The Governed Back-Office Operating System for SaaS.

IntendedOps is an open-source platform for running your SaaS back office with deterministic agents — scheduled and event-driven jobs like billing dunning, refund processing, and support triage — that cannot take a consequential action without governance approval. Every action is proposed, evaluated against trust tiers and policy, executed only if allowed, and audited end to end.

It is provider-agnostic: your database, auth, governance engine, email, and payments are each a config-selected adapter. Nothing is hardwired. Run it locally on SQLite in a couple of minutes, or deploy it into your own AWS account with one CloudFormation stack.

Honest framing. The agents that run your operations are plain deterministic code — no LLM in the action path. A model never decides what executes. There is a separate, optional natural-language Copilot (Settings → AI Providers) that uses an LLM you supply purely to draft governed intents for a human to approve; it has no execution authority of its own.

Every consequential action follows the same path, regardless of which agent proposes it or which governance engine decides:

 Agent (deterministic) Governance Execution
 ┌──────────────────┐ ┌──────────────┐ ┌───────────┐
 │ cron / event job │ │ EVALUATE │ │ adapter │
 │ "I want to do X" │──────▶ │ ALLOW │──ALLOW──▶ │ runs X │──▶ Audit
 └──────────────────┘ Intent │ ESCALATE │ └───────────┘ (every
 │ DENY │ ▲さんかく outcome
 └──────┬───────┘ │ recorded)
 │ ESCALATE │
 ▼ │
 human approval ───────────────┘

Guarantees, enforced by the pipeline:

Governance itself is pluggable — this is the open-core seam. Run the native engine (a self-contained, in-process policy + trust evaluator) for free, or flip governance.provider to intended to route every decision to the Intended runtime — a separate, paid hosted service that returns cryptographically signed authority decisions. Same governance contract either way; flipping the provider changes the deciding engine for the whole app, not a demo path. See Upgrading to the Intended runtime.

There are two honest paths. Pick the one that matches what you're doing.

The default stack — SQLite + built-in auth + native governance + console email — needs no external service and no secrets.

git clone https://github.com/intended-so/intendedops.git
cd intendedops
pnpm install
pnpm dev:web # web app on http://localhost:3006

An unconfigured deploy redirects to http://localhost:3006/setup — a six-step wizard (Database → Auth → Governance → Email → Payment → Review) that lets you choose each provider, test the connection live, then provisions the schema, writes your choices to intendedops.config.ts and your secrets to a gitignored .env.local, and marks setup complete.

Want to skip the wizard? IntendedOps also boots straight from config + env — commit intendedops.config.ts and supply secrets via the environment (see Configuration). That's the path CI and the AWS deploy use.

deploy/aws/ ships a CloudFormation template that stands up the full back-office inside your own AWS account: an App Runner service running the apps/web container, backed by a private RDS Postgres, in a dedicated VPC, with secrets in Secrets Manager. The app auto-creates its schema on first boot.

Because you run the template from your CloudFormation console, your Intended API key (if you use the hosted runtime) goes straight into your Secrets Manager and never reaches the vendor.

Honest status. The template is real and complete. Two operator publishing steps are required before the launch URL is literally one click for a stranger: publishing the container image to a registry App Runner can pull, and hosting the template on S3. These are vendor steps, not yet done in this repo, and are documented plainly. See deploy/aws/DEPLOY-AWS.md .

A Dockerfile (repo root) builds the apps/web container for any container host (App Runner, ECS, Fly, Railway, a VM). See Configuration for the environment variables it expects.

Every external dependency is a config-selected adapter. Pick what you run, or let the /setup wizard pick and test it for you.

// intendedops.config.ts
import { defineConfig } from '@intendedops/config';
export default defineConfig({
 name: 'My SaaS',
 database: { provider: 'postgres', url: process.env.DATABASE_URL },
 auth: { provider: 'builtin' },
 email: { provider: 'resend', from: 'noreply@mysaas.com' },
 payments: { provider: 'stripe' },
 governance: { provider: 'native' }, // or 'intended' for the hosted runtime
});

sqlite + builtin + native + console each need no external service and no secret — that's the zero-config local path. Supabase is one option among several, never a requirement. The full env-var reference is in RUN-ON-YOUR-STACK.md .

