README
¶
Agora
Agora is a native zero-trust overlay network for agent-to-agent communication.
It is built on OpenZiti and provides the identity, discovery, policy, and communication substrate that autonomous agents need to interact safely across organizational boundaries. Agora is A2A-compatible at the protocol layer, but its core value is the governed network underneath: secure connectivity, explicit policy boundaries, and auditable collaboration primitives.
Agora is pre-1.0 software. The project is active and usable for local development and demos, but APIs and operational details may still change.
The canonical architecture, status, and roadmap materials live under docs/.
Architecture
Agora is organized in layers:
- Layer 0 (Fabric): OpenZiti provides cryptographic identity, mutual authentication, end-to-end encryption, and dark-by-default connectivity.
- Layer 1 (Network): Agora connectivity primitives including organizations, accounts, environments, tunnels, tunnel grants, and the local network runtime.
- Layer 2 (Collaboration): governed agent collaboration services including workgroups, catalog discovery, advertisements, sessions, contracts, and envelopes.
See docs/architecture/overview.md for the cross-layer architecture.
Current Status
The repository currently includes:
- a Cobra-based
agoraCLI - a PostgreSQL persistence layer built with
sqlx - embedded SQL migrations managed with
rubenv/sql-migrate - an OpenAPI 3.x contract under
internal/api/specs - generated controller client/server bindings using
ogen - a handwritten controller service implementing the generated API interfaces
- real OpenZiti-backed environment and tunnel lifecycle flows
- a local
agora networkruntime over gRPC and Unix domain sockets - Layer 1 tunnel serve/connect flows for
http,tcp, andudp - Layer 2 workgroups, catalog, advertisements, sessions, contracts, and envelope transport
- a browser dashboard under
ui/ - the Macro Pulse reference demo under
examples/macro-pulse/
Layer 1 is minimum-working and Layer 2 is MVP-complete. Remaining work is mostly operational hardening, SDK packaging, metrics, limits, and post-MVP collaboration extensions. For details, see:
Repository Layout
cmd/agora/: CLI entry point and Cobra command wiringcmd/demo-bootstrap/: dashboard demo topology seedingenvironment/: local~/.agoraenvironment root modelsdk/agent/: public SDK for embedded agents and the local network runtimeinternal/api/: generatedogencode and modular OpenAPI specsinternal/controller/: handwritten controller service, auth, and HTTP wiringinternal/fabric/openziti/automation/: OpenZiti automation helpersinternal/network/daemon/: CLI client helpers for the local network runtimeinternal/network/tunnelruntime/: HTTP/TCP/UDP tunnel runtime engineinternal/persistence/: PostgreSQL store, repositories, migrations, and testsui/: Vite/React dashboardexamples/macro-pulse/: end-to-end multi-agent reference demodocs/: architecture, layer specs, status, examples, roadmap, and maintainer docsAGENTS.md: project conventions for coding agents and contributors
Layer-owned internal packages follow the conceptual layer names:
internal/fabric/...for Layer 0 implementation codeinternal/network/...for Layer 1 implementation code that is not part of the SDKinternal/collaboration/...for future Layer 2 package-owned implementation code
Cross-cutting packages such as internal/controller, internal/persistence,
internal/api, and internal/clioutput intentionally remain top-level.
Quick Start
Build everything:
go build ./...
Run the Go tests:
go test ./...
Some persistence and controller integration tests use PostgreSQL containers via
testcontainers-go, so the full test suite requires Docker access.
Build the dashboard:
cd ui
npm ci
npm run build
Run the local dashboard demo:
./bin/demo-up.sh
The demo script builds the dashboard, installs the Go demo binaries, runs store migrations, starts the Agora controller, provisions the demo topology, and starts the Macro Pulse workers. It expects external PostgreSQL and OpenZiti services matching etc/demo-controller.yaml.
When the script finishes, open the printed URL and log in with the printed demo credentials. Stop managed demo processes with:
./bin/demo-down.sh
For a clean demo root:
./bin/demo-down.sh --purge
Demo operation details live in:
Development
Prerequisites
- Go 1.25+
- Node.js and npm for dashboard work
- PostgreSQL for controller development
- Docker for integration tests that use
testcontainers-go - an OpenZiti controller and enrolled edge router for real tunnel/demo flows
Project Conventions
- Logging uses
github.com/michaelquigley/df/dl. - Structured config and handwritten JSON/YAML binding use
github.com/michaelquigley/df/dd. - The OpenAPI specification is the source of truth for the controller API.
- Generated
ogenand protobuf code should be regenerated, not edited by hand. - PostgreSQL is the only supported database.
