The open source, AI-native RMM.
Monitor, manage, and remediate — with an AI brain built in.
▶ Live Demos • Security • Quick Start • Features • AI Brain • Architecture • Roadmap • Contributing • License
Want to click around? Interactive feature demos at breezermm.com/features (e.g. Remote Access).
Breeze is a full-featured remote monitoring and management platform with AI built into its core — not bolted on as an afterthought.
Software features are exploding, but people can't keep up. Every RMM on the market adds more buttons, more tabs, more dashboards. Breeze takes a different approach: an AI agent that actually uses the features for you. It investigates alerts, remediates issues, documents what it did, and only bothers you when it needs a human decision.
Breeze is free, open source (AGPL-3.0), and designed to be self-hosted or cloud-hosted at breezermm.com.
- AI-native, not AI-added. Every page has an AI assistant that can see what you see and take action using built-in tools. Not a chatbot — an agent.
- Lightweight agent. Single Go binary. Cross-platform. Minimal resource footprint. Your clients won't notice it's there.
- Actually open source. AGPL-3.0. Read every line. Fork it. Contribute. No bait-and-switch.
- Multi-tenant from day one. Built for MSPs managing multiple clients, not retrofitted from a single-tenant architecture.
- Modern stack. Not a legacy codebase with 15 years of technical debt. Clean, fast, extensible.
Breeze has privileged access to every device it manages. We take that seriously.
| Layer | What We Do |
|---|---|
| Authentication | Argon2id passwords, JWT with 15-min expiry, TOTP MFA, SHA-256 hashed tokens, email verification on signup |
| Authorization | RBAC with scope-based multi-tenancy, forced PostgreSQL row-level security on every tenant table — no app-layer-only fallback, even table owners can't bypass |
| Encryption | AES-256-GCM at rest, TLS 1.2+ in transit, HSTS preload, no plaintext secrets stored anywhere |
| Agent hardening | Bearer token auth (SHA-256 hashed), 0600 config file permissions, optional Cloudflare mTLS |
| Rate limiting | Redis sliding window on all auth endpoints and agent APIs — fail-closed if Redis is unavailable |
| Input validation | Zod schemas on every external input — API requests, WebSocket messages, query parameters |
| AI safety | Risk-classified action engine — dangerous operations require human approval, critical operations blocked entirely |
| Supply chain | 5 automated scanners in CI: CodeQL SAST, Gitleaks, npm audit, govulncheck, Trivy CVE scanning |
| Audit trail | Structured audit logging with actor tracking, org-scoped retention policies, S3 archival |
| Operational | Secret rotation runbooks, disaster recovery procedures (RTO < 1 hour, RPO < 15 minutes) |
| Abuse controls | Cross-tenant platform-admin suspend endpoint, email-verification gate on signup, fail-closed token revocation |
For the full security whitepaper, including SOC 2 alignment mapping, see Security Practices.
To report a vulnerability: security@lanternops.io — see SECURITY.md for our disclosure policy.
- Hardware & software inventory — CPU, memory, storage, network, installed applications, versions
- Real-time device health — Health checks with configurable thresholds and alerting
- Configuration policies — Hierarchical policy management with feature links and per-assignment resolution
- Advanced filtering — Query your fleet with powerful filters across any device attribute
- Network discovery — ARP, ICMP, port, and SNMP scans to find unmanaged devices on each site
- Custom fields & tags — Extend device records with your own metadata
- Configuration drift & change tracking — Audit baselines, CIS hardening checks, software/peripheral policies
- Remote terminal — Full shell access to managed devices
- Remote file browser — Browse, upload, and download files
- Remote desktop — Visual remote control of devices, multi-display, clipboard sync, computer-control automation
- Native viewer & helper apps — Tauri-based desktop apps for macOS and Windows
- Activity monitoring — See what's happening on a device in real time
- TURN relay — Built-in coturn for WebRTC traversal across NATs and firewalls
- Remote scripting — Execute scripts (PowerShell, Bash, Python) across devices
- Patch management — Inventory, approve, and deploy OS and application patches; maintenance windows + update rings
- Alerts & notifications — Configurable alerts with severity classification, routing, webhook delivery
- Playbooks — Reusable remediation workflows
- Deployments — Push agents and software at scale
- Watchdog — Self-healing agent supervisor that auto-restarts on failure
- Endpoint snapshot backup — Restic-based snapshots to S3-compatible storage
- Bare-metal recovery — Full-disk restore for Windows endpoints
- Hyper-V & SQL Server agents — Application-aware backups
- Cloud-to-cloud (M365) — Email, OneDrive, SharePoint, Teams, calendar
- Disaster recovery & verification — Restore tests, encryption, retention policies
- EDR — SentinelOne and Huntress with risk-classified actions and incident correlation
- PSA — Connect to popular ticketing systems
- MCP server — Connect Claude.ai, ChatGPT, Cursor, or any MCP-aware AI agent over OAuth 2.1
- AI chat on every page — Context-aware assistant that knows what you're looking at
- Tool-equipped agent — The AI doesn't just talk, it acts — querying devices, running diagnostics, executing remediations
- Risk-classified actions — Every AI action is validated against a risk engine before execution. Dangerous actions require human approval. Always.