Auth note: builtin needs both INTENDEDOPS_AUTH_PROVIDER=builtin (server) and NEXT_PUBLIC_AUTH_PROVIDER=builtin (client). The wizard and the AWS template set both. Builtin signup logs you in immediately; magic-link/MFA are Supabase-only.

Every agent action is evaluated against a trust tier before execution. The tier determines whether a human must approve.

The native engine is designed for startups and small teams and runs entirely in-process. When you need cryptographically signed authority decisions, Open Intent classification, and independently verifiable audit evidence, point the same governance contract at the Intended runtime — a separate hosted service:

// Before — local engine, free, no external dependency
governance: { provider: 'native' }
// After — route every decision to the Intended hosted runtime
governance: {
 provider: 'intended',
 apiKey: process.env.INTENDED_API_KEY,
 config: { tenantId: process.env.INTENDED_TENANT_ID },
}

No code changes, no migration — the agents, domains, and adapters are unchanged. The runtime is a service you point at; its decision engine is a separate product, not part of this repository. If the runtime is misconfigured or unreachable, the provider fails closed (DENY), never silently degrading. Learn more at intended.so.

intendedops/
├── packages/
│ ├── config/ # Config system (Zod-validated, provider selection)
│ ├── contracts/ # Shared TypeScript interfaces & intent types
│ ├── core/ # Intent, policy, and trust engines
│ ├── data/ # DataConnector contract + portable schema/migrations
│ ├── agents/ # Deterministic agent framework (no LLM)
│ ├── adapters/ # Adapter framework
│ ├── governance-contracts/ # Shared governance contract types
│ ├── sdk/ # Client SDK
│ ├── billing/ # Billing state machines
│ └── <db|auth|email|payment|ai|storage|queue|cache|notification>-* # adapter packages
│
├── domains/ # Back-office domain agents
│ ├── billing/ # ✅ full agent (reference implementation)
│ ├── support/ # ✅ full agent (reference implementation)
│ ├── identity/ sales/ contracts/ compliance/ vendors/
│ │ # ◻︎ intent types defined; full agent welcome (see CONTRIBUTING)
│
├── governance-providers/
│ ├── native/ # Built-in in-process engine (free default)
│ ├── intended/ # Connector to the Intended hosted runtime (paid)
│ ├── saas/ # Connector to any contract-compatible authority
│ └── factory/ # Selects the engine from config.governance.provider
│
├── services/
│ ├── api/ # REST API server
│ ├── auth/ # Authentication service
│ ├── ledger/ # Audit ledger service
│ └── worker/ # Background job worker
│
├── apps/
│ ├── web/ # Customer-facing app + operator dashboard (Next.js)
│ └── console/ # Operator console (Next.js)
│
├── adapters/
│ ├── stripe/ zendesk/ # External-system adapters
│
├── deploy/aws/ # CloudFormation BYOC deploy (App Runner + RDS)
├── Dockerfile # apps/web container image
└── docs/ # Deeper specs (see Documentation)

pnpm install # install workspace dependencies
pnpm build # build all packages (Turborepo)
pnpm typecheck # type-check the workspace
pnpm test # run the integration suite (Vitest)
pnpm dev:web # run the web app on :3006

IntendedOps is open source under the Apache 2.0 license. Domain agents with intent types already defined (identity, sales, contracts, compliance, vendors) are the highest-value first contributions — study domains/billing/ and domains/support/ as complete references. See CONTRIBUTING.md .

All contributions must respect the governance guarantees above: no direct model-to-action execution, fail-closed by default, no bypass paths, every action audited, human approval for high-impact.

Apache License 2.0 © Intended, Inc.

Governed by design. Open by default.