{"id":44474244,"url":"https://github.com/lanternops/breeze","last_synced_at":"2026-07-05T00:01:03.561Z","repository":{"id":337907325,"uuid":"1134021936","full_name":"LanternOps/breeze","owner":"LanternOps","description":"Open-source Remote Monitoring \u0026 Management (RMM) platform for MSPs and IT teams","archived":false,"fork":false,"pushed_at":"2026-06-28T03:24:24.000Z","size":114234,"stargazers_count":48,"open_issues_count":26,"forks_count":17,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-06-28T04:06:57.649Z","etag":null,"topics":["golang","it-management","monitoring","msp","remote-management","rmm","self-hosted","typescript"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/LanternOps.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-01-14T06:16:46.000Z","updated_at":"2026-06-28T03:24:27.000Z","dependencies_parsed_at":null,"dependency_job_id":"c6a4b54e-a13a-4ea8-aa2c-c6488176f82d","html_url":"https://github.com/LanternOps/breeze","commit_stats":null,"previous_names":["lanternops/breeze"],"tags_count":170,"template":false,"template_full_name":null,"purl":"pkg:github/LanternOps/breeze","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LanternOps%2Fbreeze","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LanternOps%2Fbreeze/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LanternOps%2Fbreeze/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LanternOps%2Fbreeze/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/LanternOps","download_url":"https://codeload.github.com/LanternOps/breeze/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LanternOps%2Fbreeze/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35139194,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-04T02:00:05.987Z","response_time":113,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","it-management","monitoring","msp","remote-management","rmm","self-hosted","typescript"],"created_at":"2026-02-12T22:08:22.246Z","updated_at":"2026-07-05T00:01:03.522Z","avatar_url":"https://github.com/LanternOps.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/assets/breeze-logo.png\" alt=\"Breeze\" width=\"120\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eBreeze\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eThe open source, AI-native RMM.\u003c/strong\u003e\u003cbr/\u003e\n  Monitor, manage, and remediate — with an AI brain built in.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://breezermm.com/features/\"\u003e\u003cstrong\u003e▶ Live Demos\u003c/strong\u003e\u003c/a\u003e •\n  \u003ca href=\"#security\"\u003eSecurity\u003c/a\u003e •\n  \u003ca href=\"#quick-start\"\u003eQuick Start\u003c/a\u003e •\n  \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e •\n  \u003ca href=\"#ai-brain\"\u003eAI Brain\u003c/a\u003e •\n  \u003ca href=\"#architecture\"\u003eArchitecture\u003c/a\u003e •\n  \u003ca href=\"#roadmap\"\u003eRoadmap\u003c/a\u003e •\n  \u003ca href=\"#contributing\"\u003eContributing\u003c/a\u003e •\n  \u003ca href=\"#license\"\u003eLicense\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/lanternops/breeze/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-AGPL--3.0-blue\" alt=\"License\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/lanternops/breeze/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/lanternops/breeze\" alt=\"Release\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://breezermm.com/discord\"\u003e\u003cimg src=\"https://img.shields.io/badge/discord-join-7289da\" alt=\"Discord\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/breeze-ai-demo.gif\" alt=\"Breeze AI Demo — Check a device's health\" width=\"800\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cem\u003eWant to click around?\u003c/em\u003e \u003ca href=\"https://breezermm.com/features/\"\u003e\u003cstrong\u003eInteractive feature demos at breezermm.com/features\u003c/strong\u003e\u003c/a\u003e (e.g. \u003ca href=\"https://breezermm.com/features/remote-access/\"\u003eRemote Access\u003c/a\u003e).\n\u003c/p\u003e\n\n---\n\n## What is Breeze?\n\nBreeze is a full-featured remote monitoring and management platform with AI built into its core — not bolted on as an afterthought.\n\nSoftware features are exploding, but people can't keep up. Every RMM on the market adds more buttons, more tabs, more dashboards. Breeze takes a different approach: **an AI agent that actually uses the features for you.