- Bring your own key — Plug in your Anthropic API key and the brain works out of the box
- External AI agents via MCP — Or connect Claude.ai, ChatGPT, Cursor through the built-in MCP server with OAuth 2.1 + PKCE
🧠 LanternOps Brain — Want persistent memory, cross-tenant intelligence, automated playbooks, and compliance evidence generation? LanternOps is the managed AI brain for Breeze. Same RMM, smarter brain. Learn more →
Skip infrastructure entirely. Sign up at breezermm.com and have a fully managed Breeze instance in minutes.
Requires Docker and Docker Compose.
mkdir breeze && cd breeze
curl -fsSLO https://raw.githubusercontent.com/lanternops/breeze/main/docker-compose.yml
curl -fsSLO https://raw.githubusercontent.com/lanternops/breeze/main/.env.example
cp .env.example .env
# Edit .env — at minimum set these:
# BREEZE_DOMAIN your domain (or "localhost" for local testing)
# ACME_EMAIL email for Let's Encrypt certs
# JWT_SECRET openssl rand -base64 64
# AGENT_ENROLLMENT_SECRET openssl rand -hex 32
# APP_ENCRYPTION_KEY openssl rand -hex 32
# MFA_ENCRYPTION_KEY openssl rand -hex 32
# ENROLLMENT_KEY_PEPPER openssl rand -base64 32
# MFA_RECOVERY_CODE_PEPPER openssl rand -base64 32
# BREEZE_BOOTSTRAP_ADMIN_EMAIL your admin email, first boot only
# BREEZE_BOOTSTRAP_ADMIN_PASSWORD one-time value from `openssl rand -base64 32`
#
# BREEZE_VERSION ships pinned to a known-good release. Bump it to upgrade
# (see https://github.com/LanternOps/breeze/releases for the current version).
# Optional — for remote desktop (WebRTC TURN relay):
# TURN_HOST public IP of your TURN server
# TURN_SECRET openssl rand -hex 32
docker compose up -d
# To enable TURN for remote desktop across NATs/firewalls:
# docker compose --profile turn up -dBreeze will be running at https://your-domain (or https://localhost with a self-signed cert for local testing).
On first production boot against an empty database, Breeze creates the initial Partner Admin only from operator-provided BREEZE_BOOTSTRAP_ADMIN_EMAIL and BREEZE_BOOTSTRAP_ADMIN_PASSWORD values. If those values are missing, startup refuses to seed the empty production database. The password is never printed to logs. After you sign in and finish setup, remove those bootstrap values from .env.
For hardened production deploys (Cloudflare Tunnel, mandatory digest-pinned images, monitoring + logging), see docs/DEPLOY_PRODUCTION.md which uses deploy/docker-compose.prod.yml.
From your Breeze dashboard, navigate to Settings → Agents → Download to get the agent installer for your platform.
Or install directly:
# Build from source
cd agent
make build
# Binaries land in agent/bin/ — including breeze-agent, breeze-desktop-helper,
# breeze-watchdog, and breeze-backup.
# See docs/AGENT_INSTALLATION.md for enrollment instructions.- Go to Settings → AI Brain → BYOK
- Enter your Anthropic API key
- The AI assistant is now active on every page
Breeze ships with the Claude Agent SDK integrated and an MCP server you can point any AI agent at. The AI isn't a separate product or plugin — it's woven into the platform, and the same risk engine governs every action whether it comes from the in-product chat or from an external agent over MCP.
