Hosted Orchestrator — Connect Path

When this page applies

Connecting to a hosted control plane is the SaaS-style onboarding shape: URL, configuration, and CLI verification — no install, no docker run, no local infrastructure setup. AutonomyOps does not currently operate a public self-service SaaS; hosted access is provisioned via a commercial arrangement (pilot, design partner, or production tenant). Reach out via autonomyops.ai for hosted access.

If you have been issued a hosted control-plane URL, this page is the right starting point. If you intend to operate the orchestrator binary yourself, the self-hosted tier covers that path.

Prerequisites

  • The autonomy CLI installed on your machine (see the public Quickstart docs)

  • The hosted control-plane URL you were issued (e.g. https://orch.your-tenant.example.com)

  • Network reachability from your machine to that URL

  • Your tenant identity has at minimum fleet:read on the calling principal (the operator role grants it by default)

  • AUTONOMY_OPERATOR set to your tenant identity in the shell where you run the verify commands. RBAC enforcement is default-on in the CLI: autonomy fleet, autonomy rollout, and autonomy audit run a local RBAC pre-flight before any HTTP request, and that pre-flight refuses with a clear error if AUTONOMY_OPERATOR is unset. autonomy logs does not refuse, but sends the X-Autonomy-Operator header only when the variable is set so server-side authorization can resolve the identity.

Configure once

Persist the hosted URL in the per-user config so you do not pass it on every command:

autonomy config set orchestrator.url https://orch.your-tenant.example.com

Confirm the value was written:

autonomy config get orchestrator.url

The setting is stored in ~/.config/autonomy/config.yaml under orchestrator.url. Any autonomy fleet, autonomy rollout, or autonomy logs invocation reads this key when no --orchestrator-url flag and no AUTONOMY_ORCHESTRATOR_URL environment override is set.

Resolution precedence (highest first)

  1. --orchestrator-url HOST:PORT — explicit per-command flag

  2. AUTONOMY_ORCHESTRATOR_URL — environment variable

  3. orchestrator.url — config-file key in ~/.config/autonomy/config.yaml

The first non-empty source wins. Implemented in cmd/autonomy/commands/rollout.go (orchestratorURLFromConfig).

Verify the connection

These commands are read-only — they do not mutate fleet state.

First export your tenant identity so the local RBAC pre-flight passes and the X-Autonomy-Operator header is sent on the requests that read it:

export AUTONOMY_OPERATOR=you@your-tenant.example.com

Fetch a fleet snapshot:

autonomy fleet status

Tail recent log entries from the hosted ring buffer:

autonomy logs --limit 50

Stream new entries as they arrive (server-sent events):

autonomy logs --follow

If any of these returns an error, check in this order:

  • The URL is reachable: curl -fsSL https://orch.your-tenant.example.com/v1/health should print {"status":"ok"}.

  • AUTONOMY_OPERATOR is exported in this shell. A local CLI error mentioning AUTONOMY_OPERATOR is not set is the RBAC pre-flight refusing — no HTTP request was made; export the variable and retry.

  • Your tenant identity has fleet:read on the calling principal.

  • Your machine’s clock is within RFC3339-acceptable skew of the server (the hosted ingest path enforces RFC3339 timestamps on event submission).

What this proves

The connect path establishes that:

Proof axis

What you have shown

Reachability

Your machine can reach the hosted control plane URL.

Authentication

Your tenant identity is recognized by the hosted control plane.

Authorization

Your role grants at least fleet:read on this tenant.

You have not deployed a node, published a release, or run any command that mutates fleet state. Those next steps live in the operator runbooks.

Self-hosted alternative

If you want to operate the control-plane binary yourself instead of connecting to a hosted tenant:

  • The self-hosted tier’s autonomy-orchestrator CLI reference — serve, migrate, TLS flags, endpoint reference

  • The self-hosted tier’s Control-Plane HA Operator Runbook — HA cluster setup with PostgreSQL backend

The CLI surface and config keys on this page are identical for self-hosted and hosted-connect paths; the only difference is who runs the orchestrator binary.

See also

  • Fleet Monitoring for Robotics — what autonomy fleet status shows in detail

  • Robotics Quickstart — single-node CE demo without an orchestrator

This page covers connecting the autonomy CLI to a hosted AutonomyOps control plane that someone else operates. If you want to run an orchestrator yourself, use the self-hosted tier’s autonomy-orchestrator CLI reference for serve, migrate, and operational flags.