** It investigates alerts, remediates issues, documents what it did, and only bothers you when it needs a human decision.\n\nBreeze is free, open source (AGPL-3.0), and designed to be self-hosted or [cloud-hosted at breezermm.com](https://breezermm.com).\n\n### Why Breeze?\n\n- **AI-native, not AI-added.** Every page has an AI assistant that can see what you see and take action using built-in tools. Not a chatbot — an agent.\n- **Lightweight agent.** Single Go binary. Cross-platform. Minimal resource footprint. Your clients won't notice it's there.\n- **Actually open source.** AGPL-3.0. Read every line. Fork it. Contribute. No bait-and-switch.\n- **Multi-tenant from day one.** Built for MSPs managing multiple clients, not retrofitted from a single-tenant architecture.\n- **Modern stack.** Not a legacy codebase with 15 years of technical debt. Clean, fast, extensible.\n\n---\n\n## Security\n\nBreeze has privileged access to every device it manages. We take that seriously.\n\n| Layer | What We Do |\n|---|---|\n| **Authentication** | Argon2id passwords, JWT with 15-min expiry, TOTP MFA, SHA-256 hashed tokens, email verification on signup |\n| **Authorization** | RBAC with scope-based multi-tenancy, forced PostgreSQL row-level security on every tenant table — no app-layer-only fallback, even table owners can't bypass |\n| **Encryption** | AES-256-GCM at rest, TLS 1.2+ in transit, HSTS preload, no plaintext secrets stored anywhere |\n| **Agent hardening** | Bearer token auth (SHA-256 hashed), 0600 config file permissions, optional Cloudflare mTLS |\n| **Rate limiting** | Redis sliding window on all auth endpoints and agent APIs — fail-closed if Redis is unavailable |\n| **Input validation** | Zod schemas on every external input — API requests, WebSocket messages, query parameters |\n| **AI safety** | Risk-classified action engine — dangerous operations require human approval, critical operations blocked entirely |\n| **Supply chain** | 5 automated scanners in CI: CodeQL SAST, Gitleaks, npm audit, govulncheck, Trivy CVE scanning |\n| **Audit trail** | Structured audit logging with actor tracking, org-scoped retention policies, S3 archival |\n| **Operational** | Secret rotation runbooks, disaster recovery procedures (RTO \u003c 1 hour, RPO \u003c 15 minutes) |\n| **Abuse controls** | Cross-tenant platform-admin suspend endpoint, email-verification gate on signup, fail-closed token revocation |\n\nFor the full security whitepaper, including SOC 2 alignment mapping, see **[Security Practices](docs/SECURITY_PRACTICES.md)**.\n\nTo report a vulnerability: **[security@lanternops.io](mailto:security@lanternops.io)** — see [SECURITY.md](SECURITY.md) for our disclosure policy.\n\n---\n\n## Features\n\n### Device Management\n- **Hardware \u0026 software inventory** — CPU, memory, storage, network, installed applications, versions\n- **Real-time device health** — Health checks with configurable thresholds and alerting\n- **Configuration policies** — Hierarchical policy management with feature links and per-assignment resolution\n- **Advanced filtering** — Query your fleet with powerful filters across any device attribute\n- **Network discovery** — ARP, ICMP, port, and SNMP scans to find unmanaged devices on each site\n- **Custom fields \u0026 tags** — Extend device records with your own metadata\n- **Configuration drift \u0026 change tracking** — Audit baselines, CIS hardening checks, software/peripheral policies\n\n### Remote Access\n- **Remote terminal** — Full shell access to managed devices\n- **Remote file browser** — Browse, upload, and download files\n- **Remote desktop** — Visual remote control of devices, multi-display, clipboard sync, computer-control automation\n- **Native viewer \u0026 helper apps** — Tauri-based desktop apps for macOS and Windows\n- **Activity monitoring** — See what's happening on a device in real time\n- **TURN relay** — Built-in coturn for WebRTC traversal across NATs and firewalls\n\n### Automation\n- **Remote scripting** — Execute scripts (PowerShell, Bash, Python) across devices\n- **Patch management** — Inventory, approve, and deploy OS and application patches; maintenance windows + update rings\n- **Alerts \u0026 notifications** — Configurable alerts with severity classification, routing, webhook