Agent infrastructure
you actually control
Your cloud. Your credentials. Your choice of agent. SAM gives engineering teams the power of parallel AI agents without giving up sovereignty over their infrastructure or data.
Enterprise teams hit the same walls
Compliance blocks adoption
Security teams reject managed agent platforms because code runs on infrastructure the enterprise doesn't control or audit.
Vendor lock-in traps
Choosing one agent platform means your entire team is locked into one LLM provider, one agent, and one vendor's pricing.
Opaque costs
Bundled pricing hides what you're paying for compute vs inference. Finance can't model costs. Engineering can't optimize.
DIY is a full-time job
Building your own agent infrastructure means managing VMs, containers, scheduling, cleanup, and observability from scratch.
Built for teams that need control and speed
Every pillar of SAM's architecture is designed for enterprise requirements without the enterprise overhead.
Your compute, your Cloudflare account, your credentials
Agents run on VMs in your cloud account. Self-hosters deploy the entire control plane to their own Cloudflare account. Credentials are encrypted per-user and never leave your boundary.
Switch agents and LLM providers without switching platforms
Claude Code, Codex, Gemini CLI, Amp, Mistral Vibe, OpenCode. Your teams pick what works for them. Bring your own API keys or use existing enterprise agreements.
Read every line. Fork if you need to. No black boxes.
AGPL-3.0 licensed. Full source available. Security teams can audit the control plane, the VM agent, the credential handling. No vendor trust required.
Pay your cloud provider directly at your negotiated rate
No opaque bundled pricing. Built-in usage dashboards, daily token budgets, and monthly cost caps give finance and engineering managers full visibility.
Run 5 or 500 agents in parallel. SAM handles the rest.
Warm node pooling for fast spinup. Automatic provisioning, scheduling, and cleanup. Every agent gets its own isolated container. Users never share VMs.
One user per VM. One agent per workspace. Hard boundaries.
No multi-tenant VM sharing. OS-level firewalls baked into every node. Short-lived VMs destroyed after idle timeout. Zero persistent attack surface.
Platform policies, agent profiles, full audit trails
Control what agents can do with platform policies. Standardize configurations with agent profiles. Track every session, tool call, and cost across your organization.
SAM vs the alternatives
For teams that need more than a hosted sandbox.
| SAM | Managed Platforms | DIY / Internal | |
|---|---|---|---|
| Agent runs on | Your cloud account | Vendor infrastructure | Your infra (K8s, AWS) |
| Agent choice | Any (Claude, Codex, Gemini, Amp...) | Vendor's agent only | Whatever you build |
| LLM provider | BYO key / existing agreements | Bundled into pricing | BYO key |
| Control plane | Self-hostable (Cloudflare Workers) | Vendor-managed | You build & maintain it |
| Source code | Open source (AGPL-3.0) | Proprietary | Your code |
| Security audit | Full source available | Trust vendor | Your responsibility |
| Cost model | Direct cloud pricing | Opaque bundled | Cloud bill + eng time |
| Setup effort | Deploy to CF + connect cloud | Zero config | Months of eng work |
| VM isolation | One user per VM, OS firewalls | Shared infrastructure | Depends on your setup |
Ready to run multi-agent workflows at scale?
Self-host on Cloudflare's free tier. Bring your own cloud. Your agents, your infrastructure.