Generate API Code
./bin/generate_rest.sh
This regenerates the committed ogen client/server package from
internal/api/specs/agora.yml.
Generate Protobuf Code
./bin/generate_pb.sh
This regenerates the committed protobuf/gRPC stubs used by the local
agora network runtime API.
Run the Controller
The controller expects a YAML config file. Start from etc/agora-controller.yaml and set:
bind_addressadmin_tokensopen_ziti.api_endpointopen_ziti.authstore.dsn
Start the controller with:
go run ./cmd/agora controller ./etc/agora-controller.yaml
Configure the Local CLI Environment
Agora keeps local CLI metadata under ~/.agora.
Set the controller API endpoint once:
go run ./cmd/agora config set api_endpoint http://127.0.0.1:8080
Inspect or clear it:
go run ./cmd/agora config get api_endpoint
go run ./cmd/agora config unset api_endpoint
Manage Migrations
go run ./cmd/agora store migrate ./etc/agora-controller.yaml up
go run ./cmd/agora store migrate ./etc/agora-controller.yaml down --down 1
go run ./cmd/agora store migrate ./etc/agora-controller.yaml status
go run ./cmd/agora store check-schema ./etc/agora-controller.yaml
Admin API Commands
Admin API commands use the local environment endpoint from
~/.agora/config.json or AGORA_API_ENDPOINT, and authenticate with
AGORA_ADMIN_TOKEN.
export AGORA_ADMIN_TOKEN=replace-me
go run ./cmd/agora admin create organization acme
go run ./cmd/agora admin create user <organizationId> alice@example.com test-password
go run ./cmd/agora admin list organizations
go run ./cmd/agora admin list users
go run ./cmd/agora admin list users --organization-id <organizationId>
go run ./cmd/agora admin list users --show-ids
go run ./cmd/agora admin list users --json
go run ./cmd/agora admin delete user <organizationId> <accountId>
go run ./cmd/agora admin delete organization <organizationId>
Human-readable list output uses a rounded table. Pass --json for indented raw
resource objects.
Documentation
Start with:
License
Agora is licensed under the Apache License 2.0. See LICENSE.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
agora
command
|
|
|
demo-bootstrap
command
|
|
|
examples
|
|
|
macro-pulse/internal/agentutil
Package agentutil contains small shared helpers used by the Macro Pulse demo agents to keep their main.go files focused on the agent-specific business logic.
|
Package agentutil contains small shared helpers used by the Macro Pulse demo agents to keep their main.go files focused on the agent-specific business logic. |
|
macro-pulse/internal/live
Package live implements thin HTTP adapters that translate the four public-API upstreams (Yahoo Finance, Open-Meteo, Wikipedia Pageviews, GDELT) into the per-capability response shapes defined in internal/payloads.
|
Package live implements thin HTTP adapters that translate the four public-API upstreams (Yahoo Finance, Open-Meteo, Wikipedia Pageviews, GDELT) into the per-capability response shapes defined in internal/payloads. |
|
macro-pulse/internal/payloads
Package payloads holds the JSON-shaped Go types exchanged in envelope payloads for the Macro Pulse demo.
|
Package payloads holds the JSON-shaped Go types exchanged in envelope payloads for the Macro Pulse demo. |
|
macro-pulse/snapshots
Package snapshots embeds the offline snapshot data shipped with the Macro Pulse demo and exposes typed loaders for each capability.
|
Package snapshots embeds the offline snapshot data shipped with the Macro Pulse demo and exposes typed loaders for each capability. |
|
internal
|
|
|
api
Code generated by ogen, DO NOT EDIT.
|
Code generated by ogen, DO NOT EDIT. |
|
sdk
|
|
|
agent
Package agent is Agora's SDK for building agent processes that participate in a zero-trust Agora overlay network.
|
Package agent is Agora's SDK for building agent processes that participate in a zero-trust Agora overlay network. |
|
agent/catalog
Package catalog provides public SDK helpers for publishing and managing an agent's Layer 2 catalog advertisements.
|
Package catalog provides public SDK helpers for publishing and managing an agent's Layer 2 catalog advertisements. |
|
agent/session
Package session provides consumer- and provider-side helpers for driving Layer 2 session lifecycle through the Agora controller.
|
Package session provides consumer- and provider-side helpers for driving Layer 2 session lifecycle through the Agora controller. |
|
agent/tunnel
Package tunnel exposes Go-native helpers for managing Layer 1 tunnel serve and connect actors through an embedded agent runtime.
|
Package tunnel exposes Go-native helpers for managing Layer 1 tunnel serve and connect actors through an embedded agent runtime. |