anvil-app
Anvil Desktop
Owns
Local developer workflow orchestration
Start in
src/main, src/preload, src/shared, src/renderer
Use when
A change needs repo context, review evidence, work item context, or local companion controls.
Open source tools for inspectable developer work
Local evidence before trust.
Anvil is a small family of developer tools: Desktop for repo-aware agent delivery, Registry for safer npm dependency ingress, and Cloud for inspectable app runtime contracts. The common rule is simple: make the work reviewable before anyone has to believe it.
Inspectable command output
$ anvil check --json
Config: valid
Import policy: pass
Typecheck: pass
Manifest extraction: pass
Build-ready: true
Three repos, three boundaries
The split is intentional. Desktop coordinates local work, Registry controls dependency ingress, and Cloud constrains app runtime contracts.
anvil-registry
Anvil Registry and Node Base
Owns
npm dependency ingress and install execution safety
Start in
apps/gateway, apps/worker, apps/admin, apps/cli, packages, devcontainer-base
Use when
Installs need policy, caching, analysis, quarantine, overrides, reports, or safer container execution.
anvil-cloud
Anvil Cloud
Owns
Cell runtime contracts and adapter deployment
Start in
packages/runtime, packages/builder, packages/local, packages/client, packages/cli, packages/aws
Use when
A small app should be authorable locally, inspectable by agents, and deployable through an adapter boundary.
What each project does
The docs explain the mechanics. This is the short operational map.
Local delivery workspace
Anvil Desktop
anvil-app
An Electron app for repo-aware agent delivery work. It keeps repositories, work items, chat sessions, Git state, reviews, security checks, terminals, docs, diagrams, and handover evidence in one local workspace.
Boundary: Owns local delivery orchestration and evidence capture.
Status: Active desktop app with main, preload, shared IPC, and React renderer surfaces.
- Local Electron shell with SQLite persistence and typed IPC boundaries
- Codex and LLM workflows grounded in checked-out repositories
- Work item, review, security, documentation, diagram, and terminal surfaces
- Mobile, Raycast, watch, widget, and menu bar companion controls
pnpm dev
Inspectable app runtime
Anvil Cloud
anvil-cloud
A local-first TypeScript platform for Anvil Cells: small deployable app units with explicit capabilities, shared runtime request contracts, generated manifests, local inspection, and adapter-driven deployment.
Boundary: Owns the Cell contract, runtime, builder, local server, generated client, CLI, and deployment adapter boundary.
Status: v0 implementation exists across runtime, builder, local, client, CLI, and AWS preview packages.
- Object-based Cell DSL for app, schema, query, mutation, endpoint, and job definitions
- Shared RuntimeRequest and RuntimeHost model for local, tests, and adapters
- Builder pipeline for import policy, typecheck, bundle, manifest, and generated client output
- Local runtime plus AWS preview adapter with CloudFormation synthesis and optional provisioning
anvil check --json
npm policy gateway
Anvil Registry
anvil-registry
A TypeScript registry gateway that proxies npm metadata and tarballs, evaluates deterministic policy, queues package analysis, caches artefacts, and records decisions before installs reach developers or CI.
Boundary: Owns dependency ingress, policy decisions, analysis, cache identity, and override audit.
Status: Rough alpha for local trials, security review, early CI experiments, and contribution work.
- npm-compatible Fastify gateway for metadata, tarballs, audit, and scoped upstreams
- Worker-backed static analysis, provenance signals, and optional LLM review context
- Postgres, object storage, queue adapters, Admin UI, CLI, Docker Compose, and SST
- Explicit audited overrides, quarantine/block decisions, and developer explain output
npm config set registry http://localhost:4873
Hardened Node image
Anvil Node Base
anvil-registry/devcontainer-base
A Node 22 devcontainer base image for safer installs. Safe mode disables lifecycle scripts; observed mode runs them deliberately while writing inspectable reports.
anvil-npm-ci-safe
The useful promise is narrow
Anvil does not claim that agents, heuristics, or abstractions remove engineering judgement. It gives reviewers better artefacts to judge.
Local facts first
Desktop workflows start from local checkouts, branch state, typed IPC boundaries, SQLite state, Git, PTYs, and explicit connector configuration.
Policy beats theatre
Registry decisions come from deterministic package metadata, static findings, provenance, popularity, overrides, and cached immutable identities.
Runtime contracts stay small
Cloud Cells use a constrained app contract. Provider SDKs and infrastructure authoring belong in adapters, not app code.
Agents help, they do not govern
Codex and LLM workflows can plan, implement, review, and explain. The authority still comes from repo evidence, deterministic gates, and human review.
Docs are part of the product
The public site is markdown-first so architecture, setup, limits, and status can be reviewed in Git with the code.
Docs meant for maintainers
Start with the public docs, then follow the links into commands, architecture, status notes, and the repo boundaries that matter.
Start here
Choose Desktop, Registry, Node Base, or Cloud from the repo and workflow you actually need.
Repository map
See which repo owns which product surface, where to look first, and how the projects fit together.
Desktop architecture
Follow the Electron main, preload, shared IPC, renderer, SQLite, and service-layer boundaries.
Desktop agent workflows
Run planning, implementation, review, security, documentation, BA, and handover sessions with evidence.
Registry quickstart
Run the gateway locally, route package manager traffic through it, and inspect package decisions.
Registry policy
Read how metadata, provenance, static findings, popularity, analysis, and overrides shape decisions.
Cloud Cell contract
Understand app, schema, query, mutation, endpoint, job, capability, and generated manifest shapes.
Cloud CLI
Use anvil new, dev, check, build, inspect, logs, db, and deploy preview with stable JSON output.
Node Base reports
Inspect safe and observed install reports, submit them to the registry, and wire them into CI gates.
Open source posture
The scope boundaries, alpha notes, and anti-vendor-sludge position behind the project.
Contributing
Development setup, commit style, and review expectations across the Anvil repo family.