This is a hypothetical reference architecture showing how you would build an AI agency fleet on osModa. All daemons, tools, and pricing are real and available in the current public beta. No company names or testimonials are fabricated.
AI Agency at Scale: Managing 20+ Client Agents
A reference architecture for AI agencies managing 20 or more client agent deployments across multiple osModa servers. This blueprint covers fleet management with osmoda-mesh, per-client server isolation, audit trails for client compliance reporting, and egress control per client — all on flat-rate pricing you can build directly into consulting contracts.
AI agencies face a unique infrastructure challenge: every client expects dedicated resources, complete data isolation, compliance evidence, and 24/7 uptime. Managing this across 20+ clients on generic VPS infrastructure means building and maintaining custom DevOps tooling for every engagement. This blueprint shows how osModa's platform eliminates that overhead by providing per-client dedicated servers with fleet management, self-healing, and audit built in.
TL;DR
- • 5 Pro-tier osModa servers managing 15-20 client agents with full isolation between clients
- • osmoda-mesh connects all servers in an encrypted P2P fleet for centralized monitoring
- • Per-client egress control via osmoda-egress prevents unauthorized data access across clients
- • SHA-256 audit ledger on each server generates compliance evidence automatically
- • Estimated cost: ~$175/month for the fleet (5 x $34.99 Pro), plus external LLM API costs
The Problem: Scaling an AI Agency Beyond 10 Clients
An AI agency building and deploying autonomous agents for clients hits a wall around 10-15 active deployments. Each client expects their agents to run on isolated infrastructure — no shared databases, no shared processes, no risk that one client's agent can access another client's data. Regulated clients (healthcare, finance, legal) require tamper-proof audit trails for compliance reviews.
On generic VPS infrastructure, the agency must build all of this from scratch for every client: custom process supervision, crash recovery scripts, audit logging pipelines, secrets management, server hardening, and monitoring dashboards. At 10+ clients, the DevOps overhead exceeds the time spent building actual agents. Engineers become infrastructure babysitters instead of agent builders.
Meanwhile, shared agent platforms (the kind where you deploy agents through a web UI) solve the deployment problem but destroy the agency model. No root access means you cannot customize environments for client-specific requirements. No SSH means you cannot debug production issues. Credit-based pricing makes costs unpredictable. And shared infrastructure means one client's workload can degrade another's performance.
20+
Client Agents
100%
Data Isolation
24/7
Uptime Required
SOC 2
Compliance Needed
Architecture: Fleet Management with osmoda-mesh
Each client gets a dedicated osModa server. All servers connect through an encrypted mesh for fleet-wide management.
┌─────────────────────────────────────────────────────────────┐
│ AGENCY CONTROL PLANE │
│ (Management Server) │
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ agentd │ │ osmoda-mesh │ │ osmoda-watch │ │
│ │ supervisor │ │ fleet mgmt │ │ health mon │ │
│ └──────────────┘ └──────┬───────┘ └──────────────┘ │
│ │ │
│ ┌──────────────┐ ┌──────┴───────┐ ┌──────────────┐ │
│ │ osmoda-keyd │ │ P2P mesh │ │osmoda-egress │ │
│ │ master keys │ │ Noise_XX + │ │ fleet policy │ │
│ └──────────────┘ │ ML-KEM-768 │ └──────────────┘ │
│ └──────┬───────┘ │
└───────────────────────────┼─────────────────────────────────┘
│
┌───────────────┼───────────────┐
│ │ │
┌───────────▼──┐ ┌────────▼──────┐ ┌─────▼─────────┐
│ CLIENT A │ │ CLIENT B │ │ CLIENT C │
│ Server #1 │ │ Server #2 │ │ Server #3 │
│ │ │ │ │ │
│ agentd │ │ agentd │ │ agentd │
│ osmoda-watch │ │ osmoda-watch │ │ osmoda-watch │
│ osmoda-mesh │ │ osmoda-mesh │ │ osmoda-mesh │
│ osmoda-egress│ │ osmoda-egress │ │ osmoda-egress │
│ osmoda-keyd │ │ osmoda-keyd │ │ osmoda-keyd │
│ audit ledger │ │ audit ledger │ │ audit ledger │
│ │ │ │ │ │
│ LangGraph │ │ CrewAI agent │ │ Custom Python │
│ agents (x3) │ │ team (x5) │ │ agents (x4) │
│ │ │ │ │ │
│ Egress: CRM │ │ Egress: DB, │ │ Egress: API, │
│ API only │ │ Stripe │ │ S3 bucket │
└──────────────┘ └───────────────┘ └───────────────┘
... + Servers #4, #5 for Clients D-G (3-4 agents each)The architecture consists of one management server and multiple client servers, all connected through osmoda-mesh. The management server runs a supervisor agent that monitors fleet health, aggregates audit data, and manages deployments. Each client server is completely isolated — separate hardware, separate processes, separate audit ledger, separate egress rules.
osmoda-mesh creates encrypted peer-to-peer connections between servers using Noise_XX + ML-KEM-768 hybrid encryption. This means fleet coordination happens without any central relay or cloud service seeing the traffic. Each server pairs with the management server via an invite code, and only explicitly paired servers can communicate.
Each client server runs the full osModa stack independently. If the management server goes down, client agents continue running uninterrupted — osmoda-watch on each server handles local crash recovery. The fleet is decentralized by design: management is a convenience layer, not a dependency.
osModa Features in This Blueprint
This architecture uses 5 of the 9 Rust daemons and leverages multi-model support across the fleet.
osmoda-mesh
Fleet-wide encrypted P2P networking. Connects all client servers to the management server for health monitoring, audit aggregation, and coordinated deployments. Uses Noise_XX + ML-KEM-768 encryption. No central relay.
osmoda-egress
Per-client outbound network control. Client A's agents can only reach their CRM API. Client B is locked to their database and Stripe. Prevents data exfiltration and ensures each agent only communicates with authorized endpoints.
osmoda-watch
24/7 health monitoring on every server. Detects agent crashes and triggers agentd restart within 6 seconds. Falls back to NixOS atomic rollback if repeated failures occur. Each server monitors itself independently — no single point of failure.
osmoda-keyd
Per-server secrets management. Each client's API keys, tokens, and credentials are stored on their own server. No cross-contamination. Agency can rotate client keys without affecting other deployments. Secrets never leave the server.
SHA-256 Audit Ledger
Every action on every server is recorded in a hash-chained ledger. Each client's ledger is independent and tamper-evident. Export logs for client compliance reviews (SOC 2, HIPAA). The agency can demonstrate to each client exactly what their agents did and when.
Multi-Model Support
Different clients can use different LLM providers on their servers. Client A runs Claude, Client B runs GPT-4, Client C uses Llama locally. The agency is not locked into a single provider, and each client's model choice does not affect other deployments.
Cost Estimate
Flat-rate pricing. No per-token charges. External LLM API costs vary by provider and usage.
| Component | Qty | Plan | Monthly Cost |
|---|---|---|---|
| Management server | 1 | Pro | $34.99 |
| Client servers | 4 | Pro | $139.96 |
| Total osModa infrastructure | 5 | — | $174.95 |
| External LLM APIs | — | — | Varies by usage |
At $174.95/month for 5 servers hosting 15-20 client agents, the infrastructure cost per client agent is approximately $8.75-$11.66/month. This is a predictable cost you can build into client contracts. If clients need more resources, upgrade individual servers to Team ($62.99) or Scale ($125.99) without affecting other clients. For agencies with fewer clients, Solo ($14.99) servers can host lightweight agents and prototypes.
Compare this with the DevOps engineering cost of building equivalent infrastructure from scratch: process supervision, crash recovery, audit logging, secrets management, server hardening, and fleet monitoring typically require 2-4 months of engineering time. At market rates, that is $30,000-$80,000 before your first client agent runs.
Expected Results
Based on the platform capabilities. These are projections, not guarantees.
Deployment Speed
New client agent from contract signing to production in under 20 minutes. Provision a server at spawn.os.moda, configure the agent environment, inject secrets, and the agent is live. No DevOps pipeline to build. No infrastructure to provision manually.
Uptime
Self-healing via osmoda-watch with 6-second crash recovery and NixOS atomic rollback as fallback. Each server recovers independently — a crash on Client A's server never affects Client B. The agency can offer uptime SLAs backed by infrastructure-level recovery.
Compliance Readiness
Automatic audit trail generation on every server. When a regulated client requests compliance evidence, export the SHA-256 hash-chained audit ledger. No manual evidence collection. No last-minute scrambles before audits. The evidence is generated continuously as agents operate.
Engineering Focus
Agency engineers spend time building agents, not maintaining infrastructure. Self-healing eliminates 3am wake-ups. Fleet management provides visibility without custom dashboards. The agency can scale from 5 clients to 50 without hiring DevOps engineers.
Frequently Asked Questions
Is this a real customer case study?
No. This is a reference architecture — a hypothetical but technically accurate blueprint showing how you would build an AI agency fleet on osModa. Every daemon, tool, and pricing figure referenced is real and available in the current public beta. We publish this as an architecture blueprint, not a customer testimonial.
How does osmoda-mesh handle fleet coordination across servers?
osmoda-mesh creates a peer-to-peer encrypted network between your osModa servers using Noise_XX + ML-KEM-768 hybrid post-quantum encryption. Servers pair via invite codes. Once paired, agents on different servers can communicate securely without a central relay. For an agency, this means a supervisor agent on your management server can coordinate with client agents across the fleet without exposing any data to intermediaries.
Can different clients use different LLM providers?
Yes. Each osModa server is fully independent with its own configuration. Client A can use Claude, Client B can use GPT-4, and Client C can use a local open-source model. API keys are managed per-server through osmoda-keyd, so there is no cross-contamination of credentials. You can even run multiple models on a single server for agents that need multi-model support.
What happens when a client agent crashes at 3am?
osmoda-watch detects the crash and agentd restarts the agent process automatically, typically within 6 seconds. If the agent fails repeatedly, NixOS atomic rollback reverts to the last known-good system configuration. The SHA-256 audit ledger records the crash, restart attempts, and recovery. You see all of this in your fleet dashboard — but you do not need to wake up for it.
How does per-client egress control work?
osmoda-egress lets you define allowlists and blocklists for outbound network traffic on each server independently. Client A's agent can access their CRM API but nothing else. Client B's agent can reach their database and payment processor. This prevents data exfiltration and ensures each client's agent only communicates with authorized endpoints. The egress rules are part of the NixOS configuration and survive reboots.
Why not just use Kubernetes for multi-client agent management?
Kubernetes adds complexity that agencies rarely need. You would need to manage the cluster itself, configure RBAC per client, handle persistent storage, set up network policies for isolation, and build your own audit logging. With osModa, each client gets a dedicated server with isolation built in, audit trails automatic, and self-healing pre-configured. No cluster management overhead. For a detailed comparison, see our Kubernetes comparison page.
Build Your Agency Fleet on osModa
Dedicated servers per client. Encrypted mesh for fleet management. Self-healing and audit built in. From $14.99/month per server.
Last updated: March 2026