README.md
- Source: README.md
Imported Content
Anchor MSP PSA
AgentField-first PSA platform for MSP operations, built for multi-environment GitOps delivery.
Repo layout
apps/web: Next.js operator console and client portal.apps/gateway: API gateway for authn/authz, idempotency, and orchestration.apps/agentfield-mock: Local mock control-plane for end-to-end testing.apps/status-mock: Mock status API + telemetry control-center endpoints.packages/contracts: Shared API contracts, events, and OpenAPI spec.packages/ui: Shared UI components and design tokens.agents/*: Domain agents and edge telemetry agent.infra/*: Source deployment manifests mirrored into the dedicated ops repo (anchor-msp-ops).docs/*: Architecture, runbooks, and compliance guidance.
Quick start
cp .env.example .env
pnpm install
pnpm dev
Optional local data services:
docker compose -f infra/docker-compose.dev.yaml up -d
Final Testing Flow
- Start full local stack (infra + gateway + workers + mock AgentField + web):
pnpm dev:stack
- In another terminal, run smoke tests:
pnpm test:smoke
- Inspect mock status/telemetry events:
curl -s http://localhost:8090/v1/events
curl -s http://localhost:8090/api/telemetry/events
Apply SQL migrations in order:
infra/sql/0001_init.sqlinfra/sql/0002_psa_resources.sqlinfra/sql/0003_idempotency.sqlinfra/sql/0004_event_pipeline.sqlinfra/sql/0005_job_queue.sqlinfra/sql/0006_security_hardening.sqlinfra/sql/0007_configuration_plane.sqlinfra/sql/0008_job_metadata.sqlinfra/sql/0009_workflow_execution_metadata.sqlinfra/sql/0010_worker_runtime.sqlinfra/sql/0011_portal_invites.sql
Or run:
DATABASE_URL=postgres://anchor:anchor@localhost:5432/anchor ./scripts/apply-migrations.sh
Run outbox dispatcher:
pnpm --filter @anchor/gateway worker:outbox
Generate a dev JWT when AUTH_MODE=jwt:
JWT_SIGNING_SECRET=dev-jwt-secret node scripts/generate-dev-jwt.mjs
Production/staging required secrets and keys:
JWT_SIGNING_SECRET(>= 32 chars)AUDIT_SIGNING_SECRET(>= 32 chars)RESOURCE_ENCRYPTION_KEY_B64(base64-encoded 32-byte key)AGENTFIELD_WEBHOOK_SECRETDATABASE_URLPORTAL_BASE_URL(required in staging/prod; invite link host)ANCHOR_OPERATOR_JWT(web server-to-server JWT for dashboard API calls)
Optional local seed data:
DATABASE_URL=postgres://anchor:anchor@localhost:5432/anchor ./scripts/seed-dev-data.sh
Key endpoints
GET /healthGET /api/v1/healthGET /.well-known/engine-statusGET /api/v1/openapiPOST /api/v1/events/ingestGET /api/v1/edge-agent/policyPOST /api/v1/execute/{agent}.{reasoner}GET /api/v1/workflow-executionsGET /api/v1/workflow-executions/{id}POST /api/v1/workflow-executions/{id}/retryPOST /api/v1/workflow-executions/{id}/cancelGET /api/v1/portal/knowledge-baseGET /api/v1/portal/invitesPOST /api/v1/portal/invitesPOST /api/v1/portal/invites/{id}/revokePOST /api/v1/portal/ticketsPOST /api/v1/ops/alerts/{id}/link-ticketPOST /api/v1/ops/tickets/{id}/resolveGET /api/v1/agent-runtime/healthPOST /api/v1/agent-runtime/smokePOST /api/v1/agent-runtime/outbox-failures/{id}/retryPOST /api/v1/agent-runtime/job-failures/{id}/retryPOST /api/v1/integrations/github/webhookPOST /api/v1/integrations/accounting/syncPOST /api/v1/importsGET /api/v1/jobsGET /api/v1/platform/settingsPUT /api/v1/platform/settingsGET /api/v1/workspace/settingsPUT /api/v1/workspace/settings
UI configuration console:
GET /admin/settings(web control plane for runtime settings and encrypted secret refs)GET /(full inventory + universal CRUD for all PSA resources)GET /ops(runtime failures, retries, workflow control, smoke execution)GET /portal(ticket/approval/invoice workflows + KB + payment visibility)
Delivery model
- Workspace-per-client tenancy
- App/ops split: this repo builds artifacts;
anchor-msp-opsis the GitOps deployment source. - Kubernetes + Argo CD promotion path (
dev->staging->prod) - GitHub Actions CI/CD with signed artifacts and SBOM generation hooks
Core docs
docs/architecture.mddocs/api.mddocs/auth.mddocs/agentfield.mddocs/agents.mddocs/database.mddocs/testing.mddocs/telemetry.mddocs/gitops.mddocs/compliance.md