Private beta

Go touch grass.We got the PRs.

cad·re \ˈka-ˌdrā\ noun. a small, highly-trained group of specialists.
cadrai — your agentic engineering team, on call in the cloud.

Cadrai is a seven-agent cloud engineering team — PM, Architect, Engineer, QA, UI/UX, Code & Docs Reviewers — that plans, builds, tests, and ships pull requests while you sleep, ski, or hang with friends. Brief the PM from MCP, Claude, OpenClaw, or a one-line curl. They'll take it from there.

Request early access See how it works
live demo
$ cadrai task submit — touch grass while it ships7 agents per projectReview Board swaps one reviewer for three independent votes1 DevBox per taskDrive it from Claude · OpenClaw · Discord · dashboardSpeaks MCP · RESTAuto-commit every 15 min — your work survives crashesZero credentials in agent DevBoxes · broker-proxiedEmail escalation when the PM needs you
01meet the team

Seven specialists, one pull request.

Each task runs in its own DevBox, and each agent gets its own role, prompt, and worktree. They hand off through a broker — and every line of the transcript is yours.

PM
PM
Product manager
Talks to you. Breaks work down. Delegates to the team. Owns the plan.
"Looping in Architect. Back in 10."
AR
Architect
Technical design
Drafts the design. Flags trade-offs. Asks the awkward scaling question you forgot.
"What's the failure mode at 10×?"
EN
Engineer
Implementation
Writes the code. Lives in a DevBox worktree. Auto-commits WIP every 15 minutes.
"Pushing to task/417. Tests green."
QA
QA
Verification
Writes the tests the Engineer hoped to avoid. Verifies edge cases. Breaks things on purpose.
"State-param mismatch → 400? Currently 500."
UX
UI/UX
Design review
Reviews interfaces. Flags accessibility gaps. Argues for fewer modals.
"Contrast fails on the error state."
CA
Code Reviewer
Security
Reads diffs like a hawk. Hunts secrets in logs. Blocks on SQL injection.
"This log line leaks the access token."
DA
Docs Reviewer
Documentation
Keeps the docs in sync with the code. Drafts changelogs. Hates drift.
"API docs are three PRs behind."
+
You
Final reviewer
The only human in the loop. You brief the PM, answer the occasional question, and merge the PR. That's it.
"Merged. What's next?"
02how it works

Task comes in. PR goes out.

Brief the PM. The team plans, builds, tests, and ships — and only pings you when there's a real decision to make.

PM · inbox
you → pm
Add Google + GitHub OAuth to the checkout flow. Keep the current session model intact.
pm → you
Got it. Looping in Architect to draft a plan. I'll come back when we have something for you to approve.
pm → architect
TASK_ASSIGNMENT · Design OAuth flow. Constraints: keep session model. Deadline: EOD.
architect → team
Plan draft: OAuth2 authorization-code flow with PKCE. Add auth_providers table. Store refresh tokens encrypted. 3 new routes.
pm → you · QUESTION
Architect wants to store refresh tokens using Supabase Vault. OK with that, or keep app-level encryption?
you → pm
Supabase Vault is fine. Go.
// broker/lib/auth/oauth.ts · devbox-3a1f · task/417 export async function handleOAuthCallback(req: Request) { const { code, state } = await req.json() const tokens = await exchange(code) await vault.store(tokens.refresh_token) return session.create(tokens.id_token) }
engineer → team
First pass pushed. Covering Google + GitHub. 14 commits, tests passing locally.
tests/oauth.test.ts · 12 passed
+ test('rejects mismatched state parameter')
+ test('refresh token stored in vault, not db')
− test.skip('rate-limit on callback endpoint')
+ test('rate-limit on callback endpoint')
qa → team · RESPONSE
12/12 green. Covered state-mismatch edge case. Approved.
code-auditor → team
Refresh token handling looks clean. No secrets in logs. Approved.
pm → you · HANDOFF
PR #417 is up: task/417main. 14 commits, +612 −48. Passing checks. Ready for your review.
you → pm
Merged. Start on the next one.
03review board

Skip the single-model blind spot. Put the PR on trial.

