Cloud made simple

Compute for agents. Cloud made simple.

Register machines. Define allowed connections. Enforce the mesh.

Semantic Cloud gives agent infrastructure a simple control plane for machines, connectivity, provisioning, DNS, and audit.

No IAM policy sprawl. No CRDs. No hidden networking.
Just nodes, edges, and explicit permissions.

Agents Services External denied deploy-agent agent / full-access code-review agent / read-only api-gateway proxy / :443 worker-pool compute / :8080 stripe-api :443 / https postgres :5432 / tcp github-api :443 / https s3-storage :443 / https allowed from deploy-agent edge denied external

Define, import, query

Your cluster topology lives in a TOML file. The API does the rest.

semantic-node-api
# import cluster config from TOML $ semantic-node-api -storage sqlite -config cluster.toml imported config: 4 machines, 6 endpoints, 12 edges semantic-node-api listening on :9090 # effective permissions for deploy-agent $ curl :9090/api/v1/permissions/reachable?from=deploy-agent {"from":"deploy-agent","can_reach":["api-gateway","worker-pool","stripe-api","postgres"]} # provision a node — cloud provider creates the VM $ curl -X POST :9090/api/v1/nodes \ -d '{"name":"worker-3","role":"agent","port":443, "infra":{"provider":"digitalocean","region":"nyc3","size":"s-2vcpu-4gb"}}' {"revision":"cfg-000005","node":{"name":"worker-3","ip":"164.90.132.47"}} # reconcile DNS records for all machines $ curl -X POST :9090/api/v1/dns/sync {"results":[{"zone":"example.com","created":["worker-3.example.com"]}]}

Key features

Permission graph

Directed edges between nodes and endpoints. Group expansion, reachability queries, closed-by-default.

Node registry

Machines, runtimes, groups, DNS. Desired vs. observed state. Filter by role, group, tag.

Cloud provisioning

Create and destroy VMs through cloud providers. Auto-assign DNS records on node create.

Config as code

Declare clusters as TOML. Import, export, validate. Revision tracking on every mutation.

DNS management

Zone and record CRUD. Automatic A record lifecycle. Bulk reconciliation.

Audit trail

Every permission change and infrastructure mutation tracked. Before/after snapshots.