THERAID PROJECT

Ephemeral AI agents with real infrastructure isolation.
Mission-specific. Zero lingering access. Perfect resume.

BUILT FOR TEAMS WHO CANNOT AFFORD AGENT INCIDENTS

THE PROBLEM

Most agents are permanent residents.

Broad access. Always running. One mistake and the blast radius is everything. RAID agents are missions. They show up, finish, and leave.

THE NAME

A raid is a mission, not an occupation.

Most agent platforms run persistent processes with broad access. One mistake and everything is exposed.

RAID is the opposite. You define a mission in one YAML file, launch an isolated agent, get the result, and it disappears.

Go in. Do the job. Come home. No permanent footprint.

See the military definition: raid (military).

Zero cloud required

npm install
ANTHROPIC_API_KEY=sk-... npm run serve   # real Telegram

Drop a YAML in recipes/. New agent type, no code.

CAPABILITIES

Agents that know when to stop.

Defined by recipe

One YAML file holds persona, tools, policy, secrets, TTL, and contract. New agents without new code.

Infrastructure isolation

Each agent runs in its own container. Control plane never sees keys. Policy enforced at the SDK.

Perfect resume

State, files, and CLAUDE.md are snapshotted. The next raid continues exactly where the last one stopped.

Portable by strategy

Compute, state, and secrets are swappable adapters. Local today. Cloudflare tomorrow. Fly later.

Ephemeral by default

Mission starts. Mission ends. Agent stands down. No lingering access or always-on risk.

Telegram control

One control bot. One bot per agent. Live streams. No dashboards required.

WHAT SETS RAID PROJECT APART

Defined by recipe

One YAML file holds persona, tools, policy, secrets, TTL, and contract. New agents without new code.

Infrastructure isolation

Each agent runs in its own container. Control plane never sees keys. Policy enforced at the SDK.

Perfect resume

State, files, and CLAUDE.md are snapshotted. The next raid continues exactly where the last one stopped.

FLOW

How it works

1. Write the recipe

One YAML. Mission, tools, policy, TTL, and secrets. That's the entire agent.

2. Send it out

Trigger from Telegram. It boots in full isolation for this mission only.

3. Do the job

Live stream in your bot. Tool calls respect the recipe policy. Container is the boundary.

4. Come home

Results and state are saved. The agent stands down. Next call starts exactly where it left off.

SECURITY

Security from the first line.

OWNERSHIP

Only you control what you created

Telegram allowlist or first-caller. Rate limits and audit logs included.

POLICY

Enforced where the agent runs

Claude SDK PreToolUse hooks. Container is the real boundary.

SECRETS

Control plane never touches keys

Secrets injected by name at runtime inside the container only.

EPHEMERAL

Stand down when done

Short TTL. Full isolation during the mission. State saved for the next one.

COMPARISON

How RAID is different

Dimension	OpenClaw	NanoClaw	Hermes Agent	RAID PROJECT
Lifecycle	Always-on	Long-running	Continuous	Ephemeral. Execute then stand down.
Isolation	App permissions	Container	Multiple backends	Infrastructure level + adapters
Definition	Skills & plugins	On-demand skills	Self-generated	Single YAML mission contract
Resume	Always present	Per-agent memory	Long-term memory	Snapshot on return. Next raid resumes.
Risk	High	Medium-low	Medium	Lowest. Short TTL + full isolation.
Best for	Explorers	Personal use	Personal companions	Teams that send agents and bring them home.

Declarative missions. Real isolation. Portable strategies.

NO CODE

One file. One agent.

dev-agent.yaml

Code changes and PRs. Per-repo grants.

TTL: 6h

sdr-agent.yaml

Outreach. gmail.send allowed.

TTL: 1h

researcher.yaml

Reads, reasons, saves notes. Resumes cleanly.

TTL: 30m

ops-agent.yaml

Shell + k8s. Policy gated. Never self-deploys.

TTL: 24h

Browse all recipes

OPEN SOURCE

Production standards. Not an experiment.

→ MIT license. Free to use and extend.
→ Strategy adapters for secrets, state, compute. Swap any backend.
→ Local first. Zero cloud to try (npm run serve).
→ Recipes are the product. New agent = new YAML file.
→ Small core. Real tests. Explicit seams.

The raccoon 🦝 is intentional. Raccoons are quick, clever raiders. In. Out. No trace. Same idea.

🌍

“Finally an agent system designed by security people first.”
Security Lead
Series B SaaS
“One YAML file is now one governed capability. Huge shift.”
Platform Engineer
Fintech
“Resume works. Picks up hours later exactly where it stopped.”
Head of AI
AI Infrastructure
“The isolation and portability are what we actually needed.”
CTO
Enterprise

FAQ

Questions

What does "raid" mean here?

A short, isolated mission. See Wikipedia. The agent goes in, finishes, and leaves. No lingering access.

How is RAID different?

Most tools run persistent agents. RAID agents are ephemeral, defined in YAML, and isolated at the infrastructure level.

Do I need Cloudflare?

No. Runs locally with zero cloud. Cloudflare is one adapter. Strategies let you swap backends later.

Does state survive?

Yes. CLAUDE.md, files, and memory are snapshotted. The next run picks up exactly where it stopped.

PROFESSIONAL SERVICES

We help teams ship agents that know when to leave.

Core is free and open. We also build recipes, set up isolation, and run production missions.

eliran@webo-tech.com