Sign inGet started
Checkpoint Docs
Govern

Molti: Managed Agent Deployment

Deploy and manage MCP-I agents on managed infrastructure via the Checkpoint dashboard

What is Molti?

Molti is Checkpoint's managed agent deployment system. It deploys MCP-I agents to Fly.io infrastructure, handles lifecycle management (start, stop, restart), and provides a heartbeat-based health monitoring system.

Molti is the alternative to self-hosted deployment — instead of deploying to your own Cloudflare Workers or infrastructure, Molti handles hosting for you.

When to Use Molti

ApproachBest For
Molti (managed)Quick deployment, no infrastructure management
Self-hosted (Cloudflare)Full control, custom domains, existing infra

Deploying via the Dashboard

  1. Navigate to your organization in the Checkpoint dashboard
  2. Go to Deploy > Molti
  3. Follow the deployment wizard:
    • Select your MCP-I server configuration
    • Choose deployment settings
    • Confirm and deploy

The deployment process streams progress updates in real time via SSE (Server-Sent Events), showing each step as it completes.

Deployments are rate-limited per user. If you hit the limit, wait a few minutes before retrying.

Lifecycle Management

Once deployed, you can manage your agent's lifecycle through the dashboard or via API.

Heartbeat Monitoring

Deployed agents send periodic heartbeats to Checkpoint. The heartbeat system:

  • Reports agent status and health
  • Returns pending commands (e.g., restart, config update)
  • Tracks software versions (openclawVersion, computeVersion)

Heartbeats are authenticated per-deployment using a unique X-Heartbeat-Token header.

Restart

Restart a running agent:

curl -X POST https://kya.vouched.id/api/v1/molti/agents/{agentDid}/restart \
  -H "Authorization: Bearer <session_token>"

Stop

Stop a running agent:

curl -X POST https://kya.vouched.id/api/v1/molti/agents/{agentDid}/stop \
  -H "Authorization: Bearer <session_token>"

Lifecycle API endpoints require session-based authentication. You must be logged in and have organization membership for the deployment's project.

API Reference

Deploy

POST /api/v1/molti/deploy/managed/fly

Deploys a managed agent on Fly.io. Returns an SSE stream with deployment progress.

  • Auth: Session-based
  • Body: ManagedDeployRequest
  • Response: SSE stream with step-by-step progress

Heartbeat

POST /api/v1/molti/agents/{agentDid}/heartbeat

Receives heartbeat from a deployed agent process. Updates agent status and returns pending commands.

  • Auth: X-Heartbeat-Token header (per-deployment token)
  • Body: HeartbeatRequest
  • Response: Pending commands (restart, config update, etc.)

Restart

POST /api/v1/molti/agents/{agentDid}/restart

Restarts a managed agent's Fly machine.

  • Auth: Session-based (user must own the deployment via org membership)

Stop

POST /api/v1/molti/agents/{agentDid}/stop

Stops a managed agent's Fly machine.

  • Auth: Session-based (user must own the deployment via org membership)

Config Bundle

GET /api/v1/molti/deployments/{agentDid}/config-bundle

Downloads the configuration bundle for a deployment. Supports dual authentication:

  • X-API-Key: For BYOK (bring-your-own-key) deployments (version 1 bundle)
  • X-Heartbeat-Token: For managed deployments (version 2 bundle with AI provider config, gateway token, etc.)

The config bundle includes a content hash for deduplication — agents can skip re-applying config if the hash hasn't changed.

Next Steps

Control Access

Configure agent permissions, consent screens, and tool protection from the dashboard

Dashboard Overview

Navigate the Checkpoint dashboard to manage projects, view detections, and configure enforcement

On this page

What is Molti?When to Use MoltiDeploying via the DashboardLifecycle ManagementHeartbeat MonitoringRestartStopAPI ReferenceDeployHeartbeatRestartStopConfig BundleNext Steps