Skillget

skelm

mcp
Guvenlik Denetimi
Uyari
Health Uyari
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 6 GitHub stars
Code Gecti
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This tool is a TypeScript framework for building secure, long-running workflows that mix deterministic code with LLM agent loops. It allows developers to author, schedule, and run agentic pipelines with a strict default-deny permission model.

Security Assessment
Overall Risk: Low. The framework is designed around a secure "default-deny" execution model, meaning agents must be explicitly granted permissions. It does allow developers to configure shell execution, network requests, and filesystem access within their pipelines (e.g., fetching from an API or running standard I/O commands). However, a light code scan found no hardcoded secrets, dangerous hidden patterns, or overly broad permissions requested by the tool itself. You remain in full control of what the agents can access.

Quality Assessment
The project is licensed under the standard MIT license and the repository appears to be actively maintained, with recent updates pushed today. However, community visibility is currently very low. It only has 6 GitHub stars, indicating minimal external testing or widespread community adoption. Furthermore, the documentation explicitly notes that the project is in "early development" and that APIs are unstable until version 1.0.

Verdict
Use with caution—it appears secure and well-architected, but its early development stage and low community adoption make it risky for production environments.
SUMMARY

skelm — open-source framework for secure, agentic, long-running workflows. Authoring, scheduling, and operating typed pipelines that mix deterministic code, LLM inference, and agent loops under default-deny permissions.

README.md

skelm

Build secure, agentic, long-running workflows in TypeScript. Run them anywhere Node runs.

Default-deny permissions · Multi-backend agents (ACP, Opencode, Pi, OpenAI, Anthropic) · MCP-native · Self-hosted gateway · MIT

npm version License GitHub stars

skelm is a TypeScript framework for authoring, running, and operating workflows — typed orchestrations that mix deterministic code, LLM inference, and full agent loops behind a single, secure, default-deny execution model. Every workflow is schedulable: fire one once, schedule it on cron, register a webhook, or let it run continuously inside a long-lived gateway service.

Status: early development. APIs are unstable until v1. Star the repo, open issues, contribute fixes — feedback now is the most valuable feedback.

Quick Start

npm install -g skelm
skelm init my-bot && cd my-bot
skelm run workflows/hello.workflow.ts

skelm init scaffolds a working project with one example workflow, an AGENTS.md agent definition, a SKILL.md skill package, and a skelm.config.ts with sensible default-deny permissions.

A workflow is a TypeScript module:

import { pipeline, code, agent } from 'skelm'
import { z } from 'zod'

export default pipeline({
  id: 'triage-issue',
  input:  z.object({ repo: z.string(), issueNumber: z.number() }),
  output: z.object({ label: z.string(), reasoning: z.string() }),
  steps: [
    code({
      id: 'fetch',
      run: async (ctx) => {
        const res = await fetch(`https://api.github.com/repos/${ctx.input.repo}/issues/${ctx.input.issueNumber}`)
        return await res.json()
      },
    }),
    agent({
      id: 'classify',
      backend: 'anthropic',
      agentDef: './agents/triager',
      skills:  ['github-readonly'],
      mcp:     [{ id: 'gh', transport: 'stdio', command: 'mcp-github' }],
      permissions: {
        allowedTools:      ['gh.add_label'],
        allowedMcpServers: ['gh'],
        allowedSkills:     ['github-readonly'],
        networkEgress:     { allowHosts: ['api.github.com'] },
        fsRead:            ['./'],
        fsWrite:           [],
      },
      prompt: (ctx) => `Triage this issue:\n${JSON.stringify(ctx.steps.fetch)}`,
      output: z.object({ label: z.enum(['bug','feature','duplicate']), reasoning: z.string() }),
      maxTurns: 8,
    }),
  ],
})

# Run it once
skelm run workflows/triage-issue.workflow.ts --input '{"repo":"acme/x","issueNumber":42}'

# Or schedule it via webhook
skelm schedule add workflows/triage-issue.workflow.ts --webhook /webhooks/issue-events

# Stand up the long-running gateway
skelm gateway start

Why skelm?

If you have built any of the following with hand-rolled scripts, you have felt skelm-shaped pain:

  • A coding assistant reachable on chat that opens PRs in a persistent repo workspace.
  • A queue worker that watches Jira and tries to ship the ticket.
  • An email-triage agent that classifies, summarizes, and journals decisions you can audit.
  • A nightly digest that fans out, enriches with an LLM, and posts to Slack.
  • An HTTP endpoint that runs a typed workflow with three deterministic steps and one LLM call.

skelm gives you one substrate for all five.

