Security & trust
Servers for agents you can trust in production
Agents write and run real code on your behalf, so the boundaries matter. Here's exactly how Server4Agent isolates workloads, protects your secrets, and keeps you in control — and an honest view of what's live today versus on the roadmap.
Security model
Every server runs in an isolated environment so one workload can't reach another's files, processes, or network. A hard budget cap on each server bounds the blast radius: an agent literally cannot spend past the ceiling you set.
- Per-server isolation for untrusted, agent-generated code
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Un-overspendable budget caps limit blast radius
Private deployments
New projects are private by default. A project's public URL only serves traffic once you flip its visibility to public — and the slug and URL stay stable across toggles, so a private project never leaks at a guessable address.
- Private-by-default visibility on every new project
- Public URL serves nothing until you opt in
- Toggle public ⇄ private without changing the URL
Secrets handling
API keys, tokens, and connection strings live in an encrypted secrets vault, injected into your server's environment at run time — never baked into code or build artifacts. Vault values are encrypted at rest with keys you don't share with us.
- Encrypted vault, values encrypted at rest (AES-256)
- Injected as environment variables at run time
- Per-project and per-server scoping
Auth & access
Humans sign in with a password-backed account; agents and scripts authenticate with scoped, revocable API keys sent as a bearer token. Each key is independently revocable, so rotating or cutting off access is instant.
- Password accounts for people, bearer API keys for agents
- Keys are scoped and individually revocable
- Team roles (RBAC) and SSO are on the roadmap
Logs & observability
A structured activity log records lifecycle events — servers and projects created, deployed, attached, and deleted — so there's a clear trail of what your agents did and when. Server logs and usage metrics are queryable while they're retained.
- Activity feed of server and project lifecycle events
- Per-run output and usage visible in the dashboard
- Streaming/exportable log drains are on the roadmap
Data retention
Account data is retained while your account is active. Server logs and usage metrics are kept for 30 days, then deleted or anonymised. You can request export or deletion of your data at any time, subject to legal retention obligations.
- Logs & metrics: 30-day retention, then deleted/anonymised
- Request export or deletion on demand
- Details in our privacy policy
Enterprise controls
On the Scale plan you can bring your own cloud: we deploy into your account and you keep the keys, so data and compute stay in infrastructure you own and govern. Reach out for a deeper review of your requirements.
- Bring-your-own-cloud on Scale — your account, your keys
- Direct line for security and procurement reviews
- SSO, RBAC, and audit export are on the roadmap
Custom domains
Today every public project ships to its own subdomain at apps.server4agent.com with managed TLS. Bringing your own domain — your-app.com pointed at a project, with certificates handled for you — is planned.
- Available now: per-project subdomain with managed TLS
- Planned: bring-your-own custom domain + auto certificates
GitHub export & sync
You already have full shell and file access to everything an agent builds, so code is never locked in. First-class GitHub export — push a project to a repo and keep it in sync — is planned.
- Available now: full file + shell access to all generated code
- Planned: one-click export and ongoing repo sync
Uptime & SLA
We run on a managed compute substrate and monitor availability, but we don't yet publish a contractual uptime SLA. A formal SLA for production and enterprise tiers is on the roadmap; talk to us if you need commitments today.
- Available now: monitored, managed compute substrate
- Planned: published uptime SLA for higher tiers
Have a security or compliance question?
For procurement reviews, bring-your-own-cloud, or anything not covered above, talk to us. See also our privacy policy for how we handle your data.