Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
openlatch-provider
Self-service onboarding CLI + runtime daemon for OpenLatch Editors and Providers.
openlatch-provider is the third project in the OpenLatch family, sibling to openlatch-client (agent-side forwarder) and openlatch-platform (cloud control plane). It is two things in one binary:
| Mode | Trigger | Purpose |
|---|---|---|
| Management CLI | One-shot subcommands | Self-service onboarding + lifecycle ops for Editors and Providers |
| Runtime daemon | openlatch-provider listen |
Receive HMAC-signed webhooks from openlatch-platform, verify, proxy events to vendor's localhost-hosted detection tools, return verdicts. Also spawns and supervises each binding's tool process per the manifest's process: block (one daemon = everything you need to start). Accepts both single-file v1 manifests and v2 kind: Provider manifests that compose multiple tool manifests via tool_paths: globs. |
Install
# npm (recommended)
# crates.io
# GitHub Releases (signed binaries + shell installer)
|
Cross-platform: macOS (arm64 + x64), Linux (x64 + arm64), Windows (x64).
Quickstart
# 1. Authenticate (browser-based PKCE) — required, init validates slugs against the platform
# 2. Scaffold a new editor + first tool. Each slug you pick is checked
# against api.openlatch.ai before the manifest is written; collisions
# re-prompt in TTY or surface as OL-4280..OL-4283 in CI mode.
# 3. Edit openlatch.yaml to declare your tool(s) and provider(s)
# 4. Validate before publishing
# 5. Publish
# 6. Run the production daemon — it spawns each tool process listed in the
# manifest's `process:` blocks, waits for /healthz, restarts on crash,
# and reaps the child tree on Ctrl+C. For multi-tool deployments
# (e.g. `openlatch-sectools`), pass `--provider <path>` to the v2
# `kind: Provider` manifest; tool manifests are auto-discovered from
# its `tool_paths:` globs.
# or for v2 multi-tool:
# openlatch-provider listen --provider ./openlatch-provider.yaml
# 7. Inspect or control the supervised tools (in another terminal —
# daemon must have been started with `--admin-port <PORT>`).
# 8. Watch verified events flow through the daemon. Reads
# ~/.openlatch/provider/logs/runtime-YYYY-MM-DD.jsonl directly, so it
# works whether the daemon is up or not.
The daemon emits one info! line per processed event to stderr (colored
verdict in TTYs, JSON otherwise). Raise verbosity with --verbose /
--debug or by exporting RUST_LOG=… (standard tracing-subscriber
filter syntax).
Examples
tools/coinflip-tool/— a dummy detection tool (FastAPI +openlatch-tool-sdk) that randomly returnsallow/denyverdicts. Use it to validate the full agent → client → platform → provider → tool pipeline locally; it is also exercised deterministically by theopenlatch-provider-e2e coinflipE2E command.
Status
v0.1.0 — first GA release. Auto-update is enabled by default for
npm-installed binaries (kill switch: OPENLATCH_NO_AUTO_UPDATE=1).
See CHANGELOG.md for releases and
docs/ for the full reference.
Documentation
- Quickstart — install -> register -> publish in <10 min.
openlatch.yamlreference- Auth flows
- Runtime mode — listen daemon, /v1/health, deploy patterns.
- Webhook security — HMAC + replay + SSRF defense.
- Tool authoring guides — Python (FastAPI), Node (Express/Hono), Rust (axum).
- Deploy — Docker, systemd, Caddy reverse-proxy.
- CLI reference — every subcommand and flag (auto-generated).
- Error code catalogue —
OL-42xxcodes with remediation steps.
The Rust binary, openlatch-tool-sdk (PyPI), and
@openlatch/tool-sdk (npm) version in lock-step — one
conventional-commit PR triggers a single release-please Release PR that
bumps all three packages to the same X.Y.Z.
License
Apache-2.0 — see LICENSE.
Security
See SECURITY.md.