Your host. Your keys. Your repo.
Fragua is the opposite of a done-for-you platform. It's opinionated, Rails-deep, and self-serve — agents run on a host you manage, with your own credentials, and we never sit between you and your provider. The orchestration is ours; the keys, the code, and the repository stay yours.
A control plane you watch. A host you control.
Fragua is built around a two-plane split. The orchestration and observability live in the Fragua web app; the agents — and the credentials they use — live on a host you run. The goal is simple: you stay in control of your access and your AI.
The control plane — orchestration, the live timeline, cost roll-ups, the audit trail. Run it as managed SaaS or on-premises, whichever your security posture needs.
A host you manage, carrying your GitHub access and your Claude credentials. Every agent runs here, against your repositories — your keys and code never leave it.
A program on your host coordinates with the web app: it picks up the work, runs it locally, and streams back the events and cost. The web app directs; your host executes.
One line, the whole point: Fragua coordinates the work, but your access and your AI stay on infrastructure you own.
We never sit between you and your AI provider.
Agents run through the provider's own CLI on your host, using the credentials already configured there. Fragua orchestrates the run and parses the usage — it never carries your AI traffic.
Your AI calls go straight from your host to your provider. Fragua is not in the path.
Fragua never holds your AI key. The CLI reads the credentials on your host; there's nothing for us to leak.
Every token is billed directly to your provider account. We can't see your bill or charge you for usage.
Agents execute on a host you manage, in its working directory — your code and credentials stay there. Only the run's events and cost flow to the web app for observability.
Pushes and pull requests use your own access.
When an agent commits work, pushes a branch, and opens a pull request, it does so through the GitHub access already present on your host — your gh and git credentials. Fragua doesn't hold a persistent token to your repositories.
The code stays in your repositories the whole time. Every network step soft-fails: if a push or a PR can't complete, the committed work stays safely on disk in its worktree rather than disappearing.
Each feature runs in its own git worktree on its own branch — work on different features never overlaps.
Agents run in a directory outside the Rails app, sharded per account and workspace — never inside Fragua's own tree.
The agent process is launched with Fragua's own Bundler context scrubbed, so it runs against your project's toolchain, not ours.
A scoped callback token — never your AI key.
When an agent needs workspace context — like the Knowledge Base — it calls Fragua's own API with a per-user token that's stored hashed, scoped to that user, and revocable at any time. It's a Fragua-internal credential: it never touches your AI provider, and it carries none of your code or keys.
Self-serve, on your terms.
Fragua is in private beta. A human reads every access request before a seat opens.