The AI brain has access to tools — the same capabilities you have in the dashboard. When you ask it to investigate an alert, it can query device details, check event logs, run diagnostic scripts, and propose remediations. When it decides to take an action, that action passes through the risk engine before execution.
You: "Why is ACME-WS05 running slow?"
Brain: I'll investigate. Let me check the device health.
→ [calls get_device_details]
→ [calls get_event_stream]
→ [calls run_script: Get-Process | Sort-Object CPU -Descending | Select -First 10]
ACME-WS05 has high CPU from Windows Update stuck in a retry loop.
KB5034441 failed with error 0x80070643 — the recovery partition
is too small. I can fix this by extending the partition and
retrying the update.
⚠️ This requires running a disk partition script (Risk: High).
Approve? [Yes] [Modify] [Deny]
Every action the AI can take is classified by risk level. This is enforced by the RMM, not the AI — the brain cannot bypass it.
| Risk Level | Behavior | Examples |
|---|---|---|
| Low | Auto-execute, logged | Query devices, read logs, generate reports |
| Medium | Execute + notify tech | Run read-only scripts, deploy pre-approved patches |
| High | Requires human approval | State-changing scripts, patches outside maintenance window |
| Critical | Blocked entirely | Wipe device, bulk destructive operations |
Risk policies are fully configurable per partner, organization, site, or device group.
| Capability | BYOK (Free) | LanternOps Brain |
|---|---|---|
| AI chat on every page | ✅ | ✅ |
| Tool-equipped agent | ✅ | ✅ |
| Risk-classified actions | ✅ | ✅ |
| Persistent memory | ❌ | ✅ |
| Cross-tenant intelligence | ❌ | ✅ |
| Automated playbooks | ❌ | ✅ |
| Proactive remediation | ❌ | ✅ |
| Compliance evidence | ❌ | ✅ |
| Client-facing reports | ❌ | ✅ |
| Escalation routing | ❌ | ✅ |
Partner (MSP) → Organization (Customer) → Site (Location) → Device Group → Device
Every entity in Breeze is scoped to this hierarchy. Permissions, policies, alerts, and AI risk classifications cascade down and can be overridden at any level.
| Layer | Technology |
|---|---|
| Frontend | Astro + React Islands |
| API | Hono (TypeScript) |
| Database | PostgreSQL with forced row-level security + Drizzle ORM |
| Queue | BullMQ + Redis |
| Agent | Go (cross-platform); native helper/viewer in Tauri (Rust) |
| Real-time | WebSocket + HTTP polling |
| Remote Access | WebRTC + coturn TURN relay |
| Reverse Proxy | Caddy with automatic Let's Encrypt |
| AI | Claude Agent SDK (Anthropic), MCP server with OAuth 2.1 |
The Brain Connector is the interface between the RMM and any AI brain (BYOK or LanternOps). It exposes RMM capabilities as Agent SDK tools and enforces risk classification on every action.
┌─────────────────────────────┐
│ AI Brain │
│ (BYOK local or LanternOps) │
│ │ │
│ Agent SDK │
│ "I need to check this │
│ device's patch status" │
│ │ │
│ calls get_patch_status() │
└─────────┬───────────────────┘
│
▼
┌─────────────────────────────┐
│ Brain Connector │
│ ┌───────────────────────┐ │
│ │ Risk Validator │ │
│ │ (always enforced) │ │
│ └───────────────────────┘ │
│ │ │
│ RMM Core │
│ (devices, agents, data) │
└─────────────────────────────┘
For detailed architecture documentation, see docs/architecture.md.