delivery\n- **Playbooks** — Reusable remediation workflows\n- **Deployments** — Push agents and software at scale\n- **Watchdog** — Self-healing agent supervisor that auto-restarts on failure\n\n### Backup \u0026 Recovery\n- **Endpoint snapshot backup** — Restic-based snapshots to S3-compatible storage\n- **Bare-metal recovery** — Full-disk restore for Windows endpoints\n- **Hyper-V \u0026 SQL Server agents** — Application-aware backups\n- **Cloud-to-cloud (M365)** — Email, OneDrive, SharePoint, Teams, calendar\n- **Disaster recovery \u0026 verification** — Restore tests, encryption, retention policies\n\n### Integrations\n- **EDR** — SentinelOne and Huntress with risk-classified actions and incident correlation\n- **PSA** — Connect to popular ticketing systems\n- **MCP server** — Connect Claude.ai, ChatGPT, Cursor, or any MCP-aware AI agent over OAuth 2.1\n\n### AI Brain (BYOK)\n- **AI chat on every page** — Context-aware assistant that knows what you're looking at\n- **Tool-equipped agent** — The AI doesn't just talk, it acts — querying devices, running diagnostics, executing remediations\n- **Risk-classified actions** — Every AI action is validated against a risk engine before execution. Dangerous actions require human approval. Always.\n- **Bring your own key** — Plug in your Anthropic API key and the brain works out of the box\n- **External AI agents via MCP** — Or connect Claude.ai, ChatGPT, Cursor through the built-in MCP server with OAuth 2.1 + PKCE\n\n\u003e **🧠 [LanternOps Brain](https://lanternops.io)** — Want persistent memory, cross-tenant intelligence, automated playbooks, and compliance evidence generation? LanternOps is the managed AI brain for Breeze. Same RMM, smarter brain. [Learn more →](https://lanternops.io)\n\n---\n\n## Quick Start\n\n### Option 1: Cloud Hosted (Easiest)\n\nSkip infrastructure entirely. [Sign up at breezermm.com](https://breezermm.com) and have a fully managed Breeze instance in minutes.\n\n### Option 2: Self-Hosted Guided Setup\n\nRequires [Docker](https://docs.docker.com/get-docker/) and Docker Compose.\n\nRun the guided setup from an empty directory where you want Breeze's generated `.env` and `docker-compose.yml` files to live:\n\n```bash\nmkdir breeze \u0026\u0026 cd breeze\ncurl -fsSLO https://raw.githubusercontent.com/lanternops/breeze/main/scripts/guided-setup.sh\nchmod +x guided-setup.sh\n./guided-setup.sh\n```\n\nThe guided setup checks required commands, Docker Compose, CPU, RAM, and free disk space before generating configuration. It asks which Breeze release to install, downloads that release's `docker-compose.yml` and `.env.example`, preserves the comments from `.env.example` in your generated `.env`, prompts for the required settings, and can generate secure passwords and application secrets with `openssl rand`.\n\nDuring setup you can choose the packaged Caddy reverse proxy, Nginx Proxy Manager, or another external reverse proxy path. You can also choose Docker named volumes or local `./data` subdirectories for persistent container data.\n\nAfter the files are generated, the script lets you either stop with ready-to-use config files or continue into the guided start flow. The start flow prompts before pulling images and before running `docker compose up -d`, waits for the API to become healthy, then walks you through signing in with the one-time bootstrap credentials. Once you confirm first login is complete, it removes the bootstrap values from `.env`.\n\nOn Linux hosts with systemd, the guided setup can also install a reboot startup service for cleaner shutdowns and startups. On shutdown, it asks Docker Compose to stop the Breeze stack before Docker itself stops. On startup, it reruns Compose after Docker and networking are online, helping Breeze bring up Postgres/Redis, API/Web, and optional services in the intended order. The service stores its helper in a root-owned system path and points it at the setup directory you selected. For an existing guided install, run `./guided-setup.sh --install-systemd` from the Breeze setup directory.\n\n### Option 3: Self-Hosted Manual Docker\n\nRequires [Docker](https://docs.docker.com/get-docker/) and Docker Compose.\n\n```bash\nmkdir breeze \u0026\u0026 cd breeze\ncurl -fsSLO https://raw.githubusercontent.com/lanternops/breeze/main/docker-compose.yml\ncurl -fsSLO https://raw.githubusercontent.com/lanternops/breeze/main/.env.example\n# Caddy config — the compose file bind-mounts this, so it must exist on disk first.