Open-Source Runtime for Infrastructure Management Agents
Deploy AI agents on your infrastructure. Keep sensitive data secure. Maintain full control.
Quick Start | Documentation | Examples
AI agents can automate infrastructure management—cost optimization, security compliance, deployments—but most solutions require sharing credentials and sensitive data with third-party platforms.
Station gives you control:
- ✅ Run on your infrastructure - Deploy agents wherever you need them (AWS, GCP, on-prem, local)
- ✅ Keep data private - Agents access your tools directly, no data leaves your environment
- ✅ Simple agent development - Declarative dotprompt format, develop and test locally
- ✅ Fine-grained security - Control exactly which tools each agent can use (read vs write)
- ✅ Share and collaborate - Bundle agents with MCP configs for easy distribution
- ✅ Open source - Full transparency, audit the code yourself
Learn more about Station's architecture →
Here's a complete FinOps agent in dotprompt format:
---
metadata:
name: "AWS Cost Spike Analyzer"
description: "Detects unusual cost increases and identifies root causes"
model: gpt-4o-mini
max_steps: 5
tools:
- "__get_cost_and_usage" # AWS Cost Explorer - read only
- "__list_cost_allocation_tags"
- "__get_savings_plans_coverage"
---
{{role "system"}}
You are a FinOps analyst specializing in AWS cost anomaly detection.
Analyze cost trends, identify spikes, and provide actionable recommendations.
{{role "user"}}
{{userInput}}That's it. Station handles:
- MCP tool connections (AWS Cost Explorer, Stripe, Grafana, etc.)
- Template variables for secrets/config (
{{ .AWS_REGION }}) - Multi-environment isolation (dev/staging/prod)
- Execution tracking and structured outputs
Get Station running in Docker with zero setup:
curl -fsSL https://raw.githubusercontent.com/cloudshipai/station/main/scripts/quick-deploy.sh | bashWhat this does:
- ✅ Prompts for your OpenAI API key
- ✅ Creates docker-compose.yml automatically
- ✅ Starts Station in Docker (production-ready)
- ✅ Opens browser to Web UI at
http://localhost:8585 - ✅ Auto-installs bundles from
bundles/directory
Just need: Docker and your OpenAI API key.
Stop Station: docker compose down
For local development without Docker:
curl -fsSL https://get.station.dev | bashWhat this does:
- ✅ Installs Station CLI
- ✅ Prompts for AI provider setup
- ✅ Starts Station locally
- ✅ Opens browser automatically
Just need: curl and your AI API key (OpenAI/Anthropic/Gemini/Ollama).
Stop Station: stn down
Best for production-like setups with bundles:
# 1. Download quick-deploy script
curl -fsSL https://raw.githubusercontent.com/cloudshipai/station/main/scripts/quick-deploy.sh -o quick-deploy.sh
chmod +x quick-deploy.sh
# 2. Add bundles (optional)
mkdir bundles
# Place .tar.gz bundle files in bundles/ directory
# 3. Deploy
export OPENAI_API_KEY="sk-..."
./quick-deploy.shWhat you get:
- ✅ Station running in Docker with auto-restart
- ✅ Web UI at
http://localhost:8585 - ✅ Auto-installs all bundles
- ✅ Persistent data storage
- ✅ Production-ready setup
For full control over installation:
# 1. Install Station
curl -fsSL https://raw.githubusercontent.com/cloudshipai/station/main/install.sh | bash
# 2. Start Station
export OPENAI_API_KEY=sk-your-key-here
stn up --provider openai --model gpt-4o-miniMore provider options:
# Anthropic Claude
stn up --provider anthropic --api-key sk-ant-...
# Google Gemini
stn up --provider gemini --api-key your-key --model gemini-2.0-flash-exp
# Ollama (local models)
stn up --provider openai --base-url http://localhost:11434/v1 --model llama3.2
# Meta Llama (OpenAI-compatible endpoint)
stn up --provider openai --api-key LLM-your-key --base-url https://api.llama.com/compat/v1 --model Llama-4-Maverick
# With CloudShip registration
stn up --provider openai --api-key sk-... --cloudshipai-registration-key your-keyStop Station:
stn downThat's it! Station is now running with:
- ✅ Web UI at
http://localhost:8585for managing tools, bundles, and builds - ✅ MCP server at
http://localhost:8586/mcpconfigured for Claude Code/Cursor - ✅ Dynamic Agent MCP at
http://localhost:3030/mcp - ✅
.mcp.jsonautomatically created for seamless Claude integration
Next: Complete Quick Start Guide → | Full Installation Guide →
Station provides a complete agent development workflow using Claude Code or Cursor:
Open the Web UI at http://localhost:8585:
- Browse available MCP servers (AWS, Stripe, Grafana, filesystem, security tools)
- Add MCP tools to your environment
- Configure template variables for secrets
Station automatically creates .mcp.json when you run stn up:
{
"mcpServers": {
"station": {
"type": "http",
"url": "http://localhost:8586/mcp"
}
}
}Restart Claude Code/Cursor to connect to Station.
