How do I deploy sec-af on Railway?

You can deploy sec-af on Railway by clicking the "Deploy Now" button on this page. Railway will automatically set up all the necessary services and configurations for you.

What are the system requirements?

Railway handles all the infrastructure requirements. You only need a web browser to deploy and manage your application.

Is this template free to use?

Yes, this template is free to use within your existing Railway account.

Can I customize this template?

Yes, you can fully customize this template. After deployment, you will have full control of what you've deployed in your Railway project.

How do I get support for this template?

You can get support through our community forum: sec-af-cea3e809, or click "Get template help" for this template for more assistance.

Deploy and Host sec-af on Railway

sec-af is an open-source, AI-native security auditor that proves exploitability. It orchestrates ~200-300 focused AI agents — hunters find vulnerabilities, provers try to disprove them — producing verified findings with data flow traces, verdicts, and evidence. One API call, ~$0.18-$0.90 per audit.

About Hosting sec-af

sec-af runs as two Railway services: the AgentField control plane and the sec-af agent. The control plane orchestrates execution, manages state, and exposes the REST API and observability UI. The sec-af agent registers with the control plane at startup. Audits are triggered via the control plane API — the agent clones the target repo, runs its multi-phase pipeline (RECON, HUNT, DEDUP, PROVE, REMEDIATION), and streams results back. You only need to provide an OpenRouter API key for LLM access.

Common Use Cases

Trigger security audits on any public GitHub repo and get back verified, exploitability-proven findings
Run as a CI/CD security gate on pull requests with SARIF output for GitHub Security tab
Compliance scanning mapped to PCI-DSS, SOC2, OWASP, HIPAA, or ISO27001 frameworks

Dependencies for sec-af Hosting

AgentField control plane (ghcr.io/agent-field/agentfield:latest)
OpenRouter API key for LLM access

Deployment Dependencies

Implementation Details

Replace `` with your control-plane service's public URL from the Railway dashboard (Settings > Networking > Public Networking). The default API key is this-is-a-test-key — you can change it in the control-plane service's environment variables.

Trigger an audit:

curl -X POST https:///api/v1/execute/async/sec-af.audit \
  -H "Content-Type: application/json" \
  -H "X-API-Key: this-is-a-test-key" \
  -d '{"input": {"repo_url": "https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application"}}'

Poll for results:

curl -H "X-API-Key: this-is-a-test-key" \
  https:///api/v1/executions/

Why Deploy sec-af on Railway?

Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.

By deploying sec-af on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.