Orchestrate your security team like an orchestra.
Okesu — from オーケストラ (ōkesutora), the Japanese for "orchestra." We conduct the players; you write the score.
Okesu coordinates a fleet of AI agents across your hosts. Findings, investigations, and response — all under one control plane.
Daimons
The long-running daemon installed on each host. Listens for run dispatches, executes agents, streams findings back.
Learn more →Agents
Prompt-driven workers (Claude, Codex, your own). They run on the daimon, emit structured findings as JSONL.
Learn more →Orchestrations
YAML specs that sequence agents into playbooks. Fan out across hosts, gate on approval, branch on results.
Learn more →Investigations
The case workspace. Timeline, graph view, real-time war-room notes, and a one-click PDF report — one closed loop per incident.
Learn more →Federated control plane
Run one CP per environment, federate them into a hierarchy. Findings + runs flow upstream; commands flow down.
Multi-provider agents
Run Claude, Codex, or your own provider. Same dispatch surface, same JSONL contract.
Investigations as a workspace
A case file with timeline, graph view, collaborative notes, and one-click PDF export. Findings, IOCs, runs, and audit events all hang off one entity.
Approval gates + action allowlists
Step-level human approval. Per-class allowlists for what an orchestration can mutate.
Per-host fan-out
Run an agent on N hosts in parallel; live histogram + per-host status in the run viewer.
Real-time war room
Multiple operators co-edit one case-scoped draft buffer in real time, see each other's cursors, then Send produces one immutable note. Yjs CRDT under the hood.
Single-binary install
okesu and okesu-cp are static Go binaries. No runtime, no agent framework dependencies, just drop in.
The dashboard at a glance: federated fleet health, finding counts by severity, recent automation activity.