Harness Core is the only service on the public network. It is an Astro SSR application that acts as the institutional Backend-for-Frontend (BFF): it serves the administrative portal, exposes the internal API consumed by the UI, resolves actor identity on every inbound request, and forwards validated work to the Runtime Python engine over the private Docker network. Nothing else in the harness is publicly reachable. Every human interaction — through the web portal, the chat interface, the approvals screen, or any external webhook — must pass through Harness Core before reaching any downstream service.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/joseluis-dev/harness-ai/llms.txt
Use this file to discover all available pages before exploring further.
Role and Responsibilities
Harness Core serves a strictly bounded role: it governs, routes, and records — it never executes heavy work itself.Portal & UI
Serves the administrative portal, chat interface, execution viewer, audit screen, approvals queue, and document registry at their respective routes.
API Façade
Exposes internal REST endpoints consumed by the portal UI and external webhooks. Validates every request body with Zod before any downstream call.
Actor Resolution
Calls
mcp-identity-connector on every request to resolve the bearer to an ActorContext. Degrades gracefully to a system actor when the connector is unavailable.Audit Delegation
Delegates all execution creation and audit event writing to Runtime Python. The BFF never opens a direct Postgres connection.
Actor Identity Resolution
Every request that reaches Harness Core flows through the Astro SSR middleware (src/middleware.ts) before hitting any route handler. The middleware is responsible for populating Astro.locals.actor with a resolved ActorContext.
Extract the Bearer
The middleware reads the
Authorization: Bearer <token> header. A missing, malformed, or oversized (>512 chars) header causes an immediate degradation to actor=system with a warn-once log entry — the middleware never throws.Check Connector URL
If
MCP_IDENTITY_CONNECTOR_URL is empty (Phase 0 four-service acceptance mode), the middleware degrades to actor=system and emits a warn-once. No HTTP call is made.Call mcp-identity-connector
The middleware calls
POST {connector_url}/validate_session with { bearer } as the request body, enforcing a hard ceiling of ≤ 3 s via AbortController. A timeout, network error, or any non-200 response all degrade to actor=system.The ActorContext Shape
Execution Creation Flow
POST /api/executions is the most security-sensitive endpoint on the BFF surface. It enforces a strict ordering that prevents any invalid or unauthenticated execution from reaching the runtime.
JSON Parse
The raw body is parsed as JSON. A malformed body returns
400 invalid_json immediately — Zod is never invoked on garbage input.Zod Validation
The parsed body is validated against the
ExecutionCreateBodySchema. A schema failure returns 400 invalid_payload with structured issues. The runtime is never called on rejection.Actor Resolution
getActor({ locals }) reads Astro.locals.actor populated by the middleware. If the middleware did not run, this falls back to SYSTEM_ACTOR with a warn-once.Fail-Closed Gate (AD-5)
Before touching the runtime, the BFF evaluates
isSensitiveRequest. If the request is sensitive and the actor is degraded (actor_type === "system"), the call is blocked with 401 identity_unavailable.Build Actor Forward Headers
buildActorForwardHeaders(actor) produces the X-Harness-Actor-Id and X-Harness-Actor-Department header pair, or null for a system actor. Oversized values throw ActorFieldTooLongError, returning 400 actor_id_too_long before the runtime is called.The isSensitiveRequest Predicate
isSensitiveRequest is the single source of truth for the fail-closed contract. It returns true only when all three of the following hold simultaneously:
| Condition | Value |
|---|---|
| HTTP method | POST |
| Pathname | starts with /api/executions |
constraints.risk_level | "high" or "critical" |
constraints block — is treated as non-sensitive and degrades gracefully.
ActorFieldTooLongError and the 128-Character Ceiling
The BFF enforces a 128-character ceiling on bothX-Harness-Actor-Id and X-Harness-Actor-Department before forwarding to the runtime. This mirrors the VARCHAR(128) columns on the executions table. Values are trimmed before the check; oversized trimmed values throw ActorFieldTooLongError, which the route handler maps to 400 actor_id_too_long.
Hard Rules
These constraints are architectural, not configurable. A PR that violates any of them is rejected at review.| Rule | Rationale |
|---|---|
| No direct Postgres writes | The runtime is the sole writer of executions and audit_events. The BFF proxying through the runtime enforces that invariant across every code path. |
| No Redis/RQ imports | Job enqueueing is the runtime’s responsibility. The BFF only calls POST /internal/executions and receives the execution id back. |
fetch() only | Keeping outbound calls to a single fetch() makes network topology auditable and prevents silent coupling to internal services. |
| Fail-closed on sensitive writes | A degraded identity (actor=system) must never result in a high or critical execution being accepted — even if the connector is temporarily down. |
API Endpoints
For the full endpoint reference, see the BFF API Reference.POST /api/executions
Create a new execution. Validates body, resolves actor, enforces fail-closed gate, forwards to runtime.
GET /api/executions
List recent executions with
limit and offset. Non-sensitive — no actor gate applied.GET /api/executions/:id
Fetch a single execution by UUID. Returns
404 verbatim from runtime for unknown ids.GET /api/executions/:id/events
Fetch audit events for an execution ordered by
created_at ascending. Returns 200 [] for unknown ids.