Built for the way infrastructure works today
ScriptMesh is a cloud-hosted orchestration platform that makes remote script execution as simple as an HTTP call — with encryption, whitelisting, and observability built in.
Make distributed script execution as simple as a REST call
Modern infrastructure is distributed. Your maintenance scripts run on on-prem servers, your cron jobs run in the cloud, your data pipelines run on edge nodes. Coordinating these across machines usually means SSH, shared filesystems, or heavyweight orchestration tools designed for containers.
ScriptMesh fills the gap between manually SSH-ing into each server and running full Kubernetes. It is a lightweight, security-first SaaS platform that lets you trigger scripts on any remote node via a clean REST API — with manifest-based whitelisting, Fernet-encrypted credentials, APScheduler cron, and full job history built in.
Agents connect outbound to the orchestrator at api.getscriptmesh.com. No inbound ports. No VPN. No SSH. Your scripts stay on your servers.
Why SSH-based automation breaks at scale
Every team eventually hits the wall with manual script management.
Why we built it this way
HTTP over SSH
SSH-based remote execution is powerful but operationally painful — key management, jump hosts, port forwarding. HTTP APIs are simpler to secure, audit, automate, and rate-limit.
Whitelist, not blacklist
Default-deny is the right posture for remote execution. Only scripts explicitly listed in an agent's manifest can run. Everything else is silently blocked before any code executes.
Encryption first
Agent API keys are encrypted at rest using Fernet symmetric encryption (AES-128-CBC + HMAC-SHA256). Keys are only decrypted in-memory at request time. We treat credentials like passwords.
Tenant isolation
Every resource — agents, jobs, schedules, integrations, API keys — is scoped to a tenant. Multi-tenancy is baked in at the schema level, not bolted on after the fact.
Built on proven foundations
Every technology choice in ScriptMesh was made for reliability, simplicity, and security.
High-performance Python async API server with automatic OpenAPI generation.
Agents ship as lightweight Docker containers deployable anywhere.
Battle-tested Python scheduler with missed-fire detection and timezone support.
AES-128-CBC symmetric encryption for agent API keys stored at rest.
Write-Ahead Logging for durable, crash-safe job and schedule storage.
Transactional email delivery for verification codes, password resets, and welcome emails.
What we stand for
Security by default
Every endpoint is authenticated. Every script is whitelisted. Credentials are encrypted at rest. Security is the foundation, not a layer added on top.
Operational simplicity
Deploy agents with one Docker command. No sidecar daemons, no shared NFS mounts, no orchestration frameworks. Simple systems fail loudly and recover fast.
Open source core
The core is MIT licensed and developed in the open. No telemetry, no hidden features, no vendor lock-in. You own your infrastructure and your data.
Distributed by design
Built for modern infrastructure: heterogeneous nodes, cloud + on-prem hybrid, edge servers. Agents connect outbound — no inbound ports required.
Developer experience
Every API is self-documented via OpenAPI. Error messages tell you what went wrong and how to fix it. The dashboard shows you what you need, nothing more.
Zero trust between agents
Each agent has its own unique API key. A compromised node cannot affect the rest of your fleet. Revoke a single key without redeploying anything else.
Our open source commitment
The ScriptMesh core will always be free and open source under the MIT license. We build a sustainable business through managed cloud and enterprise offerings — not by gatekeeping the foundation. Inspect every line, fork it, run it yourself.
Get in touch
Questions, feedback, partnership inquiries, or support — we would love to hear from you.