Ephemeral servers: spin up, run, self-destruct

By AgentMetal June 28, 2026 4 min read

Agents rarely need a server forever. They need a real machine for the length of a task: a clean room to run code a user pasted, a burst of CPU for a build, an isolated IP for a scrape, a throwaway box to reproduce a bug. The natural shape is create → work → destroy — and that only works when provisioning is instant, prepaid by the minute of use, and requires no account to set up or tear down.

Why ephemeral beats a standing box

A long-lived server is a liability for an agent: it accrues cost while idle, drifts from a clean state, and becomes a shared blast radius across unrelated tasks. A fresh box per task is the opposite — every job starts from a known image, runs in isolation, and leaves nothing behind. Because AgentMetal bills prepaid by the day with no minimum term, a one-day nano costs $1.20 whether you use it for ten minutes or ten hours, and there is no recurring charge to forget to cancel.

The pattern

Three calls and the box is gone:

spin up · run · destroy

# 1. buy a clean box for a day (pays $1.20 in USDC over x402)
$ provision_server { "plan": "nano", "days": 1 }   → srv_kx04qd, [email protected]

# 2. do the work
$ exec_command srv_kx04qd "git clone … && make test"

# 3. tear it down the moment you're done
$ destroy_server srv_kx04qd          → box wiped, IP released

Each of those is an MCP tool or a plain HTTP call, so an agent runs the whole arc unattended. If a task outgrows its window, one extend_server call buys another day; if the agent forgets, the lease simply expires and the box is reclaimed — the failure mode is "it turns off," not "you keep paying."

Isolation you can lock down

A disposable box is a good place to run code you don't fully trust. Every server is a full Linux VM (not a shared container), so a process can't escape into a neighbor. You can tighten the network with manage_firewall — close everything but the ports your job needs — and when you destroy_server, the VM and its disk are gone. For anything you do want to keep, copy it out over SSH before teardown, or attach add-on block storage for the life of the lease.

Fan out, then fan in

Because there is no account and no quota dance to get a box, an orchestrator can spawn several at once — one per shard of a job — and reap them as each finishes. Each carries its own /root/SERVER.md birth certificate with its id and expiry, so the controller always knows what's live and what it's paying for. The unregistered tier caps concurrent boxes per wallet; claim an account with an email (claim_account) when you need to run a larger fleet.

Build the loop

The fastest way in is the @agentmetal/mcp setup; the raw HTTP version is in how an agent rents its own server. Check live plans for free at GET https://api.agentmetal.dev/v1/catalog, and read the full agent manual at llms.txt. Plans start at $1.20/day, prepaid, no signup.

All posts ↗