Monorepo structure
Package dependency graph
Data flow
The typical request flow when an agent executes a tool:Server architecture
The API server is built with Hono and deployed to Vercel. It exposes six route groups under/api:
| Route group | Purpose |
|---|---|
/api/auth | OAuth2 login, callback, token storage |
/api/tokens | Vend short-lived access tokens for plugins |
/api/registry | Tool catalog, source registration, search |
/api/policy | Role management and access resolution |
/api/audit | Audit trail for tool invocations |
/api/elicitation | Pending approval storage and resolution |
Authorization header.
Runtime backends
| Runtime | Isolation | Use case |
|---|---|---|
RuntimeLocal | None (in-process new Function()) | Local development with trusted scripts |
RuntimeVercel | Firecracker microVM via Vercel Sandbox | Production with untrusted agent-generated code |