Skip to main content
PrivateLink is a secure networking feature that allows AI Agents and MCP servers running on Autonomy to connect to private infrastructure anywhere— databases, APIs, or internal systems—without exposing those systems to the public internet. Under the hood, PrivateLink uses Ockam’s secure channels, but the experience is fully integrated into the Autonomy platform. These connections are end-to-end encrypted, mutually authenticated, and application-layer routed—so they work across clouds, networks, and NAT boundaries with no special networking configuration. Use PrivateLink when your Autonomy Agent needs to connect to any non-public system, such as:
  • A PostgreSQL instance in a private AWS VPC
  • An internal microservice only accessible on a corporate network
  • A legacy ERP system in a datacenter
  • A developer’s laptop running a preview environment
PrivateLink gives your Agent secure, direct, policy-controlled access to those services—without requiring a VPN, reverse proxy, port forwarding, or public IP address. It’s secure by default, works with any protocol, and enforces identity-based access control at the application level.

How It Works

You run a lightweight Autonomy relay (called a “remote worker”) on or near your private resource. The remote worker registers a route to the private service (e.g., localhost:5432 for a database). Your Autonomy Agent requests a PrivateLink to that service. Autonomy brokers a mutually authenticated, encrypted tunnel from the Agent to the private service via the relay. The Agent receives a local port to connect to (e.g., localhost:7000), and from its point of view, the service “just works.” No changes are required to your network. The private service doesn’t need to listen on a public port. Everything is encrypted and access-controlled using cryptographic identities and short-lived credentials.
autonomy.yaml
name: example009
pods:
  - name: main-pod
    public: true
    containers:
      - name: main
        image: main
    portals:
      inlets:
        - from: 5555
          name: files
images/main/main.py
from autonomy import Agent, Knowledge, Model, Node


async def main(node):
    pioneer_docs = Knowledge("pioneer_ai_documents")
    await pioneer_docs.add_document(
        "Ownership in Pioneer.ai",
        "http://localhost:5555/ownership.md",
        content_type="text/markdown",
    )

    await Agent.start(
        node=node,
        name="henry",
        instructions="You are Henry, an expert legal assistant",
        model=Model("nova-micro-v1"),
        knowledge=pioneer_docs,
    )


Node.start(main)

autonomy cluster ticket

1. Apex Ventures - 9.25%
2. Horizon Capital Partners - 3%
3. Catalyst Growth Fund - 4.75%
4. Summit Equity Group - 12%
5. Innovatech Ventures - 12%
6. Blue Sky Capital - 20%
7. Quantum Leap Investments - 32.75%
8. Elevate Ventures - 6.25%

python3 -m http.server --bind 127.0.0.1 5555

autonomy zone outlet --zone-name example005 --relay files --to 127.0.0.1:5555
I