Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/kortix-ai/suna

The Company AI Command Center
https://github.com/kortix-ai/suna

ai ai-agents llm

Last synced: about 11 hours ago
JSON representation

The Company AI Command Center

Awesome Lists containing this project

README 

          



Kortix



# Kortix



**The AI command center for your company**



**One repo. One config. A workforce of AI agents that does the real work โ€” and everything is code you own.**



[![GitHub stars](https://img.shields.io/github/stars/kortix-ai/suna?style=flat&color=111111&label=Stars)](https://github.com/kortix-ai/suna/stargazers)

[![Version](https://img.shields.io/badge/version-0.9.5-111111.svg)](VERSION)

[![Docs](https://img.shields.io/badge/Docs-kortix.com%2Fdocs-111111.svg)](https://kortix.com/docs)

[![PRs welcome](https://img.shields.io/badge/PRs-welcome-111111.svg)](#contributing)



[Website](https://kortix.com) ยท [Documentation](https://kortix.com/docs) ยท [Cloud](https://kortix.com) ยท [Manifesto](MANIFESTO.md)







The Kortix command center






---



## Quickstart



Three commands. Build your company like a codebase, then bring it live.



```bash

# 1 ยท Install the CLI

curl -fsSL https://kortix.com/install | bash



# 2 ยท Scaffold a project โ€” creates kortix.toml + your agents, skills and runtime config

kortix init



# 3 ยท Ship it โ€” pushes your repo and brings the whole thing live in the cloud

kortix ship

```



That's the loop. From here:



```bash

kortix sessions new --prompt "Summarize this week's commits and open a change request"

kortix cr ls          # review what an agent proposes โ€” merge to keep it

kortix chat           # talk to a session's agent from your terminal

```



Prefer zero setup? Sign up at **[kortix.com](https://kortix.com)**, create a project, and start a session โ€” nothing to install. Full command surface: **[CLI reference](https://kortix.com/docs/reference/cli)**.



---



## A company is going to be a git repository



Not as a metaphor โ€” literally something you can clone. Inside it: your agents, the skills they've built up, the way the work actually gets done, every fact the company has learned, and the definition of the machines it all runs on. **Versioned. Diffable. Owned outright.** Running on its own around the clock, opening pull requests against itself, getting better at being your company while everyone's asleep.



Most AI tools give you a chat box. Kortix gives you a **command center** โ€” one place where your agents, skills, integrations, automations and memory all live, and a workforce of agents that produces real output (decks, reports, code, replies, deployed work), not just chat. It feels as simple as a chat app. Underneath, everything is code you own.



```

project  (git repo + kortix.toml)

   โ””โ”€ session โ”€โ”€> isolated cloud sandbox on a branch named after the session

                     โ””โ”€ agent (OpenCode) works, commits, pushes

                           โ””โ”€ change request โ”€โ”€> you review & merge โ”€โ”€> main

```



- Every **session** runs in its own disposable Linux sandbox on its own branch โ€” the agent can install, run and break anything; only what it commits survives.

- Work reaches `main` only through a **change request** you approve, so the company self-improves one reviewed change at a time.

- Run **thousands of agents in parallel** on the same config, each fully isolated, each feeding work back through change requests.



---



## What's in the command center



| | |

| --- | --- |

| **Agents** | Markdown personas with a scoped reach into tools โ€” one per role or task. Installable in a click, able to rewrite themselves. |

| **Skills** | Reusable know-how that encodes how your company does a job. Written once, shared into every session. |

| **Connectors** | 3,000+ apps in a click โ€” plus MCP, OpenAPI, GraphQL and raw HTTP โ€” brokered server-side through one scoped token. |

| **Secrets** | Encrypted, scoped per person and group, injected into sandboxes at runtime, never exposed to the model or logs. |

| **Channels** | Slack and chat surfaces โ€” one click stands up a bot that starts sessions where your team already works. |

| **Triggers** | Cron and signed webhooks that spawn sessions automatically โ€” every morning, or the instant something happens. |

| **Memory** | A living company brain โ€” plain files today, a system that compounds what it learns over time. |



Work runs three ways: **on-demand** (ask in chat, get it now), **human-assisted** (the agent works and checks in for the calls that matter), and **automated** (runs on a schedule or trigger, end to end).



---



### [`apps/web/`](apps/web/) โ€” Dashboard & marketing



- **Open & yours.** Open source and self-hostable โ€” your data, your models, your infrastructure. No lock-in, fully auditable.

- **A workforce, not one assistant.** Org-scale specialist agents that run in parallel and compound a shared memory.

- **Real work, not chat.** Agents run on real computers and return finished deliverables โ€” and take real actions in your tools.

