Project Overview
Technology: TypeScript, Next.js, Cloudflare Workers, Durable Objects, D1, Modal, OpenCode, Slack, GitHub, Linear, Terraform
Idea: Self-hostable background coding agents for software teams
OpenInspect is an open-source background agent system. The simplest way to say it is that it moves coding agent sessions out of localhost and into cloud sandboxes.
I built it after reading Ramp's write-up on Inspect and realizing this is going to become a critical piece of infrastructure for companies. If agents are going to work on real code, they need the same things engineers need: the repo, tests, dev servers, browser access, GitHub, secrets, and a path to a pull request.
The project site is available at backgroundagents.dev.
Why I Built It
Local agents work well until you start running more than one of them.
Git worktrees solve one part of the problem. They let you clone multiple copies of a repo and make changes without branches conflicting. What they do not solve is the fact that your machine is still your machine.
Each session is running linters, tests, compilers, package installs, and dev servers. As the session count grows, the resources on your laptop do not. Unless the plan is to keep a supercomputer under your desk with all the fans roaring, the agent sessions need to move somewhere else.
That is the basic idea behind OpenInspect: put the agent session in the cloud, give it a clean development environment, and let it run without tying up a developer's laptop.
What OpenInspect Does
Each OpenInspect session gets its own sandbox. It can clone or restore a repository, run setup scripts, start dev servers, execute tests, use browser automation, stream logs, capture artifacts, and push a branch for review.
Work can start from the web app, Slack, GitHub, Linear, scheduled jobs, Sentry alerts, or authenticated webhooks. The important part is that all of those entry points attach to the same session model. A session can start in Slack, be watched in the web UI, and finish as a GitHub pull request.
The other big unlock is repeatability. In a company environment, local setup can mean twenty microservices, internal CLIs, auth, databases, feature flags, and service-specific startup steps. That is not a practical thing to ask every PM or support teammate to configure. With OpenInspect, the environment is reproduced in the sandbox each time.
Where It Fits
I do not think every team needs background agents on day one. If you are running one local agent at a time and the engineer is still closely steering every step, localhost is probably fine.
It starts to matter when the team is running multiple agents, when sessions take 5 to 10 minutes and engineers are sitting around waiting, or when people outside engineering need to investigate and propose fixes.
That last part is important. I am seeing PMs and customer support teams move beyond filing a bug ticket and asking engineering to help. They can root cause the regression, ask an agent to make the fix, and hand engineering a real diff to review.
Engineering still signs off. The goal is not to skip review. The goal is to move more work into a reviewable form.
Architecture
OpenInspect splits the system into a control plane and a data plane.
The control plane runs on Cloudflare Workers, Durable Objects, and D1. It manages session state, WebSocket streams, GitHub integration, encrypted repo secrets, and sandbox lifecycle.
The data plane runs the actual coding environment. In the Modal-backed flow, OpenInspect starts a sandbox, restores or clones the repo, launches OpenCode, and streams tool calls, logs, screenshots, and artifacts back to the control plane.
The repo includes clients for:
- Web sessions
- Slack messages
- GitHub PR review and
@mentionactions - Linear issue workflows
- Cron, Sentry, and webhook automations
Security Model
OpenInspect is designed as a single-tenant system for trusted members of the same organization. That is an intentional tradeoff. This is company infrastructure, so it should sit inside the company's own trust boundary.
A GitHub App token handles clone and push operations for the repos where the App is installed. The user's GitHub OAuth token creates the pull request, so the PR is attributed to the person who asked for the work.
The guiding principle is simple: the agent is in the box, but the secrets are not. Repo secrets are encrypted and scoped before being injected at sandbox startup. For real company deployments, network boundaries, audit logs, RBAC, and secret access are part of the work.
Why Open Source
My main motivation for releasing OpenInspect was that background agent infrastructure is going to be a critical piece of company infrastructure.
That also means every company is going to have its own weird environment. Different repos, different service boundaries, different secrets, different CI, different internal tools. A closed tool has to support all of that from the outside. An open-source system can be forked, customized, and wired into the company the way the company actually works.
I did not see the open-source answer I wanted, so I released it.