For high-stakes changes, Cadrai can replace the single Code Reviewer with a Review Board. Three independent review agents, each with their own configured provider and model. Let them debate, then get one persisted verdict with blockers, dissent, and remediation attached.

Independent first passEach reviewer starts from the handoff before seeing the others.
Cross-model debateMix providers so failure modes do not come from one model family.
Policy-controlled verdictUse majority approval or require unanimity for stricter gates.
#417Add GitHub OAuth to checkoutConnected
AgentsReview BoardBlocked 2/3
Team-commsReview Board verdict
Blocked 2/3Two reviewers found blockers. Dissent stays in the audit trail.
Majority block
RB-1: OAuth callback skips state validationHigh · auth callback
3 block

The callback accepts provider state without matching it against the session, which can allow account-linking mixups.

RB-2: Refresh token can leak into logsMedium · credential handling
2 block

The failure path logs the full token exchange response. Redact credentials before emitting broker diagnostics.

Review BoardReadable
Reviewer 1Anthropic / opus
Block
Reviewer 2OpenAI / gpt-5
Approve
Reviewer 3Google / gemini
Block
[Reviewer 1] final_vote block; issues: RB-1, RB-2
[Reviewer 2] final_vote approve; RB-1 accepted
[Reviewer 3] final_vote block; issues: RB-1, RB-2
[Board] verdict=blocked tally=2/3 persisted=true
task/417 · isolated DevBoxsealed
Agent DevBox
/data/worktrees/task-417
task/417 branchdummy auth.jsonno raw secrets
LLM + GitHub callsplaceholder credentials stripped
Broker credential proxy
1

Validate tenant, project, and task context.

2

Inject real provider or GitHub credential server-side.

3

Return response without exposing the token boundary.

Upstream APIs
Anthropic · OpenAI · GitHub
real credentials live here
04sandbox + secrets

Real sandboxes. Fake credentials. Your repo stays yours.

Each task runs in an isolated DevBox with its own task branch and worktrees. Agents receive placeholder credentials only. LLM and GitHub calls go through a credential proxy, where real secrets are injected server-side.

Task-scoped runtimeThe team works inside a leased Firecracker microVM, with each agent using their own git worktree.
Dummy agent keysAgents can make calls without ever holding the underlying tokens.
Safe branch isolationEvery task writes to its own branch, so main stays clean until you merge.
05configured team

Not a chatbot. A chain of command.

The PM routes work through the agentic team, and each agent can be tuned independently: provider, model, and thinking level. Put the Docs Reviewer on a fast model, Engineer on a model that scores high in coding, and the Code Reviewer on a model with high reasoning.

Role-scoped brainsEach specialist gets its own model defaults, prompt, and context.
PM owns handoffsAgents do not freestyle over each other; the PM moves work through the line.
Human escalationYou only get pulled in for approvals, ambiguity, or final merge decisions.
Team controlsprovider · model · thinking
PM routes the workrequest → verdict
01
Brief the PM

PM turns the request into assignments.

You → PM
02
Plan the change

Architect defines approach and risks.

PM → Architect
03
Build in a worktree

Engineer implements on the task branch.

PM → Engineer
04
Verify the work

QA checks behavior and regression risk.

PM → QA
05
Approve / Block

Quality gate decision before handoff.

Code Reviewer → PM
PMPM
Anthropicsonnet-4.6medium
ARArchitect
Googlegemini-3.1-prohigh
ENEngineer
OpenAIgpt-5.5high
QAQA
Anthropicsonnet-4.6medium
CRCode Reviewer
Anthropicopus-4.7high
06built for hours of use

The details that separate a toy from a team.

Live dashboard

Watch every agent's terminal in real time. Click any file path to jump into your editor. Multi-project tabs — because you have more than one thing shipping.

One DevBox per task

Every task gets its own Firecracker microVM and its own git worktree on a task/<id> branch. No collisions, no polluted main, no "works on my machine."

Zero credentials in DevBoxes

Agents never see API keys. LLM + GitHub calls route through a credential proxy that injects secrets server-side. Six layers of tenant isolation, end to end.

Auto-commit every 15 min

WIP auto-commits push to the task branch constantly. If a DevBox dies, your work is already safely on the remote. Squash before merge, of course.

Email when it matters

The PM escalates to email after ~30 minutes of waiting on a human decision. You're not glued to the dashboard — you're running a team.

Persistent audit history

Every operator-visible line of transcript is durably persisted per task. Come back a month later, scroll the conversation, know exactly why a decision was made.

07agents talking to agents

Drive it from any agent platform.

Cadrai ships with an MCP server and a REST API. Point Claude, OpenClaw, Cursor, a Discord bot, or your in-house agent at it — submit tasks, check status, answer the PM, all from wherever you already work.

POST
/api/v1/tasks
Submit a new task to a project. Returns a task_id you can poll.
GET
/api/v1/tasks/:id
Current status, active agent, elapsed time, open PRs.
GET
/api/v1/projects
List projects scoped to your tenant.
GET
/api/v1/messages
Check PM outbox — questions and handoffs waiting on you.
POST
/api/v1/messages/:id/reply
Answer the PM. Same as clicking reply in the dashboard.
cadrai.dev/api/v1
# submit a task from anywhere — your terminal, a cron, another agent.
curl -X POST https://cadrai.dev/api/v1/tasks \
  -H "Authorization: Bearer cdt_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "project_id": "proj_7f3a",
    "title": "Add Google + GitHub OAuth to checkout",
    "brief": "Use OAuth2 with PKCE. Store refresh tokens in Vault.",
    "priority": "normal"
  }'

# → { "task_id": "tsk_417", "status": "queued", "dashboard": "..." }
08questions, answered

Frequently asked.

How is Cadrai different from a single coding agent like Cursor?+
A single agent tries to hold every role in its head at once — planner, coder, tester, reviewer. Cadrai runs them as separate agents with distinct prompts, contexts, and worktrees. They hand work off through a broker, so the Engineer never sees the reviewer checklist, and the PM isn't distracted by a failing test. For stricter quality gates, the Code Reviewer can become a three-seat Review Board with independent models and a recorded verdict.
Where does the code actually run?+
In a Fly.io Firecracker microVM leased per task. Each task gets its own git worktree at /data/worktrees/<taskId>/. WIP auto-commits push to the remote every 15 minutes. When the task is done, the DevBox is released.
How do agents get my credentials?+
Funny you should ask. They Don't. DevBoxes hold a dummy placeholder key. Every LLM and GitHub call gets proxied through a broker that injects the real credential server-side, then strips the dummy. Combined with Supabase RLS, per-project VMs, per-task worktrees, and API key hashing, there are six layers of tenant isolation before anyone touches your repo.
Can I drive Cadrai from other agents?+
Yep — it's how most people use it. Cadrai exposes an MCP server with submit_task, check_messages, and reply_to_message tools, plus a REST API with the same powers. Point Claude, OpenClaw, your in-house agent, a Discord bot, or a cron job at it — your call.
What if the PM gets stuck waiting on me?+
PM posts the question to your outbox. If you don't answer within ~30 minutes, an email goes out. Meanwhile the team keeps moving on whatever doesn't depend on your answer.
When can I sign up?+
We're in private beta. Request access below — we onboard in small batches to keep the DevBox budget honest and the bug count low.

Put a team of agents on your backlog.

Private beta. We'll ping you when you're in. No newsletter spam, no LinkedIn thought pieces, no "10 prompts every founder should know."

$ we'll reply within 48h · no credit card required