aegis-harness 0.14.0

A multi-agent meta-harness for coding agents — drives Claude Code, Gemini CLI, and OpenCode in one calm full-screen TUI.

Aegis

The programmable multi-agent meta-harness.

Drives Claude Code, Gemini CLI, and OpenCode in one terminal, gives them six primitives for working together, and lets you orchestrate them with deterministic Python workflows and scheduled jobs.

┌ aegis · 3 agents · ~/code/aegis ─────────────────────────────────────┐
│ ● 1 lucid-knuth ·opus·   ● 2 wry-hopper ·gemini·   ● 3 brisk-curie * │
│                                                                       │
│ › explain the retry path in worker.py                                 │
│                                                                       │
│ ⠹ Thinking… (3.2s)                                                    │
│ ⏺ Read(worker.py)                                                     │
│   └ ok                                                                 │
│ The retry path lives in _run_turn at line 142 …                       │
│                                                                       │
│ ⏺ aegis_handoff(target=wry-hopper)                                    │
│   └ delivered to wry-hopper                                           │
│                                                                       │
│ queues: tests ●1/2 ○0 ✓3 ✗0    last: brisk-curie                      │
│ lucid-knuth ·opus· opus·full   ↑128k (94% cached) ↓1k                 │
│ ───────────────────────────────────────────────────────────────────── │
│ › ask something…                                                      │
└───────────────────────────────────────────────────────────────────────┘

What aegis is

Meta-harness. Most agentic frameworks (CrewAI, LangGraph, AutoGen, the long list) talk directly to LLM providers — they replace your coding agent and reimplement tool use, permissions, sandboxing, terminal integration. Aegis sits above your existing coding agents and drives them over their structured protocols — stream-json for Claude Code, the Agent Client Protocol (ACP) for Gemini CLI and OpenCode, with a clean driver seam for whatever lands next. The harness keeps owning tool use, model selection, MCP hosting, sandboxing. Aegis owns the layer above — tabs, routing, delegation, persistence — the things a single-conversation CLI was never built to do.

Multi-agent. Six composable coordination primitives, all wired into one MCP plane every spawned agent sees. Inbox for fire-and-forget context handoff. Queue for spawn-a-worker-on- demand dispatch. Canvas for shared markdown blackboards. Terminal for live shared PTYs. Groups for broadcast-and- gather across a committee. Workflow for deterministic Python orchestration. Mix providers freely — a Claude tab hands off to a Gemini tab; an OpenCode worker drops its result in your inbox; three agents co-author a canvas; a workflow drives all of them in lockstep.

Programmable. The substrate is scriptable from the outside and the inside. Outside: @workflow-decorated Python functions that compose the six primitives into deterministic procedures (TDD loops, branch reviews, spec-to-plan-to-implementation pipelines), cron- scheduled or invoked on demand. Inside: spawned agents can mutate .aegis.yaml themselves through MCP — declare a new specialised agent profile, register a queue, drop a plugin dir, and dispatch work to it in the same session, no restart. The substrate extends from inside.

Six primitives for agent coordination

— the multi-agent pillar.

Each primitive has one verb and lands the same way in the receiving agent's transcript: as a ✉ block with a sender tag, timestamp, and a short body preview. One delivery channel, six wake patterns.

→ Inbox — send context to a peer

Any agent can hand off to any other live agent. Fire-and-forget; the recipient gets a normal user-message turn tagged with the sender's handle. Use when you want a specific peer to pick up where you left off.

aegis_handoff(target_handle="reviewer", from_handle="impl",
              context="PR ready at branch feat/x — please review")
# → reviewer's transcript:
#   ✉ from agent:impl · 17:42:03Z
#     PR ready at branch feat/x — please review

⏳ Queue — spawn a worker on demand

Enqueue a task to a named queue and the substrate spawns a fresh agent of the queue's configured profile, runs the payload as its opening turn, and (with callback=true) delivers the worker's final result back to your inbox. Producer keeps working between enqueue and callback. Generalizes delegation: parallelism, max-in-flight caps, restart safety, all built in.

aegis_enqueue(queue="review", payload="…full self-contained prompt…",
              from_handle="impl", callback=True)
# → {task_id: 01HK…, queued_position: 1}
# …minutes later, in impl's transcript:
#   ✉ from queue:review · task#01HK… · ok · 17:46:11Z
#     PR looks clean. Two nits flagged in the diff comments…

▦ Canvas — collaborate on a shared document

Open a shared markdown file. Multiple agents read it, write sections of it, subscribe to it. Each write wakes every other subscriber with a diff-aware notification. The classical blackboard pattern — terminal- native, MCP-driven, file-backed (you can grep it, commit it, open it in your editor).

