Run AI coding agents over a codebase.
Pond owns the run lifecycle — submit, fan out, fetch, sandbox, keep secrets
from the agent, track cost — behind a small, product-neutral /v1
API. Your app stays a thin consumer.
One command, just Docker — no Kubernetes, no host Python, no sudo.
Run lifecycle
Submit, fan out across a worker pool, fetch & bundle source, execute stages, track cost — end to end.
Sandboxed
Agents run confined: read-only checkout or throwaway copy, default-deny egress. Container, gVisor, or Firecracker.
Secrets stay sealed
Model credentials are sealed to the worker and injected by a broker. The agent only ever holds a dummy key.
Confidential
Logs and artifacts are sealed to your key end to end. The control plane and any proxy store only ciphertext.
Dials inward
Workers poll an orchestrator; the orchestrator polls the control plane. Pools sit behind NAT; Pond never dials out.
Product-neutral /v1
Pond never imports your domain models. Your app decides what agents do; Pond just runs them, safely.