\n# (If it's missing, Docker creates docker/Caddyfile.prod as a directory and Caddy fails.)\ncurl -fsSL --create-dirs -o docker/Caddyfile.prod https://raw.githubusercontent.com/lanternops/breeze/main/docker/Caddyfile.prod\ncp .env.example .env\n\n# Edit .env — at minimum set these:\n#   BREEZE_DOMAIN        your domain (or \"localhost\" for local testing)\n#   ACME_EMAIL           email for Let's Encrypt certs\n#   JWT_SECRET           openssl rand -base64 64\n#   AGENT_ENROLLMENT_SECRET  openssl rand -hex 32\n#   APP_ENCRYPTION_KEY   openssl rand -hex 32\n#   MFA_ENCRYPTION_KEY   openssl rand -hex 32\n#   ENROLLMENT_KEY_PEPPER    openssl rand -base64 32\n#   MFA_RECOVERY_CODE_PEPPER openssl rand -base64 32\n#   BREEZE_BOOTSTRAP_ADMIN_EMAIL     your admin email, first boot only\n#   BREEZE_BOOTSTRAP_ADMIN_PASSWORD  one-time value from `openssl rand -base64 32`\n#\n# BREEZE_VERSION ships pinned to a known-good release. Bump it to upgrade\n# (see https://github.com/lanternops/breeze/releases for the current version).\n\n# Optional — for remote desktop (WebRTC TURN relay):\n#   TURN_HOST            public IP of your TURN server\n#   TURN_SECRET          openssl rand -hex 32\n\ndocker compose up -d\n\n# To enable TURN for remote desktop across NATs/firewalls:\n# docker compose --profile turn up -d\n```\n\nBreeze will be running at `https://your-domain` (or `https://localhost` with a self-signed cert for local testing).\n\nOn first production boot against an empty database, Breeze creates the initial Partner Admin only from operator-provided `BREEZE_BOOTSTRAP_ADMIN_EMAIL` and `BREEZE_BOOTSTRAP_ADMIN_PASSWORD` values. If those values are missing, startup refuses to seed the empty production database. The password is never printed to logs. After you sign in and finish setup, remove those bootstrap values from `.env`.\n\nFor hardened production deploys (Cloudflare Tunnel, mandatory digest-pinned images, monitoring + logging), see [docs/DEPLOY_PRODUCTION.md](docs/DEPLOY_PRODUCTION.md) which uses `deploy/docker-compose.prod.yml`.\n\n### Install the Agent\n\nFrom your Breeze dashboard, navigate to **Settings → Agents → Download** to get the agent installer for your platform.\n\nOr install directly:\n\n```bash\n# Build from source\ncd agent\nmake build\n\n# Binaries land in agent/bin/ — including breeze-agent, breeze-desktop-helper,\n# breeze-watchdog, and breeze-backup.\n# See docs/AGENT_INSTALLATION.md for enrollment instructions.\n```\n\n### Enable the AI Brain (Optional)\n\n1. Go to **Settings → AI Brain → BYOK**\n2. Enter your [Anthropic API key](https://console.anthropic.com/)\n3. The AI assistant is now active on every page\n\n---\n\n## AI Brain\n\nBreeze ships with the Claude Agent SDK integrated and an MCP server you can point any AI agent at. The AI isn't a separate product or plugin — it's woven into the platform, and the same risk engine governs every action whether it comes from the in-product chat or from an external agent over MCP.\n\n### How It Works\n\nThe AI brain has access to **tools** — the same capabilities you have in the dashboard. When you ask it to investigate an alert, it can query device details, check event logs, run diagnostic scripts, and propose remediations. When it decides to take an action, that action passes through the **risk engine** before execution.\n\n```\nYou: \"Why is ACME-WS05 running slow?\"\n\nBrain: I'll investigate. Let me check the device health.\n       → [calls get_device_details]\n       → [calls get_event_stream]\n       → [calls run_script: Get-Process | Sort-Object CPU -Descending | Select -First 10]\n\n       ACME-WS05 has high CPU from Windows Update stuck in a retry loop.\n       KB5034441 failed with error 0x80070643 — the recovery partition\n       is too small. I can fix this by extending the partition and\n       retrying the update.\n\n       ⚠️ This requires running a disk partition script (Risk: High).\n       Approve? [Yes] [Modify] [Deny]\n```\n\n### Risk Classification\n\nEvery action the AI can take is classified by risk level. This is enforced by the RMM, not the AI — the brain cannot bypass it.