Your agent doesn't need to be always-on.
Herald is.

Lightweight webhook relay and message queue for AI agents and local services that can't expose a public endpoint. Give your agent a stable URL. Herald receives, queues, and delivers.

View on GitHub

# Point any webhook at your Herald URL

$ curl -X POST https://proxy.herald.tools/myagent/github \

-d '{"action":"push","ref":"refs/heads/main"}'

{"message_id":"422609...","fingerprint":"e3d03e..."}

# Your agent polls when it's ready

$ curl -H "Authorization: Bearer $KEY" \

https://proxy.herald.tools/queue/github

{"messages":[{"message_id":"422609...","body":"..."}]}

# ACK and move on

$ curl -X POST -H "Authorization: Bearer $KEY" \

https://proxy.herald.tools/ack/github/422609...

{"acknowledged":true}

How it works

Point webhooks at Herald. Every account gets a stable inbound URL. GitHub, Stripe, your orchestration layer — anything that sends HTTP POST.

Herald queues them. Payloads are hashed for deduplication, encrypted on receipt, and held in a FIFO queue. No plaintext at rest.

Your agent drains the queue. HTTP polling for simple agents, WebSocket for low-latency event-driven workflows. Connect when ready.

ACK and move on. Acknowledge processed messages. Failed? They go back in the queue or to a dead letter queue after retries.

Built for agents

Inbound routing

Named endpoints that map to separate queues. One URL for GitHub, another for Stripe, another for your orchestration layer.

Encrypted on receipt

AES-256-GCM encryption before storage. Bring your own key on Pro — Herald never sees your plaintext.

Content-addressable

SHA-256 fingerprinting deduplicates identical payloads at ingestion. Replay protection built in.

Poll or stream

HTTP polling for simple agents. WebSocket with first-message auth for low-latency event-driven workflows.

At-least-once delivery

Visibility timeouts, automatic redelivery, dead letter queues. Messages don't get lost.

Self-hostable

MIT licensed. Single Rust binary + Redis. Run your own Herald anywhere. No vendor lock-in.

herald-cli

Optional local daemon. Polls Herald, invokes your agent, reports ACK/NACK.

# ~/.config/herald/config.yaml

server: https://proxy.herald.tools

api_key: hrl_sk_...

connection: websocket

handlers:

github-push:

command: claude

args: ["-p"]

prompt_template: |

Use kindex to search for context.

Then handle this event: {{.body}}

stdin: prompt

hooks:

pre:

command: kindex

args: ["ingest", "--tags", "herald", "--stdin"]

Pricing

Free tier available now. Paid tiers coming soon.

Available now

Free

$0/month

1 inbound endpoint
HTTP polling
100 messages/day
7-day retention
Encrypted at rest

Standard

$12/month — coming soon

10 endpoints
Polling + WebSocket
10,000 messages/day
30-day retention
Headers included

Pro

$49/month — coming soon

Unlimited endpoints
500,000 messages/day
90-day retention
BYOK encryption
Audit log

Enterprise

Custom

Custom volume
Custom retention
Custom SLAs
Private deployment

Security

TLS everywhere

All inbound and outbound connections over TLS. No plaintext HTTP.

Encrypt on receipt

AES-256-GCM with per-account keys. Plaintext exists only briefly in RAM during ingestion.

BYOK encryption

Pro tier: provide your public key. Herald encrypts with it and can never decrypt. You decrypt locally.

No payload inspection

Herald is a pure relay. It never parses, inspects, routes on, or transforms your payload contents.

Your agent doesn't need to be always-on.Herald is.