Self-hosted

Self-host your AI agent infrastructure.

Open Connector is open-source (AGPL-3.0), self-hostable agent infrastructure — the OAuth broker, MCP gateway, encrypted vault, and audit trail, all running on your own infra. Your users' credentials never leave your environment, data residency is whatever you choose, and every call lands in a compliance-grade audit trail. Built for teams whose security review won't allow user tokens in a vendor's cloud.

View source on GitHubvs hosted (Composio) →
Why self-host

Own the credentials, the data, and the audit trail.

Data residency, your call

Run it in your own cloud, region, and VPC. Where your users' data and tokens live is whatever you choose — not wherever a vendor happens to host.

Credential custody

Access and refresh tokens are sealed in an AES-256-GCM vault in your Postgres, encrypted with your keys, and injected server-side. They never leave your environment.

Compliance-grade audit

Every brokered call appends a tamper-evident, hash-chained record — actor, scope, timestamp, result — that's append-only and independently verifiable. You control retention.

No vendor lock-in

No per-call tax, no usage metering you don't control. Self-host the whole core for free; you only pay your own infrastructure.

Open source (AGPL-3.0)

Read, run, modify, and redistribute the whole broker. Your security team can audit exactly how credentials are handled — no black box.

Runs on your stack

Postgres for state, your own OAuth apps, your encryption keys. Deploy it next to your agents; no callback to anyone's cloud.

FAQ

Self-hosting, answered

Can I self-host an AI agent tool platform?
Yes. Open Connector is an open-source (AGPL-3.0) credential broker and MCP gateway you run entirely on your own infrastructure. It handles OAuth, stores tokens in an encrypted vault, and serves tools to your agents over MCP or a typed API — all inside your environment, with no dependency on a vendor's cloud.
Where do my users' credentials live when I self-host?
On your own infrastructure. Open Connector seals access and refresh tokens in an AES-256-GCM vault in your Postgres, encrypted with your own keys. Credentials are injected server-side at call time and never leave your environment — agents and MCP clients never see a raw secret.
Is Open Connector suitable for data-residency and compliance requirements?
Yes. Because you run it in your own cloud, region, and VPC, data residency is whatever you choose. Every brokered call writes a tamper-evident, hash-chained audit record — actor, scope, timestamp, result — that is append-only and independently verifiable, which is the trail security and compliance teams need.
What do I need to self-host Open Connector?
Postgres for state, your own OAuth apps for each provider, and your encryption keys. The whole core is AGPL-3.0, so you can run, modify, and redistribute it freely; only a few enterprise add-ons require a commercial license.
How is self-hosting different from a hosted agent platform?
With a hosted SaaS (such as Composio's default), your users' tokens live in the vendor's cloud and you pay per tool call. Self-hosting Open Connector keeps every credential on your own infrastructure, removes the per-call vendor tax, and gives you full control over retention and data residency.