Agentcy

Appearance

System Architecture

This page is a single-page deep dive into how Agentcy is structured. If you want the high-level pitch, read Platform Overview first.

At a glance

Agentcy is a Rust workspace + a Next.js frontend + three data stores. Everything is self-hostable.

Three-tier architecture overview A vertical four-tier stack. Top tier: user-facing clients (browser, SDK, CLI). Second tier: the Next.js 16 frontend. Third tier (the hero): the agentcy-api Axum service, a 29-crate Rust workspace that runs JWT verification, policy gating, and the agent loop. Bottom tier: three data stores in parallel — PostgreSQL for org/auth/config and conversation history, Neo4j for the realm-partitioned knowledge graph, and Redis for job queues, pub/sub, rate limits, and cache. Optional sidecar processes (worker daemon, OpenFang sub-agent orchestrator, WhatsApp gateway) attach to the API tier. Tier 1 · Clients Browser Streaming UI SDK agentcy-sdk · TS · Python CLI agentcy · agentcy-proxy HTTPS · SSE · WebSocket Tier 2 · Frontend Frontend (Next.js 16 · React 19) Streaming UI · TanStack Query · shadcn/ui · Tailwind v4 Chat Graph Explorer Connectors Workflows /api/v1/* · JWT in Authorization Tier 3 · API · the hero agentcy-api · Axum 0.8 29-crate Rust workspace · streaming · tool catalog · RAG CORS · compress JWT verify policy gate handler SSE chunks → routes/* · agentcy-auth · agentcy-policy · agentcy-chat · agentcy-agent · agentcy-rag Worker daemon OpenFang sidecar WhatsApp gateway LLM providers Optional Tier 4 · Data stores PostgreSQL Org · auth · config Conversation history · runs Workflow records · audit log Neo4j Knowledge graph Realm-partitioned nodes HNSW vector indexes Redis Job queues · pub/sub Rate limits · session cache Sync state · approval gates Self-hostable · Docker Compose · Railway · macOS desktop. Sidecars and providers are optional.
Browser/SDK/CLI → Next.js frontend → Axum API → three data stores.

Additional runtime dependencies, all optional:

  • Worker daemon (agentcy-worker-bin) — off-process job execution.
  • OpenFang sidecar — SubAgent orchestrator (disabled by default).
  • WhatsApp gateway — a Node.js Baileys process, auto-spawned from the API.
  • LLM provider — OpenAI, Anthropic, Google, Ollama, vLLM, LM Studio.
  • Object storage — S3-compatible bucket for artifacts (or local FS in dev).

The Rust workspace

The backend lives in backend/ as a Cargo workspace with 29 crates. Crates group by responsibility; connectors live under backend/sources/agentcy-source-*.

LayerCrates
HTTP surfaceagentcy-api, agentcy-ws
Authagentcy-auth
Policyagentcy-policy
Data storesagentcy-db, agentcy-graph, agentcy-storage
Retrievalagentcy-rag, agentcy-memory, agentcy-code-intel
Ingestionagentcy-ingest + 26 agentcy-source-* crates
Chat & agentsagentcy-chat, agentcy-agent, agentcy-agents, agentcy-agent-bin
Executionagentcy-worker, agentcy-worker-bin, agentcy-sandbox, agentcy-ciab-client, agentcy-durable
Schedulingagentcy-tasks
Channelsagentcy-whatsapp, agentcy-slack-bot, agentcy-slack-channel, agentcy-plugins
Voiceagentcy-voice
CLIsagentcy-cli, agentcy-proxy-cli
Sharedagentcy-core, agentcy-sdk

For a one-line purpose per crate, see the Crate Map reference.

Request lifecycle

Request lifecycle: client → CORS → auth → policy → handler, with fan-out to Postgres, the Context Engine, Redis, and LLM/tool providers; response streams back.

A typical authenticated request like POST /api/v1/chat/conversations/:id/messages flows through:

  1. CORS + compression layers (tower-http)
  2. auth_middleware (agentcy-auth) — Local provider verifies HS256 via JWT_SECRET; OIDC provider verifies RS256 via cached JWKS. On success, sets Extension<UserContext> { user_id, org_id, role }.
  3. policy_middleware (agentcy-policy, if enabled) — derives action from (method, path)"chat.send", then evaluates Rego rules against {subject, action, resource, env}. Any deny[msg] returns 403.
  4. Handler (routes/chat.rs::send_message) — loads the tool catalog (agentcy-chat::ToolCatalog), streams LLM + tool calls via agentcy-agent providers, gates risky tools through ApprovalRegistry (blocks on oneshot), executes tools via the connector's execute_tool, records events to the activity log + conversation history, and streams SSE chunks back to the browser.
  5. Response drains, middlewares complete.

Key properties:

  • Middleware ordering matters. Auth runs before policy; policy receives a populated UserContext.
  • Streaming is SSE, not WebSocket. WebSockets are used for presence / graph updates only, via agentcy-ws.
  • Tool execution is in-process by default for connector tools. CIAB tools go through a sandbox (local process or EC2). Heavy jobs go through agentcy-worker.

