Nora
The self-hosted AI agent ops platform.
Deploy, monitor, and operate OpenClaw and Hermes runtimes from one operator surface β runtime-neutral, Apache 2.0, and on infrastructure you control. Run agents on Docker or Kubernetes today, use NemoClaw sandboxes experimentally, and track Proxmox as a planned execution target.
π Documentation Β· Quick Start Β· Self-Hosting Β· Architecture Β· How Nora Compares Β· Changelog Β· Public Site Β· Create Account
What Is Nora?
Nora is the self-hosted AI agent ops platform for running autonomous agent fleets on infrastructure you control, whether you standardize on OpenClaw, Hermes, or keep both available in the same operator surface.
Most teams running agents in production eventually rebuild the same layer around the runtime itself: deploy workflows, secrets, monitoring, logs, terminal, Agent Hub templating, and a separate admin surface. Nora exists so that layer doesn't have to be rewritten every time the runtime conversation changes.
In one place: deploy OpenClaw and Hermes runtimes, migrate existing runtimes via uploaded bundles or live Docker/SSH inspection, manage provider keys with sync to running runtimes, validate agents through runtime-specific surfaces, browse and edit live runtime files, install Agent Hub starter templates, review monitoring and account event history, and connect channels and integrations from the same control plane. Operator workflows live under /app; platform-wide admin lives under /admin.
β Why Nora Β· Runtime model Β· Deployment footprint
Quick Start
macOS / Linux / WSL2:
curl -fsSL https://raw.githubusercontent.com/solomon2773/nora/master/setup.sh | bashWindows (PowerShell):
iwr -useb https://raw.githubusercontent.com/solomon2773/nora/master/setup.ps1 | iexWindows requires PowerShell 7+. The default Windows PowerShell 5.1 is not supported β run the command above from a
pwsh7 session.
The installer verifies prerequisites, generates or preserves secrets, optionally creates a bootstrap admin, picks free local ports when the defaults are busy, and starts the stack. Once it finishes, open the URL printed by setup. Local mode defaults to http://localhost:8080, but setup may select another port such as 8081 on a busy workstation. Then follow the first-15-minutes walkthrough.
For manual setup, environment variables, public-domain mode, TLS, Kubernetes, NemoClaw, and planned Proxmox configuration, see the docs:
- Self-hosting guide
- Environment variables reference
- Provisioner backends (Docker and k3s/Kubernetes are GA; NemoClaw is experimental; Proxmox is planned)
- TLS and public domains
- Fronting a launch with Cloudflare β edge caching, rate limiting, and spike absorption for the single-host deploy
Documentation
Full docs live at noradocs.solomontsao.com. The MDX source is in docs/.
| Section | What's there |
|---|---|
| Quick Start | Install and validate your first agent in 15 minutes |
| Concepts | Architecture, agents, runtimes, workspaces, LLM providers, Agent Hub |
| Configuration | Platform modes, env vars, provisioner backends, TLS / public domains |
| Guides | Deploy agent, providers, integrations, channels, monitoring, alert rules, backups, Agent Hub, NemoClaw |
| API Reference | Auth, workspaces, agents, channels, integrations, providers, monitoring, alert rules |
| Support | FAQ, troubleshooting |
Architecture
Nginx
βββ / β frontend-marketing (Next.js)
βββ /app/* β frontend-dashboard (Next.js)
βββ /admin/* β admin-dashboard (Next.js)
βββ /api/* β backend-api (Express.js)
βββ PostgreSQL
βββ Redis + BullMQ (deployments, clawhub-installs, backups, alert-deliveries)
βββ worker-provisioner
βββ worker-backup
βββ runtime adapters/profiles (Docker GA Β· k3s/k8s GA Β· NemoClaw experimental Β· Proxmox planned)Full architecture write-up β system map, queue/worker boundaries, RBAC, migration contract, deployment topologies β is in docs/concepts/architecture.
Tech Stack
| Layer | Technology |
|---|---|
| Reverse proxy | Nginx |
| Frontends | Next.js 16, React 19, Tailwind CSS |
| Backend API | Express.js 5, Node.js 24 LTS |
| Auth | JWT, HttpOnly cookies, bcryptjs, provider OAuth bridge |
| Database | PostgreSQL 15 |
| Queue | BullMQ + Redis 7 |
| Runtime families | OpenClaw, Hermes |
| Provisioning backends | Docker and k3s/Kubernetes (GA); NemoClaw (experimental sandbox); Proxmox (planned) |
| Secrets at rest | AES-256-GCM (provider keys, integrations, backups) |
Public REST API and CLI
Workspace-scoped API keys (bearer-only, prefixed nora_, HMAC-hashed at rest, scope-based) drive a stable subset of the REST surface. Issue keys at /app/workspaces/<id>/api-keys.
export NORA_TOKEN="nora_..."
curl -H "Authorization: Bearer $NORA_TOKEN" https://your-nora.example.com/api/agentsA small CLI lives in cli/ (@nora/cli) and wraps the same surface for nora workspaces, nora agents, and nora monitoring. See the API reference for the supported endpoints and scopes.
Roadmap
Current roadmap items:
- High priority - NemoClaw experimental hardening: mature the experimental secure-sandbox profile across enablement, NVIDIA key and model configuration, OpenShell policy controls, approvals, gateway health, logs, terminal access, telemetry, and end-to-end validation.
- Proxmox execution target: complete the planned LXC deployment path for standard, Hermes, and NemoClaw-backed runtimes, with stronger API/SSH validation, template handling, lifecycle operations, log streaming, telemetry, and smoke coverage.
- Hermes/OpenClaw parity: close runtime gaps across validation, deployment readiness, logs, terminal access, monitoring, integration setup, and failure reporting.
- First-run operator UX: tighten the setup path for workspaces, LLM providers, provisioning backends, the first agent deploy, and recommended smoke checks.
- Account-scoped monitoring: add account-level health views that roll up workspace, agent, runtime, cost, and alert signals with drill-downs where operators need detail.
- Auth and key-sync hardening: strengthen session and API-key boundaries, provider key propagation, audit trails, key rotation, and recovery from partial sync failures.
- Agent Hub ergonomics: improve template discovery, install/configure flows, version metadata, setup guidance, and post-install validation.
Development
# Docker (recommended)
docker compose up -d
docker compose logs -f backend-api
# Tests
cd backend-api && npx jest --no-watchman
cd e2e && npm testDetailed contributor guidance, subtree ownership, and development commands live in CLAUDE.md. For deeper repo work, read CONTRIBUTING.md, the root AGENTS.md, and the nearest subtree AGENTS.md.
Contributing
Strong contribution areas: runtime adapter work Β· operator and admin UX Β· provisioning and lifecycle orchestration Β· integrations and channels Β· test and CI hardening Β· self-hosted deployment ergonomics.
Typical workflow: fork β branch (feature/...) β commit β pull request.
Community
License
This project is open source under the Apache License 2.0.