Harness AI is a minimal, security-first agentic harness designed for institutional use in government organizations. It acts as a central governance layer between your institutional systems and AI capabilities — enforcing policies, managing permissions, auditing every action, and running AI models locally without sending data to external providers.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/joseluis-dev/harness-ai/llms.txt
Use this file to discover all available pages before exploring further.
Quickstart
Get the four-service stack running locally with Docker Compose in minutes.
Architecture
Understand how Harness Core, Runtime, Model Gateway, and Auth Service fit together.
API Reference
Explore execution contracts, auth endpoints, and internal service APIs.
Deployment
Deploy to production with Docker Compose and Dokploy, with strict network isolation.
What Harness AI Does
Harness AI sits between your institutional systems and internal resources — SQL databases, documents, CLI tools, and local AI models. Every request from a human, an n8n webhook, or an automated workflow passes through Harness Core, which resolves tools from a dynamic registry and enforces authorization before any action is taken.Local-First AI
Model execution stays on-premises by design. Cloud providers are blocked by default and require explicit policy approval (Phase 13 opt-in).
Centralized Auth
OAuth 2.1 Client Credentials flow via
mcp-auth-service. No per-MCP authentication — every tool validates with the shared auth-sdk.Dynamic Tool Registry
Tools are rows in
harness_db, not hardcoded lists. Enable, disable, or version tools without redeploying the core.Full Audit Trail
Every execution, tool call, token issuance, and state transition is recorded in structured
audit_events with actor identity.Risk-Level Policies
Six risk levels from
READ_ONLY to EXTERNAL_SIDE_EFFECT enforce human approval gates before destructive or external actions.Phased Roadmap
Start with a minimal 4-service stack (Phase 0) and grow to RAG, LangGraph workflows, and specialized agents across 14 phases.
Architecture at a Glance
Harness AI is a monorepo containing multiple cooperating services deployed via Docker Compose:| Service | Technology | Role |
|---|---|---|
harness-core | Astro SSR + TypeScript | Public-facing BFF — the only service on the public network |
runtime-python | FastAPI + RQ + Python | Internal execution engine, workers, and audit writer |
model-gateway | FastAPI + Python | Local-first AI router (vLLM / mock) |
mcp-auth-service | FastAPI + Python | OAuth 2.1 authority — issues and validates all tokens |
postgres (harness_db) | PostgreSQL | Business data, executions, audit events |
postgres-auth (harness_auth_db) | PostgreSQL | Auth data: OAuth clients, tokens, policies — always separate from harness_db |
redis | Redis | Job queue broker and cache |
Only
harness-core is ever exposed on a public port. All other services communicate over a private Docker network and are never reachable from outside.Getting Started
Start the local stack
harness-postgres, harness-redis, runtime-python, and harness-core — will start and report healthy.