Use Claude Code/Cursor with Station's MCP tools to:
- Create agents - Write dotprompt files with agent definitions
- Run agents - Execute agents and see results in real-time
- List agents - View all agents in your environments
- Update agents - Modify agent configs and tools
- Create environments - Set up dev/staging/prod isolation
- Sync environments - Apply changes and resolve variables
Example interaction with Claude:
You: "Create a FinOps agent that analyzes AWS costs using the cost explorer tools"
Claude: [Uses Station MCP tools to create agent with proper dotprompt format]
You: "Run the agent to analyze last month's costs"
Claude: [Executes agent and shows cost analysis results]
Back to the Web UI at http://localhost:8585:
- Create bundles - Package agents + MCP configs for distribution
- Share bundles - Export bundles to share with team
- Build Docker images - Create production containers from environments
- Install bundles - Import bundles from registry or files
Agent Development Guide → | Bundling & Distribution →
Run Station agents in your CICD pipelines for automated security scanning, cost analysis, compliance checks, and deployment validation.
Pre-built agent containers available:
ghcr.io/cloudshipai/station-security:latest- Infrastructure, container, and code security scanningghcr.io/cloudshipai/station-finops:latest- Cost analysis and optimization (coming soon)ghcr.io/cloudshipai/station-compliance:latest- Policy and compliance validation (coming soon)
- uses: cloudshipai/station-action@v1
with:
agent: "Infrastructure Security Auditor"
task: "Scan terraform and kubernetes for security issues"
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}That's it! 3 lines to add AI-powered security scanning to your pipeline.
Station agents work across all major CICD platforms using the same Docker containers:
- GitHub Actions - Composite action with 3-line setup
- GitLab CI - Docker-based pipeline stages
- Jenkins - Docker agent pipelines
- CircleCI - Docker executor workflows
- Argo Workflows - Kubernetes-native workflows
- Tekton - Cloud-native CI/CD pipelines
Complete deployment templates and guides available in deployments/:
- Platform-specific configuration examples
- Secret management guides (OpenAI API keys, CloudShip registration)
- Scheduled execution setups (daily cost analysis, compliance scans)
- Multi-agent pipeline orchestration
FinOps & Cost Management:
# Daily cost analysis on schedule
schedule: "0 9 * * *" # 9 AM daily
agent: "AWS Cost Analyzer"
task: "Analyze yesterday's AWS spend and identify optimization opportunities"Compliance Monitoring:
# Weekly compliance checks
schedule: "0 0 * * 1" # Monday midnight
agent: "SOC2 Compliance Auditor"
task: "Verify infrastructure meets SOC2 requirements"Platform Engineering:
# Post-deployment validation
agent: "Deployment Validator"
task: "Verify deployment health, check metrics, and validate configuration"Complete CICD Integration Guide → | Secrets Management →
Station uses the Model Context Protocol (MCP) to give agents access to tools—AWS APIs, databases, filesystems, security scanners, and more.
Fine-grained control over agent capabilities:
tools:
- "__get_cost_and_usage" # AWS Cost Explorer - read only
- "__list_cost_allocation_tags" # Read cost tags
- "__read_text_file" # Filesystem read
# No write permissions - agent can analyze but not modifyTemplate variables for secure configuration:
{
"mcpServers": {
"aws-cost-explorer": {
"command": "mcp-server-aws",
"env": {
"AWS_REGION": "{{ .AWS_REGION }}",
"AWS_PROFILE": "{{ .AWS_PROFILE }}"
}
}
}
}Variables are resolved at runtime from variables.yml—never hardcoded in configs.
MCP Tools Documentation → | Template Variables Guide →
Test and demo agents with realistic AI-generated mock data—no production credentials required.
Use Cases:
- Development: Build agents without production access or real credentials
- Testing: Test with realistic scenarios (high-cost, security incidents, capacity issues)
- Demos: Generate compelling demo data on demand
- Empty Environments: Work with AWS accounts or databases that have no real data
How it works: The AI Faker is an MCP proxy that enriches responses from real MCP servers with AI-generated mock data based on natural language instructions.
