-06-25 04:50:17+00:00", "updated_at": "2026-06-25 05:14:10.613631+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "ai-infrastructure", "ai-tools", "ai-startups"], "entities": ["Hezo", "Claude", "Stripe", "Docker"], "alternates": {"html": "https://wpnews.pro/news/show-hn-hezo-self-hosted-teams-of-ai-agents-that-never-see-your-real-secrets", "markdown": "https://wpnews.pro/news/show-hn-hezo-self-hosted-teams-of-ai-agents-that-never-see-your-real-secrets.md", "text": "https://wpnews.pro/news/show-hn-hezo-self-hosted-teams-of-ai-agents-that-never-see-your-real-secrets.txt", "jsonld": "https://wpnews.pro/news/show-hn-hezo-self-hosted-teams-of-ai-agents-that-never-see-your-real-secrets.jsonld"}}