Harbor

Ship coding agents that touch real code.

Harbor gives your coding agent a workspace-scoped MCP control plane: GitHub, package managers, and your private services arrive as scoped tools, runs land in a sandbox, and every action is traced.

Use case
Start freeBook demo

The problem

Coding agents stall the moment they leave the editor.

  • Credentials are stuck in the model.

    Personal tokens get pasted into prompts, leak into traces, and rotate badly. Your agent inherits whatever the developer happened to be logged in as.

  • Tool surfaces drift per-agent.

    Every coding agent wires GitHub, Linear, and CI a slightly different way. There is no shared definition of which tools the workspace allows.

  • Runs disappear after the response.

    Once the model emits a tool call, you have no record of what ran, what it touched, or whether a teammate could reproduce it tomorrow.

How Harbor helps

A workspace, not a wrapper.

  1. Install code-aware MCP plugins once.

    GitHub, the registry, package managers, and your private tools are installed at the workspace level. Every coding agent docked to that workspace inherits the same scoped tool set with the same OAuth contract.

  2. Execute in a sandbox, not on the developer laptop.

    hrbr exec runs the agent's code in Harbor's server-side execution layer with orbit primitives for filesystem, storage, and outbound calls. Local secrets never leave the developer.

  3. Trace every tool call and code run.

    Every invocation becomes a span in /dashboard/traces with inputs, outputs, latency, and the workspace member who triggered it. Replay or audit a session the way you would a CI build.

Auditable by default.

  1. Per-tool grants for outbound MCP servers.

    Grant your coding agent read-only repo access today and PR-write tomorrow. Scopes live in the workspace, not in a paste-buffer prompt.

  2. Workspace-scoped audit log.

    Every run, request, and tool call lands in D1 and is queryable from /dashboard/traces. Nothing routes through a black box.

  3. Encrypted secret storage.

    OAuth refresh tokens and per-tool credentials live in Cloudflare Secrets Store. Your agent receives short-lived bindings at exec time — never raw keys.

Built for every agent workflow.

Harbor's control plane backs more than coding. These workflows ship next on the same primitives.

Frequently asked.

Can my coding agent read and write to private GitHub repos?
Yes. Install the GitHub MCP plugin in your workspace, grant the scopes you want (read-only, PR-write, or full repo), and every docked coding agent inherits the same scoped access. Revoke at the workspace level — no per-agent reconfiguration.
How is this different from giving the agent a personal access token?
Personal tokens give the agent everything the developer can do, forever. Harbor issues short-lived workspace-scoped credentials at exec time, and every call is traced. Revoking a token does not require chasing down every machine the agent ever ran on.
Does the agent execute code on my laptop?
No. hrbr exec submits work to Harbor's server-side execution layer. The agent's code runs in a sandboxed isolate with orbit primitives for filesystem, storage, and outbound calls. Local secrets, paths, and network never leak.
Can I see what a previous agent run actually did?
Yes. Every tool call and exec lands in /dashboard/traces with inputs, outputs, and timing. You can replay a session, share a permalink with a teammate, or audit which workspace member triggered a write.
Which coding agents work with Harbor today?
Any MCP-capable client can dock to a Harbor workspace. The hrbr CLI also ships a stdio MCP adapter (hrbr serve mcp) for clients that prefer a local handle. The control plane is the same in both modes.
Is there a free tier?
Yes. Harbor is in free private beta. Start a workspace at no cost; paid plans are not enabled today.

Give your coding agent a workspace that survives the next model swap.

Start freeBook demo