agent-harness
mcp
Basarisiz
Health Uyari
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Basarisiz
- rm -rf — Recursive force deletion command in scripts/install-termux.sh
- rm -rf — Recursive force deletion command in scripts/install.sh
Permissions Gecti
- Permissions — No dangerous permissions requested
Purpose
This tool provides a terminal-based UI harness for building and running AI coding agents. It manages LLM interactions, session state, and command execution through a streamlined, interactive Go application.
Security Assessment
Risk: Medium. The tool acts as an agent harness, meaning it executes shell commands and makes network requests to LLM APIs (OpenRouter and Anthropic) by design. It handles sensitive data, specifically API keys, but mitigates this by storing credentials locally using AES-256-GCM encryption. No dangerous system permissions or hardcoded secrets were detected. However, there are two significant security concerns. First, the installation scripts (`install.sh` and `install-termux.sh`) use `rm -rf` force deletion commands, which is a common risk vector in piped bash scripts. Second, the README explicitly instructs users to download and execute these scripts directly from the internet via `curl | bash`, bypassing manual code review.
Quality Assessment
This is a very new and early-stage project with low community visibility (5 GitHub stars). Development is highly active, with repository updates as recent as today. The code is written in Go, providing a solid compiled foundation, and the project features a clean, well-documented architecture. Although the README claims an MIT license, the automated audit failed to find a formal license file in the repository, which presents a minor legal/compliance grey area for enterprise use.
Verdict
Use with caution. The underlying application is built with good security practices (encrypted storage, command approvals), but you should bypass the `curl | bash` install methods and use the manual `go install` command until the project matures and the scripts are fully audited.
This tool provides a terminal-based UI harness for building and running AI coding agents. It manages LLM interactions, session state, and command execution through a streamlined, interactive Go application.
Security Assessment
Risk: Medium. The tool acts as an agent harness, meaning it executes shell commands and makes network requests to LLM APIs (OpenRouter and Anthropic) by design. It handles sensitive data, specifically API keys, but mitigates this by storing credentials locally using AES-256-GCM encryption. No dangerous system permissions or hardcoded secrets were detected. However, there are two significant security concerns. First, the installation scripts (`install.sh` and `install-termux.sh`) use `rm -rf` force deletion commands, which is a common risk vector in piped bash scripts. Second, the README explicitly instructs users to download and execute these scripts directly from the internet via `curl | bash`, bypassing manual code review.
Quality Assessment
This is a very new and early-stage project with low community visibility (5 GitHub stars). Development is highly active, with repository updates as recent as today. The code is written in Go, providing a solid compiled foundation, and the project features a clean, well-documented architecture. Although the README claims an MIT license, the automated audit failed to find a formal license file in the repository, which presents a minor legal/compliance grey area for enterprise use.
Verdict
Use with caution. The underlying application is built with good security practices (encrypted storage, command approvals), but you should bypass the `curl | bash` install methods and use the manual `go install` command until the project matures and the scripts are fully audited.
A clean-room Go implementation of agentic coding harness patterns, derived from analyzing production AI agent architectures. Built for learning, extending, and teaching how to build coding agents like Claude Code, OpenCode, and Gemini CLI. Supports OpenRouter and Anthropic out of the box.
README.md
agent-harness
A clean-room, pattern-derived agent harness for building coding agents.
Note: This project is in early development. We are iterating fast. Best used in Coder, DevPod, or GitHub Codespaces for a consistent environment.
Purpose
agent-harness captures architectural patterns from production agentic coding tools:
- Core agent loop with streaming responses
- Tool dispatch with permission controls
- Two execution modes: interactive (prompt for each command) and yolo (auto-approve with visibility)
- Secure credential storage with AES-256-GCM encryption
- Session management with auto-save
- Layered configuration (user / project / local)
- Slash command system
Quick Start
Installation
Linux/macOS:
curl -fsSL https://raw.githubusercontent.com/BA-CalderonMorales/agent-harness/main/scripts/install.sh | bash
Termux (Android):
curl -fsSL https://raw.githubusercontent.com/BA-CalderonMorales/agent-harness/main/scripts/install-termux.sh | bash
Manual:
go install github.com/BA-CalderonMorales/agent-harness/cmd/agent-harness@latest
Usage
# Start the TUI
agent-harness
# Or use the short alias (after setup)
ah
Key Controls:
Tab/Shift+Tab- Switch views (Chat, Sessions, Settings)ESC- Cancel current agent execution or exit mode?- Show help (in normal mode)/- Open command palette (when input is empty)Ctrl+C- Quit
Execution Modes:
- Interactive (default) - Prompts you before executing shell/write/edit commands
- Yolo - Auto-approves commands but shows what is happening in the UI
Switch modes in Settings or with /mode commands.
Architecture
cmd/agent-harness/ # CLI entrypoint
internal/
agent/ # Core loop + streaming executor
approval/ # Command approval system
commands/ # Slash command registry
config/ # Layered config + secure storage
llm/ # LLM client abstraction
permissions/ # Permission stack
state/ # Session management
tools/ # Tool descriptor + registry
tui/ # Terminal UI (Bubble Tea)
pkg/
bash/ # Shell execution
git/ # Git operations
Documentation
- Architecture - Pattern implementations
- Command Approval - How the approval system works
- Edge Cases - Non-obvious behaviors
Building from Source
go build -o agent-harness ./cmd/agent-harness
License
MIT
Acknowledgments
This project is inspired by the architectural patterns found in terminal-jarvis.
The TUI design patterns are inspired by golazo by Juan Manuel.
Additional TUI inspiration from the awesome-tuis collection.
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi