SAM

Simple Agent Manager

An orchestration platform for AI coding agents
built by one human and a swarm of AI agents

Raphaël Titsworth-Morin · Demo Day · March 19, 2026

What is SAM?

A platform that provisions ephemeral cloud VMs,
drops in a devcontainer with your repo,
and lets AI coding agents work autonomously.

Bring Your Own Cloud — you provide Hetzner or Scaleway tokens
Bring Your Own Agent — Claude Code, Codex, or Mistral Vibe
Chat-first UX — talk to agents, fork conversations, dispatch sub-tasks

Think "Devin-style autonomous coding" but self-hosted, multi-cloud, multi-agent, and open.

Architecture

Browser

React + Vite PWA

ACP Client (WebSocket)

Cloudflare Edge

Hono API Worker

Durable Objects

D1 + KV + R2

Cloud VMs (Hetzner / Scaleway)

Go VM Agent

Devcontainer + Repo

Claude / Codex / Vibe

Cloud-init bootstraps VMs → Go agent manages PTY sessions + ACP protocol → Workers proxy everything through Cloudflare's edge

The Numbers

50 days · 1 human · many agents

991

commits (20/day avg)

115K

lines of code (TS + Go)

444

pull requests

feature specs written

~30%

commits by AI agents

post-mortems filed

Jan 27 → Mar 17, 2026 · Peak: 48 commits on Feb 28

SAM Builds SAM

The self-referential development loop

I need a feature
to build SAM faster

→

I build that feature
using SAM

→

Feature ships to SAM
making it better

→

I use improved SAM
to build the next thing

/do workflow — end-to-end autonomous task execution, built because I wanted agents to ship PRs independently
dispatch_task — agent-to-agent delegation, built because one agent couldn't handle a big task alone
Notifications — built because I kept missing when agents finished or got stuck
MCP tools — built so agents could discover project context, manage tasks, ask me questions
Conversation forking — built because I wanted to try different approaches without losing context
Voice input — built because I wanted to give instructions from my phone on the couch

War Story: The Auth Saga

February 7, 2026 — 30 minutes of pain

15:00 fix: add trustedOrigins to BetterAuth for cross-subdomain OAuth
15:06 fix: add BetterAuth required database tables
15:11 fix: add error logging to BetterAuth route handler
15:15 fix: surface BetterAuth empty 500 responses for debugging
15:24 fix: add BetterAuth debug tracing with basePath and onAPIError
15:29 fix: use timestamp_ms mode for BetterAuth D1 compatibility
15:43 chore: remove DEBUG_AUTH tracing now that auth flow works

Root cause: Cloudflare D1 stores timestamps as integers, not ISO strings.
BetterAuth expected strings. Silent 500. No error message. Just... empty responses.

The last commit — removing the debug code — is the most satisfying commit in the repo.

828 Tests Passing

Core Feature Broken

February 28. All CI green. 828 tests passing.
Task execution — the entire point of the platform — didn't work.

What happened: 8 tasks and 7 PRs built on the assumption that
"the VM agent sends the initial prompt to Claude" — because a flow diagram said so.
Nobody checked if the code actually existed. It didn't.

What we learned:
• Component tests prove components work. Only capability tests prove the system works.
• Documentation that says "X happens" without citing a code path is aspirational fiction.
• "I read the code and it looks right" is not verification.

This incident created 3 new permanent rules in our agent instructions.
Now every feature requires a data flow trace citing specific code paths.

The Learning Machine

16 post-mortems → 16 permanent rules

TLS YAML Indentation

One space broke all VM provisioning. Unit tests passed because they used 3-line PEM stubs. Now: parse output, don't grep it.

CORS Origin Fallthrough

Unknown origins got reflected back. Any website could make credentialed requests. Now: origin callbacks must default-deny.

MCP Token Revocation

Revoking a task-scoped token killed the session-scoped MCP connection. Now: verify credential lifecycle matches connection lifecycle.

Scaleway Node Creation

Provider dropdown looked perfect. Submit handler never sent the provider field. Now: trace every UI input to the API call.

Every bug fix requires a post-mortem + a process change.
The rules are the institutional memory — agents read them on every task.

Multi-Cloud, Multi-Agent

Hetzner

EU & US regions
~$0.007/hr for CX22

Scaleway

Paris, Amsterdam, Warsaw
ARM & x86 instances

Your Cloud?

Provider interface is
~100 lines to implement

Claude Code

Anthropic's coding agent
API key or OAuth

OpenAI Codex

OpenAI's coding agent
OAuth token injection

Mistral Vibe

Mistral's coding agent
Python + uv install

BYOC + BYOA — no vendor lock-in on compute or intelligence

What's Next

✓ Shipped: Chat-first UX, task orchestration, multi-cloud, multi-agent, notifications, MCP tools, conversation forking, port forwarding, TTS, voice input, PWA

→ Now: Devcontainer prebuilds for faster startup
→ Now: OIDC federation for zero-credential cloud auth
→ Next: Agent profiles and workflow templates
→ Next: Push notifications for mobile
→ Next: Open-source release

github.com/raphaeltm/simple-agent-manager

Built with Cloudflare Workers · Hetzner · Go · TypeScript · and a lot of AI agents