The control plane for servers you own.Run by your team, your agents, and your code.
Push to deploy, tail logs, restart, roll back, and rotate secrets. From a dashboard, from Claude or Cursor over MCP, or straight from the API. Any Linux box, any provider, no lock-in.
Reoclo installs a small runner on raw Linux. No cloud APIs, no provider SDKs, nothing that ties you to one place.
if it has an IP address and runs Linux, it’s a deploy target
Three ways in. One source of truth.
Your team, your agents, and your scripts all act on the same state, under the same roles, in the same audit log.
Push, and it ships.
Connect GitHub or Gitea. Every push builds a Docker image on your server, runs health checks, and swaps traffic with zero downtime. No registry to manage, no CI to wire up.
- On-server image builds
- Blue-green traffic swap
- Automatic rollback on a failed check
Hand production to your agents.
Reoclo speaks MCP. Point Claude, Cursor, or any MCP client at your org and it can deploy, tail logs, restart containers, rotate secrets, and open incidents. Every action is scoped by RBAC and written to the audit log.
- Tenant-scoped tools
- Scoped, revocable keys
- Plain language instead of commands
Script anything the dashboard can do.
Every dashboard action has an API and an MCP tool behind it. Schedule backups, gate deploys from GitHub Actions, page on-call through Slack or PagerDuty, and wire Reoclo into the tools you already run.
- Full REST coverage
- GitHub Actions integration
- Webhooks and scheduled operations
The whole platform, in one place.
Not a deploy button with extras bolted on. The operations a real team runs every day, grouped by who reaches for them.
For your team
- ▸Browser terminal
A shell on any server in one click. No local keys, no VPN.
- ▸Live logs & tailing
Container and journal logs from every server, searchable across sources.
- ▸Status pages & incidents
Branded public pages with severity-aware incident tracking.
- ▸Uptime monitors
Set the interval and expected code; get paged when it breaks.
- ▸Team RBAC & audit
Org roles, invitations, and a trail of who did what.
For your agents
- ▸Tenant-scoped MCP
Claude, Cursor, and Copilot list, deploy, inspect, and recover.
- ▸Scoped agent keys
An agent does only what you grant. Revoke in one click.
- ▸Plain-language ops
No command to memorize. State the intent; Reoclo runs it.
- ▸Reads its own evidence
Agents pull logs, inspect containers, and propose the fix.
- ▸Logged like a human
Actor, timestamp, and outcome on every agent action.
For your workflows
- ▸Push to deploy
GitHub App, Gitea webhooks, and GitHub Actions in the loop.
- ▸Zero-downtime swaps
Blue-green traffic cutover with automatic rollback.
- ▸Scheduled operations
Cron-style backups, rotations, and cleanups.
- ▸Saved scripts
Runbooks your team and your agents can both invoke.
- ▸Notifications
Slack, email, and webhooks on deploy, incident, and monitor.
- ▸Encrypted credentials
Registry and cloud secrets: scoped, rotatable, never plaintext.
Managed or self-hosted? You stop choosing.
Managed PaaS sells ergonomics. Self-hosted gives you control. Reoclo gives you both, on hardware you own, with agents in the loop.
| capability | Managed PaaSRender, Railway, Vercel | Self-hostedCoolify, Dokku, Kamal | Reoclo |
|---|---|---|---|
| Runs on servers you own (any Linux) | |||
| Monthly cost at scale | $$$ | $ | $ |
| Vendor lock-in | High | ||
| Time to first deploy | Minutes | Hours to days | Minutes |
| Agents operate it over MCP | |||
| Works with Claude, Cursor, Copilot | |||
| Zero-downtime deploys | DIY | ||
| Auto-rollback & self-healing | DIY | ||
| Team management & RBAC | DIY | ||
| Live log aggregation | DIY | ||
| Status pages & incidents | Add-on | DIY | |
| Browser terminal | DIY |
Secrets stay secret. Everything is logged.
You are handing a control plane the keys to production. It earns that by keeping plaintext out of reach and writing down every move, whether a person or an agent made it.
AES-256-GCM at rest
SSH keys, API tokens, and environment variables are envelope-encrypted. Plaintext is never written to disk.
Secrets stay in the worker
Decryption happens only during a deploy, inside an isolated worker process. Your API layer and your agents never see plaintext.
Scoped, revocable agent keys
Every agent runs under an API key bound by the same RBAC as people. Grant the minimum. Revoke in one click.
A trail for every action
Each deploy, agent call, connection, and config change is recorded with actor, timestamp, and outcome.
Built for teams that think in commits, servers, and agents.
AI-first teams
You build with Claude Code, Cursor, and Copilot. Now the same agents deploy, operate, and debug production, not just write the code.
Platform teams & agencies
One control plane across every client and every server. Scoped tenants, RBAC, and per-client audit trails replace the ticket queue.
Teams leaving managed PaaS
Keep push-to-deploy, drop the per-seat, per-dyno bill. Move to any Linux box, any cloud, or metal you already pay for.
One platform. One plan.
Reoclo is invite-only while we onboard teams by hand. Tell us about your infrastructure and we will get you set up with a named engineer.
- Tenant-scoped MCP for your AI agents
- Scoped, revocable agent API keys
- Unlimited servers and deployments
- RBAC and multi-tenant isolation
- Live log aggregation and search
- Status pages and incident management
- Browser terminal on every server
- Custom domains with automatic SSL
- A named engineer for onboarding
- Full audit trail across people and agents
Pricing is set per platform, not per seat or per dyno. We scope it to your servers and your team.
Request access Read the docsQuestions, answered.
How is Reoclo different from Render, Railway, or Vercel?
They run your code on their infrastructure at a markup. Reoclo runs the same push-to-deploy workflow on servers you own. No lock-in, no inflated bill, and an MCP surface your agents can operate.
How is it different from Coolify, CapRover, or Kamal?
Those are tools you install, update, and babysit yourself. Reoclo is a managed control plane: you bring the servers, we run the platform. Agents, status pages, and audit come in the box.
What does MCP-native actually mean?
Every action a person can take in the dashboard has a matching MCP tool. Point Claude, Cursor, or any MCP client at your org and it can deploy, inspect, tail logs, roll back, and open incidents. Each call runs under a scoped key and is written to the audit log.
Can an agent break production?
Only what you scope it to. Agent keys follow the same RBAC as people. Grant read-only, restrict to one app or environment, or revoke on the spot.
Which cloud providers do you support?
All of them, and none in particular. Reoclo installs a small runner on raw Linux, not a cloud API. Any box with an IP address is a deployment target.
Is my data secure?
Secrets are envelope-encrypted with AES-256-GCM. Decryption happens only during a deploy, inside an isolated worker. Every action, human or agent, is audit-logged.
What happens when a server goes down?
The runner sends a persistent heartbeat. An unreachable server raises an alert and recovers automatically when connectivity returns.
Do I have to set up logging myself?
No. Reoclo streams container and journal logs from your servers and aggregates them for you. Search, tail, and filter from one place, or hand it to your agent.
Your servers. Your agents. One control plane.
Reoclo is in private beta. Tell us what you run, and we will get you deploying on your own infrastructure.