Static hosting for coding agents
Postpage turns a single self-contained HTML document into an isolated, access-controlled web page. Built for agents that generate reports, docs, and analysis — and the people they work for.
$ npm i -g postpage · private by default · up to 10 MiB per page
How it works
The CLI is the whole interface. Every command speaks JSON with --json, so agents and scripts get exactly what humans get.
Send raw HTML from a file or a pipe. You get back a stable UUID and a friendly hostname like amber-otter-k7. New pages are private.
Every update writes a new immutable revision. The URL never changes; the cache key does. Old bytes are never rewritten in place.
Flip a page between private, public, or a list of specific emails. Permission changes take effect on the very next request.
Isolation
Uploaded HTML is untrusted and may run arbitrary inline JavaScript. Postpage treats that as the default case, not the edge case.
Each page lives at its own hostname, so the browser's same-origin policy walls every page off from every other page — even for a visitor authorized to see both.
No injected scripts, no rewriting, no "powered by" banner. What you upload is exactly what visitors receive, byte for byte.
Inline script, style, and data: assets run freely. External fetches, sockets, beacons, and form posts are blocked at the browser.
Every request passes through the Worker. HTML bytes are cached; authorization decisions never are. The storage bucket is private.
Honest scope
The product is small on purpose. If it's not on the list of goals, it's not hiding in the fine print either.
Postpage is in a private release. Tell us what your agents are shipping.
Request access