shield Open Source · Secure by Default, Open by Policy

Hardened, Secure-by-Default AI Agent Infrastructure.

Deploy AI agents from your laptop to production cloud with the same tools and the same security policy at every stage. CongaLine is open-source infrastructure for anyone who needs to self-host autonomous agents without compromising on security. First supported agent platform: OpenClaw.

VIEW ON GITHUB arrow_forward

SECURITY_ENFORCEMENT MODE: ZERO-INGRESS

lock Container Isolated · No Open Ports

Defense in Depth

Security at Every Layer.

deployed_code

Per-Agent Container Isolation

Every agent gets its own container, its own network, and its own secrets. Agents can't see or talk to each other. The container runtime is locked down — read-only filesystem, no privilege escalation, and dangerous system calls are blocked automatically.

Isolated Networks Read-Only FS no-new-privileges

shield_lock

Zero Inbound Ingress

Nothing gets in unless you say so. No open ports, no SSH in production. Access is authenticated, auditable, and locked to localhost on every provider.

VIEW SECURITY DOCS arrow_outward

lock_reset

Immutable Configurations

Security configuration is enforced at three layers — filesystem, kernel, and container runtime. Even a compromised agent cannot modify its own security boundaries.

ENFORCEMENT: 3-LAYER PROTECTION

description

Portable Security Policy

Write your security rules once in a single YAML file. The same policy travels with your agents from local dev to staging to production — what you test is what you ship. Run conga policy validate to see exactly what's enforced.

conga-policy.yaml Egress Rules Routing

filter_alt

Egress Domain Allowlisting

Control exactly which domains each agent can reach. Outbound traffic is filtered at both the proxy and network layers. Start fully locked down, use validate mode to build your allowlist, then enforce it.

Envoy Proxy iptables Per-Agent

key

Secrets Injection

API keys and credentials are injected at boot and never touch disk, logs, or container images. Each provider uses the strongest secrets backend available — from encrypted cloud storage to permission-locked local files.

# container security constraints

read_only_rootfs: true

no_new_privileges: true

user: "1000:1000"

cap_drop: ["ALL"]

secrets: "env-injected"

Zero-Trust Agent Architecture

Controls That Work Even Under Prompt Injection

vpn_key

Encrypted Storage & Controlled Egress

Data is encrypted at rest. Outbound traffic is restricted to HTTPS and filtered by domain according to your policy.

policy

IAM Least Privilege

Cloud permissions are scoped to the minimum required. Dangerous actions are explicitly denied — agents can only access their own secrets, nothing more.

memory

Cloud Metadata Protection

Agents can't access host credentials or cloud metadata. Container isolation and provider-level controls block common escalation paths like SSRF.

troubleshoot

Integrity Monitoring

Configuration is continuously verified for tampering. If anything drifts from the expected state, you'll know — with full audit trails on cloud providers.

Deploy

Three Deployment Modes

Define your environment in YAML, bootstrap in under two minutes. Same CLI, same policy file, escalating security enforcement. Local is free, a VPS runs ~$5/month, AWS ~$13/month.

1 Local Docker for development
2 Remote SSH for VPS / bare metal
3 Hardened AWS with zero-ingress

bootstrap.yaml

1 apiVersion: conga.dev/v1alpha1

2 kind: Environment

3 provider: local

5 agents:

6 - name: atlas

7 type: user

8 secrets:

9 ANTHROPIC_API_KEY: $ANTHROPIC_API_KEY

11 policy:

12 egress:

13 mode: enforce

14 allowed_domains:

15 - api.anthropic.com

16 - github.com

17 - *.slack.com

$ conga bootstrap manifest.yaml --env .env

verified_user Environment bootstrapped in 1m 48s. 1 agent running. Egress enforced.

Ready to join the line?

Open-source, hardened infrastructure for self-hosted AI agents. Same policy from laptop to production cloud.

GO TO GITHUB REPO

Terraform Docker Envoy Go CLI