\n\n| Risk Level | Behavior | Examples |\n|---|---|---|\n| **Low** | Auto-execute, logged | Query devices, read logs, generate reports |\n| **Medium** | Execute + notify tech | Run read-only scripts, deploy pre-approved patches |\n| **High** | Requires human approval | State-changing scripts, patches outside maintenance window |\n| **Critical** | Blocked entirely | Wipe device, bulk destructive operations |\n\nRisk policies are fully configurable per partner, organization, site, or device group.\n\n### BYOK vs LanternOps Brain\n\n| Capability | BYOK (Free) | LanternOps Brain |\n|---|---|---|\n| AI chat on every page | ✅ | ✅ |\n| Tool-equipped agent | ✅ | ✅ |\n| Risk-classified actions | ✅ | ✅ |\n| Persistent memory | ❌ | ✅ |\n| Cross-tenant intelligence | ❌ | ✅ |\n| Automated playbooks | ❌ | ✅ |\n| Proactive remediation | ❌ | ✅ |\n| Compliance evidence | ❌ | ✅ |\n| Client-facing reports | ❌ | ✅ |\n| Escalation routing | ❌ | ✅ |\n\n---\n\n## Architecture\n\n### Multi-Tenant Hierarchy\n\n```\nPartner (MSP) → Organization (Customer) → Site (Location) → Device Group → Device\n```\n\nEvery entity in Breeze is scoped to this hierarchy. Permissions, policies, alerts, and AI risk classifications cascade down and can be overridden at any level.\n\n### Tech Stack\n\n| Layer | Technology |\n|---|---|\n| Frontend | Astro + React Islands |\n| API | Hono (TypeScript) |\n| Database | PostgreSQL with forced row-level security + Drizzle ORM |\n| Queue | BullMQ + Redis |\n| Agent | Go (cross-platform); native helper/viewer in Tauri (Rust) |\n| Real-time | WebSocket + HTTP polling |\n| Remote Access | WebRTC + coturn TURN relay |\n| Reverse Proxy | Caddy with automatic Let's Encrypt |\n| AI | Claude Agent SDK (Anthropic), MCP server with OAuth 2.1 |\n\n### Brain Connector\n\nThe Brain Connector is the interface between the RMM and any AI brain (BYOK or LanternOps). It exposes RMM capabilities as Agent SDK tools and enforces risk classification on every action.\n\n```\n┌─────────────────────────────┐\n│  AI Brain                   │\n│  (BYOK local or LanternOps) │\n│         │                   │\n│    Agent SDK                │\n│    \"I need to check this    │\n│     device's patch status\"  │\n│         │                   │\n│    calls get_patch_status() │\n└─────────┬───────────────────┘\n          │\n          ▼\n┌─────────────────────────────┐\n│  Brain Connector            │\n│  ┌───────────────────────┐  │\n│  │   Risk Validator      │  │\n│  │   (always enforced)   │  │\n│  └───────────────────────┘  │\n│         │                   │\n│    RMM Core                 │\n│    (devices, agents, data)  │\n└─────────────────────────────┘\n```\n\nFor detailed architecture documentation, see [docs/architecture.md](docs/architecture.md).\n\n---\n\n## Roadmap\n\n### Now\n- [x] Device inventory (hardware, software, network, security)\n- [x] Remote terminal, file browser, desktop, activity monitoring\n- [x] Remote scripting\n- [x] Patch management with maintenance windows + update rings\n- [x] Health checks \u0026 alerting\n- [x] Configuration policies (hierarchical with feature links)\n- [x] Advanced filtering\n- [x] AI chat with tool-equipped agent (BYOK)\n- [x] Risk-classified action engine\n- [x] Multi-tenant hierarchy\n- [x] macOS, Windows, and Linux agents\n- [x] Network discovery (ARP, ICMP, port, SNMP)\n- [x] Endpoint backup (snapshot, bare-metal recovery, Hyper-V, SQL Server)\n- [x] Cloud-to-cloud backup (M365)\n- [x] EDR integrations (SentinelOne, Huntress)\n- [x] MCP server with OAuth 2.1 for external AI agents\n- [x] Native viewer + helper desktop apps (macOS, Windows)\n- [x] Watchdog auto-restart and agent self-update\n- [x] Reports \u0026 client-facing exports\n- [x] CIS hardening checks and audit baselines\n- [x] Email verification + cross-tenant abuse controls\n\n### Next\n- [ ] LanternOps Brain connector (managed AI brain with cross-tenant intelligence)\n- [ ] Playbook engine (executable workflow runtime)\n- [ ] Approval workflow UI for high-risk AI actions\n- [ ] Expanded compliance framework evaluations\n- [ ] PSA integrations (ConnectWise, Autotask, HaloPSA)\n- [ ] Documentation platform integrations (IT Glue, Hudu)\n- [ ] Mobile app (iOS / Android) — alerts, approvals, on-call response\n- [ ] SSO (SAML, OIDC) — implemented, awaiting field validation\n\n### Later\n- [ ] Cross-tenant intelligence\n- [ ] Proactive remediation\n- [ ] Marketplace for community playbooks\n\n---\n\n## Platform Support\n\n| Platform | Agent Status | Notes |\n|---|---|---|\n| macOS | ✅ Working | Primary development platform; native helper + viewer |\n| Windows | ✅ Working | Full feature parity with macOS; signed MSI installer + Watchdog service |\n| Linux | ✅ Working | Daemon + service install via systemd; remote desktop and discovery require root |\n\n---\n\n## Contributing\n\nBreeze is built by MSPs, for MSPs. Contributions are welcome.