Quickstart (5 minutes)
Run IBEX Harness locally and send your first proxied request in about five minutes.
Clone the repo, boot dependencies with Docker Compose, start auth and proxy, and send a protected chat request. A 501 response means Phase 1 succeeded — auth, agent verify, and routing worked; provider forwarding ships in Phase 2.
Prerequisites
- Go 1.25+ and GNU Make
- Docker Compose v2
- Git (Git Bash on Windows for Make targets)
- OpenAI API key — optional until Phase 2; not used by the Phase 1 probe
1. Clone and configure
git clone https://github.com/Rick1330/ibex-harness.git
cd ibex-harness
cp .env.example .envSet IBEX_AUTH_VALIDATE_TIMEOUT=2s in services/proxy/.env (or export it) — the production 50ms budget often returns 503 on developer machines during Argon2 verification.
2. Boot infrastructure
make compose-dev-up
make db-migrate
make db-seedmake db-seed prints a dev PAT and agent ID. Fixed wire-form PAT from seed:
ibex_pat_00000000-0000-0000-0000-000000000004_LOCALDEVELOPMENTONLYOrg: 00000000-0000-0000-0000-000000000001 · Agent: 00000000-0000-0000-0000-000000000003
3. Start services
In separate terminals (auth gRPC must be up before protected proxy routes):
cd services/auth && go run .cd services/proxy && go run .Optional one-shot smoke after both are running:
make dev-smoke4. Probe a protected route
Send an OpenAI-shaped chat request to the org-scoped path. Export credentials from seed output or use the fixed dev values:
export IBEX_TEST_PAT="ibex_pat_00000000-0000-0000-0000-000000000004_LOCALDEVELOPMENTONLY"
export IBEX_TEST_AGENT_ID="00000000-0000-0000-0000-000000000003"
curl -s -w "\nHTTP %{http_code}\n" \
-X POST "http://localhost:8080/v1/orgs/00000000-0000-0000-0000-000000000001/chat/completions" \
-H "Authorization: Bearer ${IBEX_TEST_PAT}" \
-H "X-IBEX-Agent-ID: ${IBEX_TEST_AGENT_ID}" \
-H "Content-Type: application/json" \
-d '{"model":"gpt-4o","messages":[{"role":"user","content":"hello"}]}'Expected response
HTTP 501 with a JSON error envelope:
{
"error": {
"code": "PROVIDER_NOT_CONFIGURED",
"message": "No LLM provider adapter is configured for this deployment",
"request_id": "01HXXXXXXXXXXXXXXXXXXXX"
}
}Request flow
What just happened
Token validated
The proxy called auth ValidateToken over gRPC with your bearer PAT.
Agent verified
X-IBEX-Agent-ID was checked against the org in the URL path.
Body normalized
JSON was parsed per ADR-0012; provider forwarding is deferred to Phase 2.
501 returned
No provider adapter is registered — expected until Phase 2.
Common issues
| Symptom | Fix |
|---|---|
503 SERVICE_DEGRADED on chat | Set IBEX_AUTH_VALIDATE_TIMEOUT=2s on proxy; ensure auth is running on :9091 |
401 / 403 on chat | Re-run make db-seed; verify PAT and agent ID match seed output |
connection refused on :8080 | Start proxy after auth; check IBEX_PORT |
| Compose ports in use | Stop conflicting Postgres/Redis or change compose port mappings |
Full guide: Troubleshooting.
Next steps
- Concepts — org, agent, and PAT model
- Docker Compose — dependency stack detail
- Chat completions API — 501 contract and headers
- API errors — full error code catalog
Was this page helpful?
Last updated on