Show HN: CongaLine – Self-hosted isolated AI agent fleet (OpenClaw, Hermes)

Self-host a fleet of isolated AI agents — each with its own container, network, secrets, and identity — managed through a single CLI. Choose your runtime (OpenClaw or Hermes Agent), connect them to Slack or Telegram, and deploy anywhere: your laptop, a $5 VPS, a Raspberry Pi, or a hardened AWS account. CongaLine n. A single-file procession of spiny lobsters that travel in physical contact during seasonal migration, reducing hydrodynamic drag and offering collective protection from predators. - Pluggable agent runtimes — choose OpenClaw or Hermes per agent. Same Conga infrastructure, your choice of agent. Adding a third runtime is one Go package. - Multi-channel support — Slack and Telegram out of the box, each with its own central router that fans events out to per-agent containers - Promotion pipeline — develop locally, validate on a remote host, enforce in production. Same config at every tier. - Per-agent isolation — separate Docker containers, networks, secrets, and config - Portable deployment policy — define egress rules, model routing, and security posture in a single conga-policy.yaml . Each provider enforces what it can and reports the gap. - Channels optional — use via web UI (gateway) only, or connect to Slack/Telegram for messaging - Two agent types — user agents (DM-only) for individuals, team agents (channel-based) for groups - CLI for everything — operators and end users manage agents, secrets, and infrastructure through the conga CLI - Modular provider system — pluggable deployment targets (AWS, local, remote, future: Kubernetes, ECS) ┌─────────────────────────────────────────────────────┐ │ CLI Commands │ │ (setup, add-user, policy, channels, status, ...) │ └────────────────────┬─┬──────────────────────────────┘ │ │ Provider │ │ Runtime (orthogonal) (where) │ │ (what) ▼ ▼ ┌─────────────────────────────┐ │ Any Provider × Any Runtime │ └─────────────────────────────┘ │ │ ┌───┴───────┐ ┌───┴────┐ ▼ ▼ ▼ ▼ ┌──────┐ ┌────────┐ ┌────────────┐ ┌────────┐ │ AWS │ │ Remote │ │ OpenClaw │ │ Hermes │ │ │ │ SSH │ │ Node.js │ │ Python │ │ Local│ │ │ │ JSON cfg │ │YAML cfg│ └──────┘ └────────┘ └────────────┘ └────────┘ Provider decides where an agent runs (AWS, local Docker, remote SSH host). Runtime decides what agent runs (OpenClaw, Hermes, future runtimes). The two are orthogonal — any provider works with any runtime. | Layer | Managed by | What it does | |---|---|---| | Infrastructure | Terraform (AWS), conga admin setup (remote/local) | VPC/EC2, remote host, or local Docker environment | | Configuration | CLI (conga admin setup ) | Runtime selection, model, shared secrets, Docker image | | Agents | CLI (conga admin add-user/add-team ) | Per-agent containers, configs, routing, secrets | | Policies | CLI (conga policy ) | Egress rules, security posture, routing enforcement | | Channels | CLI (conga channels ) | Slack/Telegram routers, agent-channel bindings | | Runtime | Language | Config | Default Image | Notes | |---|---|---|---|---| | OpenClaw | Node.js | openclaw.json | ghcr.io/openclaw/openclaw:2026.3.11 | Native Slack via webhook plugin | | Hermes | Python | config.yaml | nousresearch/hermes-agent:latest | OpenAI-compatible API on port 8642 | Adding a third runtime is a single Go package under pkg/runtime// implementing the 22-method Runtime interface. No changes to providers, CLI, or core logic. Note: Multi-runtime support is fully wired on the local provider today. The remote and AWS providers currently default to OpenClaw — Runtime interface integration on those providers is on the roadmap. | Channel | Setup | Router | Notes | |---|---|---|---| | Slack | conga channels add slack | Socket Mode → HTTP fan-out | Walks you through creating a Slack app with the right scopes | | Telegram | conga channels add telegram | Long-polling (or webhook in production) | Walks you through @BotFather setup | Each channel runs a dedicated router container (conga-router , conga-telegram-router ) that holds the single platform connection and fans events out to per-agent containers based on routing rules. One crash on Slack doesn't affect Telegram. The fastest way to stand up a complete environment — one file, one command. Copy the example and customize: cp demo.yaml.example demo.yaml # Edit demo.yaml: set SSH host, Slack IDs, etc. cat > demo.env = 1.25 (to build the CLI) - Anthropic API key go build -o /usr/local/bin/conga ./cmd/conga conga admin setup --provider local --runtime hermes # or --runtime openclaw This will prompt for the repo path (auto-detected), the LLM model (for Hermes), and the Docker image. Defaults are sensible — you can press Enter through most prompts. Channels are configured separately via conga channels add . conga admin add-user myagent The agent inherits the runtime selected during setup. No channel binding needed for gateway-only mode. conga secrets set anthropic-api-key --agent myagent --value sk-ant-... conga refresh --agent myagent conga status --agent myagent conga status shows port