Skip to main content
AIDiveForge AIDiveForge
Visit Hezo

Get This Tool

License: License: unverified
Local-run terms: Run the self-contained binary or Docker containers on owned hardware with user-provided model keys.

Share This Tool

Compare This Tool
📋 Embed this tool on your site

Copy this code to embed a compact tool card:

Hezo

FreeOpen SourceAPISelf-HostedAgentic

Summary

Give an AI agent your API keys and it will eventually use them somewhere you didn't intend — that's the failure mode Hezo is built around.

Hezo runs a hierarchy of agents — CEO, Coach, Captain, workers — each isolated in its own Docker container, with your secrets never passed directly into agent context. Instead, an egress proxy swaps placeholders for real credentials only when the destination host matches an allowed list, and every substitution lands in an append-only audit log. The Coach agent reviews completed work and writes learned rules back onto workers, so repeated mistakes get corrected without you editing prompts by hand. The ceiling appears when you need agents to hit destinations outside the allowed-host list, or when your workflow requires branching logic the org-chart model doesn't express — at that point you're editing configuration that the docs describe but don't walk you through in depth.

Bottom line: Pick this when your team needs self-hosted agent execution with hard budget caps and secret isolation; plan a different architecture when your workflows require dynamic egress to arbitrary hosts or complex conditional branching the fixed org-chart cannot accommodate.

Community Performance Report Card

No community ratings yet. Be the first to rate this tool!

Best For: Users wanting full control over AI agent infrastructure, Teams needing budget controls and audit logs, Self-hosted environments without cloud dependency

Community Benchmarks Community

No community benchmarks yet. Be the first to share a real-world data point.

  • Secrets never enter agent context — an egress proxy holds and substitutes credentials per allowed host — so a compromised or misbehaving agent cannot exfiltrate your API keys.
  • Hard budget caps at the per-agent and per-project level, so a runaway agent stops spending at a threshold you set rather than draining your provider balance overnight.
  • The Coach agent writes learned rules back onto workers after each completed ticket, which means repeated errors self-correct without you manually editing prompts between runs.
  • Each project runs in its own Docker container with all traffic forced through the proxy, so a bad run's damage is contained to one box and doesn't touch other projects or the host.
  • Provider-agnostic model assignment down to the individual agent, so you can route expensive tasks to a capable model and routine tasks to a cheaper one without restructuring the workflow.
  • The egress proxy blocks requests to any host not on your allowed list — which is the security guarantee — but if an agent's task requires hitting an API you haven't pre-registered, the request fails silently from the agent's perspective, and you're editing proxy configuration to unblock it rather than continuing the work.
  • The org chart is fixed at four tiers: CEO, Coach, Captain, workers. Workflows that need dynamic role creation, peer-to-peer agent coordination outside the hierarchy, or branching logic based on what a prior step returned don't map cleanly to this model — teams with those requirements move to a framework that exposes a programmable graph, such as LangGraph or a custom orchestration layer.
  • The docs describe configuration but community reports suggest limited depth on edge cases — teams standing this up in a production environment with non-standard network topologies or custom secret backends are largely on their own until the community around the project matures.

Community Reviews

No reviews yet. Be the first to share your experience.

About

Platforms
Self-hosted (Docker, binary)
API Available
Yes
Self-Hosted
Yes
Last Updated
2026-06-25T18:24:19.707Z

Best For

Who it's for

  • Users wanting full control over AI agent infrastructure
  • Teams needing budget controls and audit logs
  • Self-hosted environments without cloud dependency

What it does well

  • Market research teams
  • Competitor analysis projects
  • Autonomous task execution with approvals
  • Self-improving agent workflows

Integrations

Anthropic ClaudeOpenAIGoogle GeminiKimiDeepSeekZ.aiOpenRouterMCP

Discussion Community

No discussion yet. Sign in to start the conversation.

Spotted incorrect or missing data? Join our community of contributors.

Sign Up to Contribute

Community Notes & Tips Community

Be the first to contribute. General notes, observations, gotchas, and tips from people who use this tool day-to-day.

Frequently Asked Questions

Is Hezo free?
Yes — Hezo is fully free to use. There is no paid tier.
Is Hezo open source?
Yes. Hezo is open source.
Does Hezo have an API?
Yes. Hezo exposes a developer API. See the official documentation at https://hezo.ai for details.
Can I self-host Hezo?
Yes. Hezo supports self-hosting on your own infrastructure.
What platforms does Hezo support?
Hezo is available on: Self-hosted (Docker, binary).

Hours Saved & ROI Stories Community

Be the first to contribute. Concrete time/cost savings, with context. e.g. "Cut my code review backlog from 4h to 45m per week."

Hezo

Most self-hosted agent frameworks hand you a blank canvas and leave secrets management as an exercise for the reader. Hezo ships as a single binary — installed via curl — and provisions a structured org chart: a CEO agent that scopes projects, a Coach that reviews completed work, Captains that coordinate, and workers that execute. You describe the work to the CEO in plain conversation, it provisions a team in isolated Docker containers, and agents execute on a heartbeat schedule, pausing at budget thresholds and surfacing sensitive actions for your approval before proceeding.

The security architecture is the differentiating feature. Agents see only placeholder tokens in their context — `__HEZO_SECRET_STRIPE__` instead of the real key. An egress proxy intercepts outbound requests and substitutes the real credential only when the destination host matches an allowed list; any other destination is blocked. Keys are encrypted at rest with AES-256-GCM behind a master key that lives in memory only. Git commits are signed host-side with your project key. The vendor states the system cannot unlock itself without you present — which matters if your threat model includes a compromised agent trying to exfiltrate credentials.

Hezo fits teams that need budget-controlled, auditable agent execution on their own infrastructure without building the security layer themselves — market research pipelines, competitor analysis runs, or any recurring task where you want agents working autonomously but need a clear record of what they touched and what they spent. The org-chart model is fixed: CEO, Coach, Captain, workers. Teams whose workflows require dynamic role creation or multi-step conditional branching that doesn’t map to this hierarchy will find the model constraining before the work is done.

The tool supports Anthropic, OpenAI, Google, Kimi, DeepSeek, Z.ai, and OpenRouter as model providers, with per-agent model assignment — so you can run a cheap model on the worker doing first-pass research and a capable model on the CEO coordinating the project. Budget caps can be set daily, weekly, or monthly, per agent and per project; agents pause when a window is exhausted rather than running over.