What you get
TypeScript-native Workflows are real .ts modules — refactor, test, type-check, version like any other code
Default-deny security Every agent step declares allowed tools, executables, MCP servers, network egress, and fs roots
Multi-backend agents Opencode, ACP (Copilot, Claude Code, Gemini), OpenAI, Anthropic, Pi — provider SPI for custom ones
MCP-native Model Context Protocol servers are first-class registry citizens, lifecycle-managed by the gateway
Three step kinds code(), llm(), agent() — none is a wrapper around another
Native control flow parallel, forEach, branch, loop, wait, nested pipelineStep are core
Scheduler-native Every run is a schedule — immediate, cron, interval, webhook, poll, or queue
Per-agent workspaces Each agent step gets its own filesystem root, persistent or ephemeral, locked against corruption
Persistent state Typed KV store, append-only decision journals, idempotency primitives
Tamper-evident audit Single-writer, hash-chained log, separate from run history
Long-running gateway Hosts workflows over HTTP + SSE, drives the scheduler, owns the trust boundary
Local-first SQLite by default; Postgres + vault drivers for production. No managed cloud, no telemetry
Markdown agent defs AGENTS.md for role, SOUL.md for persona, SKILL.md for capabilities — reviewable in PRs

Three tenets, in this order

  1. Security. Default-deny everywhere. A backend that cannot enforce a declared permission fails at step start instead of bypassing it. The gateway is the single trust boundary; nothing privileged happens outside it.
  2. Maintenance. A small core, a narrow public surface, no DSL. Workflows are TypeScript modules.
  3. Robustness. Typed context end-to-end. Explicit error semantics. Deterministic event log. Durable wait/resume. Persistent state and per-agent workspaces that survive restarts.

These outrank everything else. We will ship a smaller framework that is secure, maintainable, and robust before we ship a larger one that is not.

How it compares

skelm LangChain CrewAI n8n
Workflow format TypeScript modules Python code Python code JSON
Default-deny permissions ✅ Structural — part of the API Plugin
Per-agent workspaces ✅ Locked, persistent or ephemeral
Tamper-evident audit log ✅ Hash-chained
Long-running gateway ✅ HTTP + SSE + scheduler Self-build Self-build
Multi-backend agents ✅ ACP + SDK + provider SPI Plugin
MCP-native ✅ Lifecycle-managed Adapter Adapter
Self-hosted
Telemetry None Opt-out Opt-out Varies
License MIT MIT MIT Sustainable Use

Packages

Package Description
skelm Meta-package — install this. Re-exports @skelm/core + ships the bin
@skelm/core Runtime, types, builders, permission model, event bus
@skelm/cli CLI primitives — parser, commands, programmatic entry point
@skelm/gateway Long-running orchestrator: HTTP, registries, audit, agent lifecycle
@skelm/scheduler Cron / interval / webhook / poll / queue triggers
@skelm/integrations Typed connectors for GitHub, Slack, and friends
@skelm/opencode Opencode coding-agent backend with full permission enforcement
@skelm/pi Pi coding-agent backend with full permission enforcement
@skelm/metrics Prometheus-format metrics for skelm event streams
@skelm/otel OpenTelemetry tracing for skelm event streams

Documentation

Customer-facing docs live under docs/ — quickstart, full CLI/API/HTTP reference, deployment guides, recipes for common workflow shapes.

Roadmap

  • M1 — Core runtime + CLI. Workflow authoring, three step kinds, three in-tree backends (copilot-acp, openai, anthropic), full permission enforcement, SQLite run store.
  • M2 — Control flow + workspaces + state. parallel/forEach/branch/loop/wait, per-agent workspaces, persistent KV state, agent definition markdown loader, introspection commands.
  • M3 — Gateway, audit, scheduler, debug. Long-running gateway service, HTTP + SSE, audit log, secrets driver, scheduler with cron/interval/webhook/poll/queue triggers, systemd user unit installer, debug breakpoints.
  • M4 — Integrations + multi-backend support + Postgres. Curated @skelm/integrations, OAuth setup, OpenAI-compatible HTTP surface, additional agent backends, cost/quality routing, Postgres run store, vault secrets, distributed dedupe.

Community

The framework dogfoods itself: skelm's own pre-merge review and unit-test generation run as skelm workflows under pipelines/internal/. Reading those is a good way to learn the API and see how the security tenet works in practice.

Author

Scott Glover — [email protected]

License

MIT. Copyright © Scott Glover.

If you build something interesting on skelm, we want to hear about it — open an issue with the showcase label.

Yorumlar (0)

Sonuc bulunamadi