Architecture
This book’s Markdown lives under site/content/. The application code lives at the repository root.
Main areas
| Concern | Location |
|---|---|
| SPA | app/ |
| JSON APIs | server/api/ |
| Non-API routes (MCP, OAuth callbacks, health, WS) | server/routes/ |
| Authorization pipeline | server/utils/mcp-authz.ts, cedar-engine.ts, cedar-gen.ts, session-conditions.ts, policy-helpers.ts |
| Connectors | config/connectors.json, config/overrides/, server/utils/connector-loader.ts |
| Persistence | server/utils/state-store.ts, server/utils/db.ts, migrations in scripts/db-migrate.js |
| Shared types | types/ |
Startup
server/plugins/init.ts validates connector configuration, registers adapters, opens the database, rejects weak or missing encryption/session configuration in production, wires audit broadcasting, and schedules session cleanup. Failure to connect to Postgres causes the process to exit.
Trusted vs untrusted agents
During MCP tool evaluation (evaluateToolCallAndAudit):
- Trusted agents use agent-wide structured policies (
getStructuredPolicies). - Untrusted agents use per-member policies (
getMemberPolicies). IfmemberIdcannot be resolved, no policies load and requests deny.
Background work
Long-running GitHub/repo metadata harvest can run out-of-process via workers/harvester.ts (see Harvester worker).