- Device inventory (hardware, software, network, security)
- Remote terminal, file browser, desktop, activity monitoring
- Remote scripting
- Patch management with maintenance windows + update rings
- Health checks & alerting
- Configuration policies (hierarchical with feature links)
- Advanced filtering
- AI chat with tool-equipped agent (BYOK)
- Risk-classified action engine
- Multi-tenant hierarchy
- macOS, Windows, and Linux agents
- Network discovery (ARP, ICMP, port, SNMP)
- Endpoint backup (snapshot, bare-metal recovery, Hyper-V, SQL Server)
- Cloud-to-cloud backup (M365)
- EDR integrations (SentinelOne, Huntress)
- MCP server with OAuth 2.1 for external AI agents
- Native viewer + helper desktop apps (macOS, Windows)
- Watchdog auto-restart and agent self-update
- Reports & client-facing exports
- CIS hardening checks and audit baselines
- Email verification + cross-tenant abuse controls
- LanternOps Brain connector (managed AI brain with cross-tenant intelligence)
- Playbook engine (executable workflow runtime)
- Approval workflow UI for high-risk AI actions
- Expanded compliance framework evaluations
- PSA integrations (ConnectWise, Autotask, HaloPSA)
- Documentation platform integrations (IT Glue, Hudu)
- Mobile app (iOS / Android) — alerts, approvals, on-call response
- SSO (SAML, OIDC) — implemented, awaiting field validation
- Cross-tenant intelligence
- Proactive remediation
- Marketplace for community playbooks
| Platform | Agent Status | Notes |
|---|---|---|
| macOS | ✅ Working | Primary development platform; native helper + viewer |
| Windows | ✅ Working | Full feature parity with macOS; signed MSI installer + Watchdog service |
| Linux | ✅ Working | Daemon + service install via systemd; remote desktop and discovery require root |
Breeze is built by MSPs, for MSPs. Contributions are welcome.
# Clone the repo
git clone https://github.com/lanternops/breeze.git
cd breeze
# Install dependencies
pnpm install
# Apply database migrations
pnpm db:migrate
# Start the dev server (API + web + helper)
pnpm dev
# Build the Go agent
cd agent
make build # outputs to agent/bin/- Bug reports — Found something broken? Open an issue.
- Feature requests — Have an idea? Start a discussion.
- Code — Pick up an issue, submit a PR. See CONTRIBUTING.md for guidelines.
- Agent testing — Run the agent on Windows/Linux and report what works and what doesn't.
- Playbooks — Share your remediation workflows so others can use them.
- Documentation — Help us make the docs better.
- Discord — Chat with the team and other MSPs
- GitHub Discussions — Feature requests and ideas
- Twitter/X — Updates and announcements
Is this really free? Yes. Breeze is AGPL-3.0 licensed. Self-host it, use it in production, manage as many endpoints as you want. Free forever.
What's the catch? No catch. The business model is LanternOps — a managed AI brain that connects to Breeze and adds persistent memory, cross-tenant intelligence, automated playbooks, and compliance evidence. Breeze is great on its own. LanternOps makes it autonomous.
How is this different from Tactical RMM? Tactical RMM is a solid project. Breeze is AI-native — the agent SDK and tool system are core to the architecture, not an integration. We also have built-in remote access (WebRTC), a modern frontend (Astro + React), and a multi-tenant hierarchy designed for MSPs from day one.
Can I use this for my internal IT team (not an MSP)? Absolutely. The multi-tenant hierarchy works for internal IT too — just use Organizations as departments or offices.
What AI models are supported? For the in-product AI chat, Breeze uses the Claude Agent SDK (Anthropic). BYOK mode requires an Anthropic API key. We chose Claude for its tool-use capabilities and reasoning quality. Separately, Breeze runs a built-in MCP server with OAuth 2.1 + PKCE, so you can connect Claude.ai, ChatGPT, Cursor, or any other MCP-compatible AI agent — using whichever model that platform runs. We're open to community contributions for additional in-product model providers.
Is there an agent auto-update?
Yes. The Breeze agent has a built-in updater that pulls signed release artifacts and self-installs across macOS, Windows, and Linux. The Watchdog service supervises the agent process and restarts it on failure. Production deployments verify Ed25519-signed release manifests via RELEASE_ARTIFACT_MANIFEST_PUBLIC_KEYS.
Is my data safe? Self-hosted: your data never leaves your infrastructure. Cloud-hosted: data is isolated per partner with strict tenant separation. See our Security Practices for the full security whitepaper, including SOC 2 alignment mapping, encryption standards, and audit controls.
Breeze is licensed under AGPL-3.0.
You can use, modify, and self-host Breeze freely. If you modify Breeze and offer it as a service, you must open source your modifications under the same license.
Built by LanternOps