Docs · Primitive reference

`heroa.deploy()`

Hosting is a tool call. An agent, mid-run, can stand up a new app, service, or sub-agent and get back a URL, an endpoint, or a handle. This is the flagship primitive.

Three modes

app. A web app with auto-provisioned TLS, a public URL, and a container runtime.
service. A private service reachable from other agents in the same tenant or region. No public URL unless opted in.
agent. A sub-agent with its own run loop, template, and policy envelope.

Parameters

Parameter	Type	Description
`mode`	enum	app \| service \| agent
`region`	string	Target region code. Defaults to caller's region.
`resource_tier`	enum	small \| medium \| large. Governs CPU, memory, and GPU access.
`ttl`	duration	Time-to-live. "15m", "2h", "24h", or "persistent".
`policy`	object	Network egress, tool-call allow list, secret scopes.
`template`	string	Agent template id (agent mode only).
`source`	string \| ref	Container image, tarball, or repo ref (app / service mode).

Response shape

{
  "url":     "https://ab12cd34.heroa.app",   // app mode
  "endpoint":"heroa://tenant/svc/ab12cd34",   // service mode
  "handle":  "agent_ab12cd34",                // agent mode
  "mode":    "app",
  "region":  "us-east",
  "expires_at": "2026-04-25T12:00:00Z"
}

Example: agent spawns a sub-agent

A research-agent decides it needs a batch-processor to handle a hundred parallel embeddings jobs, so it deploys one.

// TypeScript
import { heroa } from "@heroa/sdk";

const worker = await heroa.deploy({
  mode: "agent",
  template: "batch-processor",
  region: "us-east",
  ttl: "30m"
});

const out = await worker.run({ input: { items: docs, task: "embed" } });

Example: agent deploys an API it just built

A coding-agent, mid-task, deploys its generated Express API so it can point the next task at a live URL.

# Python
import heroa

endpoint = heroa.deploy(
    mode="app",
    region="us-east",
    resource_tier="small",
    ttl="2h",
    source={"repo": "github.com/tenant/generated-api", "ref": "HEAD"},
    policy={"egress": "allow-list", "allow_list": ["api.github.com"]},
)

print(endpoint["url"])
# -> https://ab12cd34.heroa.app

Example: production app with auto-provisioned TLS

A coding-agent stands up a production-grade app, persistent, with a policy that locks it to a single egress domain.

// Go
package main

import (
    "context"
    "fmt"
    "os"

    "github.com/heroa/heroa-go"
)

func main() {
    ctx := context.Background()
    client := heroa.NewClient(os.Getenv("HEROA_API_KEY"))

    res, err := client.Deploy(ctx, heroa.DeployInput{
        Mode:         heroa.ModeApp,
        Region:       "us-east",
        ResourceTier: heroa.TierMedium,
        TTL:          "persistent",
        Source:       heroa.Source{Image: "ghcr.io/tenant/checkout-api:v1.2.3"},
        Policy: heroa.Policy{
            Egress:    "allow-list",
            AllowList: []string{"api.stripe.com"},
        },
    })
    if err != nil {
        fmt.Fprintln(os.Stderr, err)
        os.Exit(1)
    }
    fmt.Println(res.URL)
}

Why this matters

Without heroa.deploy(), agent-to-agent infrastructure is a pile of brittle scripts. With it, agents provision their own substrate, inside their own policy envelope, as a single SDK call.