Specter

v0.1.0

Deploy AI agents to dedicated VMs in 90 seconds. Interactive TUI. Automatic DNS and TLS. You own the infrastructure.

Deploying AI agents is DevOps hell.

Rent a server. Install dependencies. Configure TLS. Set up systemd. Create DNS records. Set up firewalls. Inject secrets securely. Monitor health. Every time you want to deploy a new agent, it's the same 45-minute ordeal.

Devin runs on their cloud for $500/month. 11x charges $5,000/month. CrewAI gives you a framework and says "figure out deployment."

Specter gives your agent a dedicated VM with automatic DNS, TLS, and systemd hardening in 90 seconds. You own the server. You own the data. It costs what Hetzner charges, with no markup.

The deploy flow

Eight phases, all automatic. From golden snapshot to running agent with a public URL.

Create VM

~15s

Spin up a dedicated Hetzner Cloud server from a golden snapshot.

DNS record

~2s

Create a Cloudflare A record pointing to the VM's IP.

Wait for boot

~20s

Wait for SSH to become available on the new server.

SSH verify

~3s

Establish connection and verify the server is accessible.

Deploy agent code

~10s

Upload your agent runtime via SCP and install dependencies.

Start services

~5s

Enable systemd units with hardening (NoNewPrivileges, ProtectSystem, PrivateTmp).

TLS certificate

~8s

Provision a Let's Encrypt certificate via Caddy. Automatic HTTPS.

Health check

~5s

Verify the agent is responding at its public URL.

Watch: deploying two agents from scratch

Interactive TUI

Think lazydocker for AI agents. Manage everything from your terminal with keyboard shortcuts.

dDeploy a new agent

sSSH into an agent

lStream live logs

uUpdate agent code

xDestroy an agent

EnterView agent details

j/kNavigate agent list

qQuit

What gets deployed

Every VM is built from a golden snapshot with everything pre-installed. Deploy is just configuration, not installation.

Terminal

Ubuntu 24.04 LTS

Docker (for your agent's data stack)

Bun (JavaScript/TypeScript runtime)

Caddy (automatic HTTPS reverse proxy)

systemd hardening (NoNewPrivileges, ProtectSystem)

ufw + Hetzner Cloud Firewall (ports 22/80/443)

cloud-init secret injection with cleanup

Features

90-second deploys

Golden snapshots pre-bake everything: Ubuntu 24.04, Docker, Bun, Caddy. Deploy is just VM creation + config. No Docker builds at deploy time.

Interactive TUI

Think lazydocker for AI agents. Deploy, SSH, view logs, update, and destroy agents with keyboard shortcuts. Built with Bubbletea v2.

Automatic DNS

Cloudflare A records created automatically. Your agent gets a subdomain like agent-name.yourdomain.com within seconds.

Automatic TLS

Let's Encrypt via Caddy. Certificate provisioned in 5-8 seconds. Automatic renewal. HTTPS from the first request.

systemd hardening

NoNewPrivileges, ProtectSystem, PrivateTmp, MemoryMax. Your agent runs in a restricted sandbox, not as root with full access.

Dual firewall

Hetzner Cloud Firewall + ufw. Only ports 22, 80, and 443 are open. Everything else is blocked at two layers.

You own everything

Your Hetzner account. Your Cloudflare domain. Your SSH keys. VMs start at $3.49/month. No markup, no middleman.

Agent-native

Every command has --json and --yes flags. Built for AI-to-AI orchestration. One agent can deploy and manage other agents.

Server types

Hetzner Cloud pricing. No markup from Specter. You pay what Hetzner charges, directly to Hetzner.

Type	CPU	RAM	Disk	Price
CX22	2 vCPU	4 GB	40 GB	$3.49/mo
CX32	4 vCPU	8 GB	80 GB	$6.49/mo
CX42	8 vCPU	16 GB	160 GB	$14.49/mo
CX52	16 vCPU	32 GB	320 GB	$28.49/mo
CAX21	4 vCPU (ARM)	8 GB	80 GB	$5.49/mo
CAX31	8 vCPU (ARM)	16 GB	160 GB	$10.49/mo

Security

Token redaction

API tokens and secrets are injected via cloud-init at boot, then cleaned from the VM. Never visible in process lists or logs.

Secret cleanup

Environment variables are written to a systemd override file with restricted permissions, not stored in plaintext.

Restricted processes

systemd hardening prevents privilege escalation, restricts filesystem access, and limits memory usage.

Network lockdown

Two firewalls in series. Hetzner cloud firewall is the outer perimeter. ufw on the VM is the inner perimeter. SSH + HTTP/S only.

Get started

Install via Homebrew. Run init to configure your Hetzner and Cloudflare tokens. Build a golden snapshot. Launch the TUI.

Terminal

$brew install ghostwright/specter/specter

$specter init

$specter image build# one-time golden snapshot

$specter# launch the TUI

Requires a Hetzner Cloud account with an API token, a Cloudflare account with a domain and API token, and an SSH key uploaded to Hetzner. Specter validates everything during specter init.

The vision

Today, Specter deploys a health endpoint. Tomorrow, each agent VM runs its own data stack. ClickHouse in Docker for analytics. Vector databases for embeddings. The agent's own state and memory.

A self-contained unit that learns and improves over time, with a trust gradient where it earns more autonomy as it proves competent.

Imagine deploying a Specter agent that has Ghost OS for computer-use and Shadow for context. An agent that knows your workflow, can operate your tools, and runs on infrastructure you own. Not a chatbot in a browser tab. A co-worker.

Your AI agent needs a server.
Specter gives it one in 90 seconds.

View on GitHub Back to Ghostwright