Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/joseluis-dev/harness-ai/llms.txt

Use this file to discover all available pages before exploring further.

Harness AI is a minimal, security-first agentic harness designed for institutional use in government organizations. It acts as a central governance layer between your institutional systems and AI capabilities — enforcing policies, managing permissions, auditing every action, and running AI models locally without sending data to external providers.

Quickstart

Get the four-service stack running locally with Docker Compose in minutes.

Architecture

Understand how Harness Core, Runtime, Model Gateway, and Auth Service fit together.

API Reference

Explore execution contracts, auth endpoints, and internal service APIs.

Deployment

Deploy to production with Docker Compose and Dokploy, with strict network isolation.

What Harness AI Does

Harness AI sits between your institutional systems and internal resources — SQL databases, documents, CLI tools, and local AI models. Every request from a human, an n8n webhook, or an automated workflow passes through Harness Core, which resolves tools from a dynamic registry and enforces authorization before any action is taken.

Local-First AI

Model execution stays on-premises by design. Cloud providers are blocked by default and require explicit policy approval (Phase 13 opt-in).

Centralized Auth

OAuth 2.1 Client Credentials flow via mcp-auth-service. No per-MCP authentication — every tool validates with the shared auth-sdk.

Dynamic Tool Registry

Tools are rows in harness_db, not hardcoded lists. Enable, disable, or version tools without redeploying the core.

Full Audit Trail

Every execution, tool call, token issuance, and state transition is recorded in structured audit_events with actor identity.

Risk-Level Policies

Six risk levels from READ_ONLY to EXTERNAL_SIDE_EFFECT enforce human approval gates before destructive or external actions.

Phased Roadmap

Start with a minimal 4-service stack (Phase 0) and grow to RAG, LangGraph workflows, and specialized agents across 14 phases.

Architecture at a Glance

Harness AI is a monorepo containing multiple cooperating services deployed via Docker Compose:
ServiceTechnologyRole
harness-coreAstro SSR + TypeScriptPublic-facing BFF — the only service on the public network
runtime-pythonFastAPI + RQ + PythonInternal execution engine, workers, and audit writer
model-gatewayFastAPI + PythonLocal-first AI router (vLLM / mock)
mcp-auth-serviceFastAPI + PythonOAuth 2.1 authority — issues and validates all tokens
postgres (harness_db)PostgreSQLBusiness data, executions, audit events
postgres-auth (harness_auth_db)PostgreSQLAuth data: OAuth clients, tokens, policies — always separate from harness_db
redisRedisJob queue broker and cache
Only harness-core is ever exposed on a public port. All other services communicate over a private Docker network and are never reachable from outside.

Getting Started

1

Copy the environment template

cp .env.example .env
# Edit .env and fill in required values
2

Activate Corepack and install JS dependencies

corepack enable
pnpm install
3

Start the local stack

pnpm run compose:local:up
All four services — harness-postgres, harness-redis, runtime-python, and harness-core — will start and report healthy.
4

Verify the stack

curl http://localhost:4321/api/healthz
A 200 OK response confirms the BFF is up and can reach the runtime.
See the Quickstart for a full walkthrough including your first execution and audit verification.

Build docs developers (and LLMs) love