Example: AWS CloudWatch with empty account
{
"mcpServers": {
"aws-cloudwatch-faker": {
"command": "stn",
"args": [
"faker",
"--command", "uvx",
"--args", "awslabs.cloudwatch-mcp-server@latest",
"--ai-instruction", "Generate high-cost production incident data: 95% CPU, elevated RDS costs, critical alarms, Lambda failures"
],
"env": {
"AWS_ACCESS_KEY_ID": "{{ .AWS_ACCESS_KEY_ID }}",
"AWS_REGION": "us-east-1"
}
}
}
}Agent receives AI-generated mock data:
Active CloudWatch Alarms:
1. High CPU: Instance i-0123456789abcdef0 at 95% CPU
2. Memory Alert: Instance using 90% memory
3. RDS Performance: DB mydb-instance at 1800 Read IOPS (exceeded)
4. Cost Spike: RDS cost increased 25% this month
5. Lambda Failures: Function myFunction failed 15 times in 5 minutes
...
The faker works with any MCP server—filesystem, databases, cloud APIs, security tools—and uses your configured AI provider (OpenAI, Gemini, Ollama, etc.).
Built-in Safety Mode:
- 🛡️ AI automatically detects and intercepts write operations
- ✅ Read operations proxied and enriched normally
⚠️ Write operations return mock success (no real execution)- 📋 See exactly which operations are protected at startup
🛡️ SAFETY MODE: 4 write operations detected and will be INTERCEPTED:
1. write_file
2. edit_file
3. create_directory
4. move_file
These tools will return mock success responses without executing real operations.
Complete AI Faker Documentation →
Station can automatically convert OpenAPI/Swagger specifications into MCP servers, making any REST API instantly available as agent tools.
Turn any OpenAPI spec into MCP tools:
{
"name": "Station Management API",
"description": "Control Station via REST API",
"mcpServers": {
"station-api": {
"command": "stn",
"args": [
"openapi-runtime",
"--spec",
"environments/{{ .ENVIRONMENT_NAME }}/station-api.openapi.json"
]
}
},
"metadata": {
"openapiSpec": "station-api.openapi.json",
"variables": {
"STATION_API_URL": {
"description": "Station API endpoint URL",
"default": "http://localhost:8585/api/v1"
}
}
}
}Template variables in OpenAPI specs:
{
"openapi": "3.0.0",
"servers": [
{
"url": "{{ .STATION_API_URL }}",
"description": "Station API endpoint"
}
]
}Station automatically:
- ✅ Converts OpenAPI paths to MCP tools - Each endpoint becomes a callable tool
- ✅ Processes template variables - Resolves
{{ .VAR }}fromvariables.ymland env vars - ✅ Supports authentication - Bearer tokens, API keys, OAuth
- ✅ Smart tool sync - Detects OpenAPI spec updates and refreshes tools
Example: Station Admin Agent
Create an agent that manages Station itself using the Station API:
---
metadata:
name: "Station Admin"
description: "Manages Station environments, agents, and MCP servers"
model: gpt-4o-mini
max_steps: 10
tools:
- "__listEnvironments" # From station-api OpenAPI spec
- "__listAgents"
- "__listMCPServers"
- "__createAgent"
- "__executeAgent"
---
{{role "system"}}
You are a Station administrator that helps manage environments, agents, and MCP servers.
Use the Station API tools to:
- List and inspect environments, agents, and MCP servers
- Create new agents from user requirements
- Execute agents and monitor their runs
- Provide comprehensive overviews of the Station deployment
{{role "user"}}
{{userInput}}Usage:
stn agent run station-admin "Show me all environments and their agents"The agent will use the OpenAPI-generated tools to query the Station API and provide a comprehensive overview.
OpenAPI MCP Documentation → | Station Admin Agent Guide →
Deploy Station agents to production without manual configuration. Station supports zero-config deployments that automatically:
- Discover cloud credentials and configuration
- Set up MCP tool connections
- Deploy agents with production-ready settings
Deploy to Docker Compose:
# Build environment container
stn build env production
# Deploy with docker-compose
docker-compose up -dStation automatically configures:
- AWS credentials from instance role or environment
- Database connections from service discovery
- MCP servers with template variables resolved
Supported platforms:
- Docker / Docker Compose
- AWS ECS
- Kubernetes
- AWS Lambda (coming soon)
Zero-Config Deployment Guide → | Docker Compose Examples →
Station includes built-in OpenTelemetry (OTEL) support for complete execution observability:
What Gets Traced:
- Agent Executions: Complete timeline from start to finish
- LLM Calls: Every OpenAI/Anthropic/Gemini API call with latency
- MCP Tool Usage: Individual tool calls to AWS, Stripe, GitHub, etc.
