GitHub - synth-laboratories/Horizons: Open Source Agent Execution

Features

Agents and actions

Register agents as declarative specs (name, sandbox image, allowed tools, schedule). Run them on-demand or on cron. Agents propose actions; actions go through approval gates (auto-approve, AI review, or human review) before execution. Every action is recorded in an append-only audit log.

MCP gateway with auth

Built-in MCP gateway supporting stdio and HTTP transports. Scope-based authorization per tool, per agent. Agents call your internal APIs and services through MCP — the gateway enforces what each agent is allowed to do.

• Configure MCP servers: POST /api/v1/mcp/config
• List available tools: GET /api/v1/mcp/tools
• Call a tool: POST /api/v1/mcp/call

Secrets management

Per-org encrypted credential storage (AES-256-GCM). Store API keys, database credentials, service tokens. Secrets are injected at runtime via token resolution ($cred:connector_id.key) — agents never see raw credentials in config.

Sandboxed execution

Agents run in isolated containers via the Rhodes adapter. Supports Docker (local dev) and Daytona (cloud, with snapshotted images for ~3s provisioning). Filesystem overrides let you inject files (AGENTS.md, skills files, config) and environment variables into the sandbox before the agent starts.

Event-driven orchestration

Bidirectional event bus (Redis pub/sub + Postgres event store). Publish/subscribe with routing rules, retry policies, dead-letter queues, and webhook delivery. Agents, connectors, and pipelines communicate through events.

Context refresh

Connectors ingest external data into durable, per-org context stores. Agents read from these stores at runtime. Built-in connectors for common services; write your own as a simple trait impl.

Graph execution engine

DAG-based execution engine for structured agent workflows. LLM nodes, Python function nodes, tool-call nodes. Built-in verifier graph registry (rubric scoring, contrastive verification, few-shot, RLM). Define graphs in YAML, execute via API.

Multi-tenant by default

All data and operations are scoped by x-org-id. Tenant isolation is enforced at the trait level — every storage backend, event bus, and agent execution path is org-scoped.

API-first, SDKs in three languages

REST API (Axum). SDKs for Python, TypeScript, and Rust. No UI required — everything is programmable.

Quickstart

Docker Compose (recommended):

Starts the Horizons server on http://localhost:8000 with persistent local storage. No external services required.

curl http://localhost:8000/health

Install the SDKs

Python

TypeScript / JavaScript

npm install @horizons-ai/sdk

Rust

From source

Prerequisites: Rust 1.85+ (edition 2024 support).

cargo build --release -p horizons_server --features all
cargo run --release -p horizons_server --features all -- serve

Starts on http://localhost:8000 with dev backends (SQLite + local filesystem). No external services required.

Python execution backends:

• Default: local python3 subprocess.
• Optional: embedded interpreter via pydantic/monty (requires --features graph_monty and HORIZONS_GRAPH_PYTHON_BACKEND=monty).

API overview

All endpoints require an x-org-id header for tenant isolation. Most also accept x-project-id.

Optional feature-gated endpoints (compile with --features memory, optimization, evaluation, or all):

Repo layout

Crates

All crates use Rust edition 2024.

SDKs

Testing

Horizons keeps test code out of the repo. See synth-laboratories/testing (horizons-tests/) for unit, property-based, mocked integration, and opt-in live-LLM tests.

License

FSL-1.1-Apache-2.0 (the Sentry license) — Copyright 2026 Synth Incorporated.

Free to use, modify, and redistribute for any purpose except building a competing product. Converts to Apache 2.0 after two years.