builder
agent
Uyari
Health Uyari
- License — License: AGPL-3.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Uyari
- process.env — Environment variable access in docs/scripts/astro-loader-migration.test.mjs
Permissions Gecti
- Permissions — No dangerous permissions requested
Purpose
This is a highly opinionated terminal-based coding agent built in Go, designed for professional software engineers. It acts as an interactive CLI assistant that executes shell commands, applies code patches, and reads local files or images to help automate development workflows.
Security Assessment
The overall risk is rated as Medium. By design, this tool inherently requires the ability to execute shell commands and interact with the local file system. This poses a significant security consideration if the AI model is directed to run untrusted or destructive commands. Additionally, it requires network requests to function, specifically communicating with external APIs like OpenAI or Codex using user-provided keys. The automated rule scan did not flag any hardcoded secrets or dangerous permission requests. However, a test file was flagged for accessing environment variables, which is standard practice for securely loading API keys. A notable architectural choice is the explicit lack of sandboxing, meaning the agent has direct, unmitigated access to your system.
Quality Assessment
The project is actively maintained, with its most recent push happening today. It uses the AGPL-3.0 open-source license and provides clear documentation and quickstart guides. However, community trust and visibility are exceptionally low right now. With only 5 GitHub stars, the tool has not yet undergone widespread peer review or testing by the broader developer community.
Verdict
Use with caution—while the code appears fundamentally sound and actively maintained, the lack of community vetting and the tool's direct, unsandboxed shell execution capabilities mean you should strictly monitor its operations on your machine.
This is a highly opinionated terminal-based coding agent built in Go, designed for professional software engineers. It acts as an interactive CLI assistant that executes shell commands, applies code patches, and reads local files or images to help automate development workflows.
Security Assessment
The overall risk is rated as Medium. By design, this tool inherently requires the ability to execute shell commands and interact with the local file system. This poses a significant security consideration if the AI model is directed to run untrusted or destructive commands. Additionally, it requires network requests to function, specifically communicating with external APIs like OpenAI or Codex using user-provided keys. The automated rule scan did not flag any hardcoded secrets or dangerous permission requests. However, a test file was flagged for accessing environment variables, which is standard practice for securely loading API keys. A notable architectural choice is the explicit lack of sandboxing, meaning the agent has direct, unmitigated access to your system.
Quality Assessment
The project is actively maintained, with its most recent push happening today. It uses the AGPL-3.0 open-source license and provides clear documentation and quickstart guides. However, community trust and visibility are exceptionally low right now. With only 5 GitHub stars, the tool has not yet undergone widespread peer review or testing by the broader developer community.
Verdict
Use with caution—while the code appears fundamentally sound and actively maintained, the lack of community vetting and the tool's direct, unsandboxed shell execution capabilities mean you should strictly monitor its operations on your machine.
CLI Coding Agent for professional Agentic Engineers focusing on output quality. Self-review, supervision, senior-style, efficient and fast.
README.md
Builder is a highly opinionated terminal coding agent for professional Agentic Engineers, focusing on output quality.
Get started
Everything you need is in the Quicktart Guide - start there.
Features:
- Agentic loop with
shell,ask_question,patchtools. - Native local image/PDF attachment tool (
view_image) for path-based multimodal reading. - Explicit clipboard screenshot paste hotkeys (
Ctrl+V,Ctrl+D) that insert temp image paths into the prompt. - Support for Codex login and OpenAI api keys.
- Compaction, including auto, using native Codex/OpenAI endpoints, or our own custom prompt.
- Compact UI mode for ongoing work, and detailed mode to review thinking, tool calls, prompts, summaries.
- Queueing messages, steering the model (Tab to queue, Enter to steer)
- Asking interactive questions
- Terminal and system notifications for asks/approvals and turn completion
- Config file with model selection, tool config, compact threshold, timeouts.
- Local and global
AGENTS.mdsupport - Session and history persistence and resumption
- Markdown rendering
- Saved prompts
- Syntax highlighting
- Native Web search (for now only OpenAI)
- Calling shell directly via
$ - Premade prompts for review, compaction, init.
- Esc-esc-style editing of messages and history rewrites
- Agent skills support
- Background shells, which enable subagents via headless mode:
builder run - Model verbosity for openai models
- Native terminal scrollback, selection, copy-paste
-
/fastmode - Native code review
What will likely never be implemented
These features are controversial or questionable for model performance, and usually have a better replacement.
Here is where this project has to be highly opinionated:
- Native subagent orchestration inside one process; use separate headless Builder instances instead.
- Supported path:
builder run "..."for tmux/background subagent workflows. Agent already does this on its own.
- Supported path:
- Plan mode - the model has native plan capabilities and can always ask questions, rest is just eye candy.
- MCPs - mcps are net negative on model performance, pollute context, and can be replaced with CLI scripts
- Extra UI candy tool calls. Less tools, less burden on the model.
- On the fly changing of toolsets or models. Changing models at runtime hurts model performance and invalidates caches.
- Microcompaction - this invalidates caches and drives costs up with marginal benefits
- Sandboxing - Codex's sandbox is annoying, doesn't work with many tools (gradle, java etc), junie's sandbox can be bypassed, claude code's sandbox is brittle and can also be bypassed. Frontier models are not so stupid anymore and are trained not to destroy your PC.
- WebFetch tool or similar. Just use jina.ai to fetch urls.
- Fancy summaries, UI, minimal mode, features for "vibe coding". The philosophy is to build something for professionals (agentic engineers)
- Anthropic, Gemini, Antigravity subscription usage. Not until that becomes legal.
License
Builder is licensed under AGPL-3.0-only. See LICENSE.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi