Use cases
Build, ship, refactor —
with the customer's keys.
Sagewai is built for orchestrating CLI agents — Claude Code, Codex, Gemini — to do real customer work. The agents run inside identity-isolated sandboxes; their credentials never touch your control plane.
Mode 3 — the differentiator
A CLI agent does the actual work.
Mode 3 spawns a CLI agent (Claude Code, Codex, Gemini, or your own) inside the sandbox. The agent reads its LLM key from injected env, calls the LLM, edits files, and pushes artifacts to the configured destination — all without the worker host ever seeing the credentials.
Build a website from a brief
Claude Code
Customer sends a portfolio brief. Sagewai dispatches Claude Code inside an identity-isolated sandbox with the customer's Anthropic API key and GitHub token. Claude Code scaffolds a Next.js site in /workspace and pushes to the customer's repo. The worker host never sees either credential.
Refactor a repo and open a PR
Codex
Customer asks for performance fixes on a Python module. Sagewai dispatches Codex with the customer's OpenAI key and GitHub token. Codex reads the repo, makes the changes, opens a PR with a tested diff. Sagewai reports the PR URL back. Sandbox is destroyed; credentials are scrubbed.
Generate a research report
Claude Code or Gemini
Customer asks for a competitive landscape report. Sagewai uses Mode 0 to plan the structure (cheap planning LLM on the worker), Mode 3 to dispatch a CLI agent that researches and writes (customer's LLM key, customer's output bucket), and Mode 0 again to summarise the result. Three modes, one workflow.
Workflows mix modes
Per-step mode selection. Pay only for what you need.
A real workflow rarely uses one mode end-to-end. Cheap orchestration steps stay on the worker. Expensive CLI-agent steps acquire a sandbox. Verification often needs isolation but no credentials. Each step picks its own mode.
plan
Tier-1 LLM extracts structured requirements from the customer's brief. Runs inline. ~500ms.
build_site
Sandbox spawns Claude Code with ANTHROPIC_API_KEY + GITHUB_TOKEN injected from the Sealed profile. Claude Code edits /workspace and pushes to the target repo. ~5–15 min.
verify
Sandbox without identity clones the just-pushed commit, runs npm ci + npm run build, returns ok/failed. No credentials needed for the verify step. ~30–60s.
summarise
Tier-1 LLM writes a one-paragraph completion message. Sent via webhook to the customer. ~500ms.
One customer LLM bill, zero customer credentials touched outside the sandbox, four audited events. That's a Mode 0 → 3 → 1 → 0 pipeline.
The other modes
Modes 0, 1, and 2.
Mode 0 — Bare orchestration
Pure planning, summarising, validation. Runs inline on the worker using your operator-side LLM key. No sandbox cost, no per-customer credentials needed. Use it for the cheap glue work between expensive Mode 3 steps.
Mode 1 — Sandboxed (no identity)
Run untrusted code or shell commands in isolation. Sandbox container with empty env. Useful for executing user-provided Python snippets, image transforms, code linters — anything that needs isolation but doesn't touch customer credentials.
Mode 2 — Identity (no CLI agent)
Deterministic tool execution with customer credentials. Sandbox boots with the customer's Sealed Identity profile. Tools read os.environ for credentials. Use it when you know exactly what to do — query a customer database, fetch from their S3, hit their internal API.
Mode 3b — the just-in-time credential callback channel for fully open-ended workflows where credentials can't be enumerated at enqueue — is on the roadmap. See the architecture docs for the full design.
See it run.
The Quickstart walks through the Mode 0 → 3 → 0 portfolio-site pipeline end-to-end. About 15 minutes to a deployed site.