- Database Operations: Query performance and data access patterns
- GenKit Native Spans: Dotprompt execution, generation flow, model interactions
Quick Start with Jaeger:
# Start Jaeger locally
make jaeger
# Configure Station
export OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
stn serve
# Run agent and view traces
stn agent run my-agent "Analyze costs"
open http://localhost:16686Team Integration Examples:
- Jaeger - Open source tracing (local development)
- Grafana Tempo - Scalable distributed tracing
- Datadog APM - Full-stack observability platform
- Honeycomb - Advanced trace analysis with BubbleUp
- New Relic - Application performance monitoring
- AWS X-Ray - AWS-native distributed tracing
Span Details Captured:
aws-cost-spike-analyzer (18.2s)
├─ generate (17ms)
│ ├─ openai/gpt-4o-mini (11ms) - "Analyze cost data"
│ └─ __get_cost_anomalies (0ms) - AWS Cost Explorer
├─ generate (11ms)
│ └─ __get_cost_and_usage_comparisons (0ms)
└─ db.agent_runs.create (0.1ms)
Configuration:
# Environment variable (recommended)
export OTEL_EXPORTER_OTLP_ENDPOINT=http://your-collector:4318
# Or config file
otel_endpoint: "http://your-collector:4318"Complete OTEL Setup Guide → - Includes Jaeger, Tempo, Datadog, Honeycomb, AWS X-Ray, New Relic, Azure Monitor examples
FinOps & Cost Optimization:
- Cost spike detection and root cause analysis
- Reserved instance utilization tracking
- Multi-cloud cost attribution
- COGS analysis for SaaS businesses
Security & Compliance:
- Infrastructure security scanning
- Compliance violation detection
- Secret rotation monitoring
- Vulnerability assessments
Deployment & Operations:
- Automated deployment validation
- Performance regression detection
- Incident response automation
- Change impact analysis
Station uses SQLite by default, with support for cloud databases and continuous backup for production deployments.
# Station uses local SQLite file
stn stdioPerfect for local development, zero configuration required.
For multi-instance deployments or team collaboration, use a libsql-compatible cloud database:
# Connect to cloud database
export DATABASE_URL="libsql://your-db.example.com?authToken=your-token"
stn stdioBenefits:
- State persists across multiple deployments
- Team collaboration with shared database
- Multi-region replication
- Automatic backups
For single-instance production deployments with disaster recovery:
# Docker deployment with automatic S3 backup
docker run \
-e LITESTREAM_S3_BUCKET=my-backups \
-e LITESTREAM_S3_ACCESS_KEY_ID=xxx \
-e LITESTREAM_S3_SECRET_ACCESS_KEY=yyy \
ghcr.io/cloudshipai/station:productionBenefits:
- Continuous replication to S3/GCS/Azure
- Automatic restore on startup
- Point-in-time recovery
- Zero data loss on server failures
Version control your agent configurations, MCP templates, and variables in Git:
# Create a Git repository for your Station config
mkdir my-station-config
cd my-station-config
# Initialize Station in this directory
export STATION_WORKSPACE=$(pwd)
stn init
# Your agents are now in ./environments/default/agents/
# Commit to Git and share with your team!
git init
git add .
git commit -m "Initial Station configuration"Team Workflow:
# Clone team repository
git clone [email protected]:your-team/station-config.git
cd station-config
# Run Station with this workspace
export STATION_WORKSPACE=$(pwd)
stn stdioAll agent .prompt files, MCP template.json configs, and variables.yml are version-controlled and reviewable in Pull Requests.
- OS: Linux, macOS, Windows
- Memory: 512MB minimum, 1GB recommended
- Storage: 200MB for binary, 1GB+ for agent data
- Network: Outbound HTTPS for AI providers
- 📚 Documentation - Complete guides and tutorials
- 🐛 Issues - Bug reports and feature requests
- 💬 Discord - Community support
If you're interested in contributing to Station or understanding the internals, comprehensive architecture documentation is available in the docs/architecture/ directory:
- Architecture Index - Quick navigation and key concepts reference
- Architecture Diagrams - Complete ASCII diagrams of all major systems and services
- Architecture Analysis - Deep dive into design decisions and component organization
- Component Interactions - Detailed sequence diagrams for key workflows
These documents provide a complete understanding of Station's four-layer architecture, 43+ service modules, database schema, API endpoints, and execution flows.
Apache 2.0 - Free for all use, open source contributions welcome.
Station - Open-Source Runtime for Infrastructure Management Agents
Deploy AI agents on your infrastructure. Keep data secure. Maintain control.