Skip to main content
Ona is the platform for running background agents at scale. It provides secure, isolated environments pre-configured with your code, tools, and dependencies — the same environments human developers use. On top of that, Ona runs background agents that write code, fix bugs, run tests, and open pull requests autonomously, triggered by schedules, issues, errors, or messages from your team.

Your code stays in your infrastructure

Ona has a two-plane architecture:
  • Management plane (hosted by Ona) — authentication, organization settings, guardrails, and coordination. This is the dashboard, CLI, and API.
  • Runners (your cloud or Ona Cloud) — provision environments, access source code, inject secrets, and execute agents.
The split is a security boundary. Source code, credentials, and build artifacts are handled by runners — they never reach the management plane. With a runner in your VPC, everything stays in your network. With Ona Cloud, Ona manages the runner infrastructure for you. High-level architecture For the full data flow, see the architecture overview.

Environments

Every task gets its own environment — an isolated VM with dedicated compute, storage, and networking, provisioned from a Dev Container configuration. Dependencies install, services start, and the workspace is ready. With prebuilds, this takes seconds. Environments are ephemeral. Create one from a branch, do the work, discard it. One environment per task means no file conflicts and easy rollback.

Agents

Ona Agent runs inside environments with the same tools a human developer uses. Give it a task — a bug to fix, a feature to build, a test to write — and it works autonomously: reading code, making changes, running tests, iterating on failures, and opening a pull request. Agents are guided by AGENTS.md (your codebase conventions) and skills (reusable prompts your team encodes). Multiple agents run in parallel across different environments and projects.

Automations

Automations turn agents into background workers. Trigger them from Linear issues, Slack messages, Sentry errors, webhooks, or cron schedules. Each automation runs in its own environment with full access to your codebase and integrations. Examples: pick up the top Linear ticket every morning and open a draft PR. Triage new Sentry errors automatically. Scan for CVEs and submit dependency updates. See templates for ready-made workflows.

Guardrails

Agents operate under the same guardrails as human developers. Organization admins control what agents can and cannot do:
  • Command deny list — block risky commands across the organization
  • Veto — kernel-level enforcement that blocks unauthorized executables and detects data exfiltration, below the agent’s reach
  • Audit logs — track every action for compliance and incident response
  • SSO and OIDC — identity integration and short-lived cloud credentials

Next steps