Help CenterNairi API
Deploying Agents

Where and how your agent runs

Pick between managed and self-hosted runtimes, and understand how scale works on Nairi.

Every Nairi agent runs inside a container. Where that container lives is your choice.

Two runtime options

Managed (default)

Nairi runs the container on our infrastructure. You don't think about hosts, updates, or process supervision.

What you get:

  • Automatic updates to nairid, Claude Code, and the rest of the toolchain.
  • Credential isolation by default. The secret proxy and mcp-proxy sidecars sit between the agent and the outside world. Vault secrets are swapped in only on outbound HTTPS calls to allowed domains — the agent's process never sees the plaintext. MCP server credentials live entirely on the mcp-proxy side; the agent only ever sees the MCP's tool surface, not the API keys or connection strings behind it. A compromised prompt, a buggy skill, or a hijacked subprocess can't read what isn't in scope.
  • Logs and crash recovery handled by us.

This is what every plan defaults to. Pick this unless you have a specific reason not to.

Self-hosted

You run nairid yourself, on your own machine, VM, or container. Nairi's backend still orchestrates jobs (Slack/Discord events, scheduled jobs, API calls), but the actual work happens on your hardware.

Reasons to self-host:

  • Data residency or compliance. Source code and tool output never leave your infrastructure.
  • Private network access. The agent needs to reach an internal database, VPN-only API, or a service that isn't on the public internet.
  • Run your own LLM. Point the agent at a model you host yourself — Ollama, LM Studio, vLLM, llama.cpp, or any OpenAI-compatible endpoint. Inference stays entirely on your hardware; no prompt or tool output is sent to Anthropic, OpenAI, or any third-party provider. This is the only configuration where the model itself runs on your infrastructure. Use the OpenCode CLI (--agent opencode) with --model <your-provider>/<your-model> and point OpenCode at your local endpoint.
  • Custom hardware. GPU-backed runtimes, larger disks, or specific CPU SKUs.
  • Free, unlimited self-hosted agents on every plan. You bring the compute, you keep the savings.

Self-hosting requires you to install and supervise nairid, keep dependencies up to date, and handle credential injection yourself. There's no secret proxy on a self-hosted runtime, so vaults aren't available.

Setup is documented in Self-hosting Nairi.

Concurrency and parallel work

How many tasks can run in parallel is set at the org level by your plan, not per agent:

PlanConcurrent tasks
Starter1 at a time
Pro5 at a time
Self-hostedYou control it yourself — no platform-imposed cap

When the org cap is hit, additional tasks queue until a slot frees up. The cap is shared across every agent in the org and every channel (Slack, Discord, API, scheduled jobs).

On self-hosted, the only limits are whatever your hardware can run and how many nairid instances you start. See Self-hosting Nairi for the multi-instance setup.

Can't find what you're looking for? Email support@nairi.ai.

How to deploy an agent

Walk through every setting on the agent editor: integration, model, prompt, rules, MCPs, skills, env vars, vaults, and your code repo.

Rules

Long-lived markdown instructions that shape how an agent behaves across every task.

On this page

Two runtime optionsManaged (default)Self-hostedConcurrency and parallel workRelated