\n\n### Getting Started\n\n```bash\n# Clone the repo\ngit clone https://github.com/lanternops/breeze.git\ncd breeze\n\n# Install dependencies\npnpm install\n\n# Apply database migrations\npnpm db:migrate\n\n# Start the dev server (API + web + helper)\npnpm dev\n\n# Build the Go agent\ncd agent\nmake build  # outputs to agent/bin/\n```\n\n### Ways to Contribute\n\n- **Bug reports** — Found something broken? [Open an issue](https://github.com/lanternops/breeze/issues).\n- **Feature requests** — Have an idea? [Start a discussion](https://github.com/lanternops/breeze/discussions).\n- **Code** — Pick up an issue, submit a PR. See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n- **Agent testing** — Run the agent on Windows/Linux and report what works and what doesn't.\n- **Playbooks** — Share your remediation workflows so others can use them.\n- **Documentation** — Help us make the docs better.\n\n### Community\n\n- [Discord](https://breezermm.com/discord) — Chat with the team and other MSPs\n- [GitHub Discussions](https://github.com/lanternops/breeze/discussions) — Feature requests and ideas\n- [Twitter/X](https://twitter.com/breeze_rmm) — Updates and announcements\n\n---\n\n## FAQ\n\n**Is this really free?**\nYes. Breeze is AGPL-3.0 licensed. Self-host it, use it in production, manage as many endpoints as you want. Free forever.\n\n**What's the catch?**\nNo catch. The business model is [LanternOps](https://lanternops.io) — a managed AI brain that connects to Breeze and adds persistent memory, cross-tenant intelligence, automated playbooks, and compliance evidence. Breeze is great on its own. LanternOps makes it autonomous.\n\n**How is this different from Tactical RMM?**\nTactical RMM is a solid project. Breeze is AI-native — the agent SDK and tool system are core to the architecture, not an integration. We also have built-in remote access (WebRTC), a modern frontend (Astro + React), and a multi-tenant hierarchy designed for MSPs from day one.\n\n**Can I use this for my internal IT team (not an MSP)?**\nAbsolutely. The multi-tenant hierarchy works for internal IT too — just use Organizations as departments or offices.\n\n**What AI models are supported?**\nFor the in-product AI chat, Breeze uses the Claude Agent SDK (Anthropic). BYOK mode requires an Anthropic API key. We chose Claude for its tool-use capabilities and reasoning quality. Separately, Breeze runs a built-in MCP server with OAuth 2.1 + PKCE, so you can connect Claude.ai, ChatGPT, Cursor, or any other MCP-compatible AI agent — using whichever model that platform runs. We're open to community contributions for additional in-product model providers.\n\n**Is there an agent auto-update?**\nYes. The Breeze agent has a built-in updater that pulls signed release artifacts and self-installs across macOS, Windows, and Linux. The Watchdog service supervises the agent process and restarts it on failure. Production deployments verify Ed25519-signed release manifests via `RELEASE_ARTIFACT_MANIFEST_PUBLIC_KEYS`.\n\n**Is my data safe?**\nSelf-hosted: your data never leaves your infrastructure. Cloud-hosted: data is isolated per partner with strict tenant separation. See our [Security Practices](docs/SECURITY_PRACTICES.md) for the full security whitepaper, including SOC 2 alignment mapping, encryption standards, and audit controls.\n\n---\n\n## License\n\nBreeze is licensed under [AGPL-3.0](LICENSE).\n\nYou can use, modify, and self-host Breeze freely. If you modify Breeze and offer it as a service, you must open source your modifications under the same license.\n\n---\n\n\u003cp align=\"center\"\u003e\n  Built by \u003ca href=\"https://lanternops.io\"\u003eLanternOps\u003c/a\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flanternops%2Fbreeze","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flanternops%2Fbreeze","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flanternops%2Fbreeze/lists"}