Hezo — A whole AI workforce. And you're the boss.<br>A whole AI workforce.<br>And you're the boss.<br>Hezo hires AI agents, runs them, and ships their work — without ever handing them your keys.<br>$ curl -fsSL https://hezo.ai/install.sh | sh
No cloud dependency Secrets never in agent context Signed commits Per-agent budget caps
01 How it worksThree moves to a working team.
STEP 01<br>Create a project<br>Describe the work to the CEO. It scopes the project and provisions a team — each in its own container.
STEP 02<br>Set the direction<br>Lay out the project plan, then hire or customize agents, tune their prompts, and give any agent its own model .
STEP 03<br>Approve and run<br>Agents work autonomously on a heartbeat . You watch live, approve sensitive actions, cap the spend, and change direction any time .
02 Talk to your companyChat with the CEO. The Coach does the rest.
CEOHQ<br>YouSpin up a team to research our top 3 competitors.
CEOOn it — scoping a Market Research team: one researcher and one analyst, sharing your Claude key. They'll start with positioning and pricing
Ask the CEO anything, across every project…
one conversation · always one click away · picks up where you left off
CEO Your point of contact<br>The CEO sees every project, ticket, and roster. Ask how things are going or tell it to hire a role — replies stream back live , and anything consequential returns as an approval .
COACH Teams that improve every ship<br>When a ticket completes, the Coach reviews it and writes durable learned rules back onto the agent. The same mistake doesn't happen twice — no prompt-tuning by hand.
03 Why Hezo · Secure by designAgents never hold your secrets.
Agent container · sees only placeholders<br>Authorization: Bearer __HEZO_SECRET_STRIPE__
Egress proxy · checks destination<br>✓ host = api.stripe.com → swap in the real key<br>✕ any other host → request blocked, no substitution
Leaves the box only if allowed<br>Authorization: Bearer sk_live_••••••••
every substitution is logged by name, never by value
AES-256-GCM Encrypted at rest<br>Keys and tokens sit behind a master key that lives in memory only, never on disk. Hezo can't unlock itself without you.
DOCKER Sandboxed<br>Every agent runs in a per-project container — no host access, all traffic through the proxy. A bad run's blast radius is one box.
SELF-HOSTED Yours<br>You own the machine, the keys, the spend, and the data. Git commits are signed host-side with your project key.
04 Works with your modelsBring your own providers. Mix freely.
ProviderModelsRuntimeAuth<br>AnthropicClaudeClaude CodeAPI key or subscription<br>OpenAIChatGPT / GPTCodexAPI key or subscription<br>GoogleGeminiGemini CLIAPI key or subscription<br>KimiKimi (Moonshot)KimiAPI key or subscription<br>DeepSeekDeepSeekClaude CodeAPI key<br>Z.aiGLMClaude CodeAPI key<br>OpenRouterMany, via one keyOpenCodeAPI key
No need to host your own models — Hezo runs the agents, your provider accounts power them.
05 What's in the boxEverything a team of agents needs to ship.
Security & control<br>Secret substitution at the egress proxy — placeholders in, real keys swapped in only for allowed hosts.<br>Encrypted at rest (AES-256-GCM) behind one master key only you hold.<br>Per-project Docker isolation , with all agent traffic forced through the proxy.<br>Verified git commits , signed host-side with your project key.<br>An append-only audit trail of every action and secret use.
Orchestration<br>An org chart of roles — CEO, Coach, Captain, and workers — that coordinate.<br>A task board with per-task rules and an agent-maintained progress summary.<br>Heartbeat execution : agents wake on a schedule to pick up work, gated by budget.<br>Multiple projects , each an independent team in its own container.
Models & cost<br>Bring your own providers ; mix models freely, down to one per agent.<br>Hard budget caps — daily, weekly, monthly — per agent and per project.<br>Agents pause when a window is exhausted and resume when it rolls over.
Memory & documents<br>Long-term memory — the CEO remembers your standing preferences across every conversation.<br>Durable project documents — PRDs, specs, and research, kept with full version history.<br>Work carries cleanly across runs instead of evaporating between sessions.
Assets & previews<br>Bring references in — upload mockups, images, and PDFs for the team to work from.<br>Agents produce interactive HTML & SVG deliverables , not just text.<br>Preview their work in-app on any device, as it's built.
Interface<br>A mobile-first web app — oversee, chat, and approve from any device.<br>MCP in and out — a built-in server so any client can drive your teams, plus external MCP servers that give agents the tools you already use.<br>One self-contained binary : web app, API, realtime, database, and vault.
06 How Hezo comparesNot tabs. Not someone else's cloud.
Agents in terminal tabs<br>Hosted agent platforms<br>Frameworks / SDKs<br>Hezo
Runs on<br>Your machine, by hand<br>Someone else's cloud<br>Wherever you build it<br>Hardware you own
Your secrets<br>Live in your shell<br>Held by the vendor<br>You wire them up<br>Never exposed...