- **Everything is code.** Versioned, reviewable, portable, governable โ€” never a black box. `grep` your entire company.

- **Bring your own models.** Any provider, your own keys โ€” or the ChatGPT, Claude, or Cursor subscription you already pay for.



---



## Self-host



Kortix runs on your own infrastructure โ€” laptop, VPS, your VPC, or fully air-gapped. Start a production-style local instance from Docker images, then switch the CLI between Cloud and your own hosts:



```bash

kortix self-host start

kortix hosts use local     # โ†”  kortix hosts use cloud

```



The first interactive setup asks only for the integration credentials that unlock managed git, GitHub access, and Pipedream connectors โ€” ports, local URLs, keys and Docker Compose defaults are generated for you.



Managed hosting is **[Kortix Cloud](https://kortix.com)**.



---



## Enterprise & security



Built to survive a security review, not slip past one: microVM isolation ยท members, groups & roles that match your org ยท per-resource permissions for people **and** agents ยท a secrets manager (encrypted, injected at runtime, never exposed) ยท a full audit trail ยท human approval gates on sensitive actions ยท on-prem, VPC, or air-gapped deployment.



---



## Contributing



- **Open & yours.** Source-available and self-hostable โ€” your data, your models, your infrastructure. No lock-in, fully auditable.

- **A workforce, not one assistant.** Org-scale specialist agents that run in parallel and compound a shared memory.

- **Real work, not chat.** Agents run on real computers and return finished deliverables โ€” and take real actions in your tools.

- **Everything is code.** Versioned, reviewable, portable, governable โ€” never a black box.



```bash

pnpm install

pnpm dev            # web + API (scripts/dev-local.sh)

pnpm dev:web        # web app only

pnpm dev:api        # API only

pnpm dev:sandbox    # build the local sandbox image

pnpm build          # build all packages

pnpm nuke           # tear down the local Docker environment

```



#### Secrets



API secrets live in **`apps/api/.env`, encrypted with [dotenvx](https://dotenvx.com)** and committed to the repo โ€” the ciphertext is safe in git; only the private decryption key is secret. To run locally you need that key, which we keep off-device in **[Dotenv Armor](https://dotenvx.com/armor)**:



```bash

curl -sfS https://dotenvx.sh/armor | sh   # one-time install

dotenvx-armor login                        # grants this machine decryption

pnpm dev                                   # dev-local.sh decrypts apps/api/.env on boot

```



Four encrypted environments for local dev, one file each (each with its own keypair in `apps/api/.env.keys`):



| Run | Env | File | API backend |

| --- | --- | --- | --- |

| `pnpm dev` | local | `apps/api/.env` | 100% local stack (local Supabase, test Stripe) + web + tunnel |

| `pnpm dev:dev-env` | dev | `apps/api/.env.dev` | dev stack โ€” dev DB, test Stripe, dev keys |

| `pnpm dev:staging-env` | staging | `apps/api/.env.staging` | staging stack โ€” staging DB, test Stripe, staging keys |

| `pnpm dev:prod-env` | prod | `apps/api/.env.prod` | prod stack โ€” prod DB, **LIVE** Stripe |



Verify all four decrypt + are separated: `pnpm test:envs`. Add/rotate a secret: `pnpm dlx @dotenvx/dotenvx set KEY value -f apps/api/.env[.dev|.staging|.prod]`, then commit. The env-specific run scripts use `dotenvx run --overload` so the selected profile wins over exported local cloud credentials.



These files are for **local development only**. The deployed **production** infra loads its real env from **AWS Secrets Manager** at runtime โ€” `apps/api/.env.prod` is just for running locally against the prod backend and does not affect what prod runs. `apps/web` has the **same four encrypted profiles** (`apps/web/.env` / `.env.dev` / `.env.staging` / `.env.prod`, mostly public `NEXT_PUBLIC_*`). Only `supabase/.env` (local Supabase CLI) stays a plain gitignored file.



CI doesn't need any of these today (builds use placeholders, and the `secret-scan` workflow allowlists the encrypted file via `.gitleaks.toml`). If a future job needs real values, add the dotenvx private key as a single `DOTENV_PRIVATE_KEY` GitHub Actions secret and prefix the step with `dotenvx run -- โ€ฆ` โ€” it decrypts `apps/api/.env` in memory, no other secrets required.



Apps live under `apps/` (`web`, `api`, `cli`, `desktop`, `mobile`, `sandbox`); documentation source is in `apps/web/content/docs`. The whole platform ships under one version (root `VERSION`) โ€” API, frontend, CLI and desktop release together as `vX.Y.Z`. Issues and pull requests are welcome.



---








We're building the thing that takes a company from human to AGI โ€” and lets it keep every byte of itself on the way there.





kortix.com