Data stores

PostgreSQL

The primary system of record. Every table carries org_id. Schema lives in backend/crates/agentcy-db/migrations/. See the Database Schema reference.

Notable tables:

  • users, orgs, org_memberships
  • sources, source_jobs, sync_history
  • conversations, messages, tool_calls
  • tasks, task_runs, task_recommendations
  • webhooks, webhook_deliveries
  • channels, channel_bindings
  • policies, policy_sources, policy_audit_log
  • skills, approvals
  • memory_entries, memory_runs

Context Engine (Basic / Advanced)

Holds the knowledge graph. Nodes and edges carry a realm property so queries can be scoped to a domain (e.g. infrastructure, crm, design). See Knowledge Graph & Realms.

Two providers sit behind the same agentcy-graph interface:

  • Basic — the built-in graph store that ships with every self-hosted deployment. Queries are authored in Cypher.
  • Advanced — the kyma columnar engine backed by S3 + pgvector. Available on Agentcy Cloud and on-premise Enterprise deployments. Queries are authored in KQL (Kyma Query Language) or SQL, alongside the same Cypher surface.

The API exposes both structured queries (behind policy) and higher-level semantic search via agentcy-rag. Application code targets agentcy-graph and is provider-agnostic.

Redis

Used for:

  • Job queuesagentcy-worker reads from streams
  • Pub/sub — realtime events (ConnectorEventBus)
  • Caching — JWKS, throttles, short-lived approval tokens

The connector model

Connectors are dual-role. Each agentcy-source-* crate can implement two traits:

  • IngestionSource — batch ETL into the knowledge graph.
  • ConnectorToolProvider — live tools exposed to chat (e.g. github.list_pulls, aws.s3_list_objects).

Tools are not dumped into the LLM prompt. Instead, four catalog meta-tools (list_connectors, search_connector_tools, execute_connector_tool, request_connector_access) let the model page through the catalog on demand. See Agent Loop for details.

Connectors register in agentcy-api::state::AppState::source_registry at boot. Validation (validate_config) runs at creation so bad credentials fail fast.

Frontend

frontend/ is a Next.js 16 App Router project using React 19, shadcn/ui (Ark UI primitives), TanStack Query, Tailwind v4. Top-level dashboard sections mirror backend routes:

  • /chat, /graph, /connectors, /ingest
  • /tasks, /workers, /channels, /orchestrator
  • /skills, /artifacts, /memory, /coding-agents
  • /security (api keys + policies), /activity, /settings, /admin, /embed

All data fetching goes through frontend/lib/api/client.ts, which centralizes JWT injection and error handling. Mutations use useMutation + invalidateQueries.

Feature flags

Several subsystems are compile-time + runtime gated. See backend/crates/agentcy-api/src/config.rs (FeaturesConfig):

FlagDefaultWhat it enables
ragon/rag routes, vector search
workerson/workers routes, worker auth
orchestratoroff/orchestrator + OpenFang
voiceoff/voice routes, STT/TTS
policiesoff/policies routes + policy middleware
connectors-devon (dev)GitHub, K8s, OpenAPI, Remote, MCP, CIAB, OS, Git, Jenkins, Figma, Remotion
connectors-cloudon (dev)AWS, GCP, Vercel, Supabase, LocalStack, Firecrawl, WebSearch, ElevenLabs, Runway, Slack, Google Workspace, Read.ai, HubSpot, Grafana
connectors-dataon (dev)SQL, MongoDB, Power BI

Health checks (/api/v1/health) report which features are enabled so clients can adapt.

How requests cross process boundaries

Not everything runs in the API process:

  • Worker jobs — handler enqueues a Redis stream entry, returns a job id. The worker daemon dequeues, runs the source, writes results to Postgres and the Context Engine, and fires events back over Redis pub/sub so the UI gets a live update.
  • CIAB tools — handler calls agentcy-ciab-client over HTTP/IPC to the sandbox runtime (local process or EC2 instance), streams stdout back as SSE.
  • WhatsApp — handler calls the WhatsApp gateway (Node.js Baileys), which owns the long-lived websocket to Meta.
  • OpenFang — handler proxies to the OpenFang sidecar when orchestration features are used.

If any of these sidecars is missing, the API returns a 503 with a clear error — not a crash.

Observability

  • Tracingtracing + tracing-subscriber across all crates. Configure with RUST_LOG.
  • Activity feed — every org-scoped action writes an entry the UI can render (/activity).
  • Audit log — policy decisions persist to policy_audit_log when policies are enabled.
  • Health/api/v1/health returns feature status and dependency reachability (Postgres, Context Engine, Redis, LLM provider).

Where to go next

Built by AgentcyLabs. For in-house deployment or Agentcy Cloud (PaaS) access, visit agentcylabs.com.

Copyright © 2026-present AgentcyLabs. All rights reserved.