# PM
aegis_canvas_open(name="report-q3", file="vault/reports/q3.md",
                  from_handle="pm")
aegis_canvas_subscribe(name="report-q3", from_handle="pm")

# Researcher (in another tab, after a handoff)
aegis_canvas_write_section(name="report-q3", section="data",
                           content="Q3 numbers came in stronger…",
                           from_handle="researcher")
# → PM's transcript:
#   ✉ from canvas:report-q3 · 20:30:00Z
#     section "data" · written by agent:researcher (+18 / -3 lines)
#     ──
#     Q3 numbers came in stronger than projected…

▮ Terminal — share a live shell

Spawn a PTY-backed shell that any agent (or Alex) can run commands on, send raw keystrokes to, and subscribe to. Command boundaries are detected from OSC 133 shell-integration markers; every finalized command lands in an append-only JSONL ledger and wakes subscribers through the same ✉ channel.

# PM
aegis_term_spawn(name="build", from_handle="pm")
aegis_term_subscribe(name="build", from_handle="pm")

# builder (after a handoff)
rec = aegis_term_run(name="build", cmd="pytest -q",
                     from_handle="builder")
# → PM's transcript:
#   ✉ from term:build · 14:03:25Z
#     $ pytest -q  · run by agent:builder
#     exit 0 · 4.20s
#     ──
#     6 passed in 4.18s

▣ Groups — broadcast and gather

Form a named committee of agents that share one inbox-fanout channel and one in-flight broadcast slot. Send one structured four-field question — objective, output_format, tool_guidance, boundaries — collect N parallel answers, reduce them into a single result. Use when the same question has multiple useful perspectives, or when you want to race providers and keep the fastest.

# spawn three reviewers with different lenses
aegis_group_spawn_mixed(name="audit", from_handle="pm",
    profiles=["sec_reviewer", "style_reviewer", "logic_reviewer"])

aegis_group_broadcast(name="audit",
    objective="audit PR #214 (branch feat/rate-limit)",
    output_format="bullet list, each item severity-tagged (high/med/low)",
    tool_guidance="prefer Read + Grep; avoid Bash and Edit",
    boundaries="report only — no patches, no commits")

# collect every reply, keyed by reviewer
result = aegis_group_wait_all(name="audit",
                              timeout=300,
                              reducer="join_by_handle")
# → result.reduced = {"sec_reviewer": "…", "style_reviewer": "…",
#                     "logic_reviewer": "…"}

Switching to aegis_group_wait_any returns on the first reply and (by default) sends a passive cancel envelope to the losers — useful when the cheapest acceptable answer wins. Built-in reducers: concat, join_by_handle, last_wins, majority_vote; custom reducers register one function. Groups also have YAML presets in .aegis.yaml (groups.presets.<name>.profiles: […]) and a dedicated TUI tab with Members / Current broadcast / Recent broadcasts panels.

Reach for it when: multi-lens code audit, fastest-answer racing, cross-provider consensus, generate-and-pick (N candidates → one), role-persona panels (PM / eng / UX react to the same proposal). Full walk-through in docs/groups.md.

⟳ Workflow — deterministic Python orchestration

When the dance has to be reliable — TDD loops, bug triage, multi-step plans, anything where retries with feedback matter — wrap it in a workflow. Plain Python at the top of the stack. Calls agents, runs bash predicates, retries with feedback, captures structured output.

@workflow("tdd-cycle")
async def tdd_cycle(engine, *, feature: str) -> str:
    impl = await engine.spawn("implementer")
    await engine.send(impl, f"Write a failing test for: {feature}")
    await engine.bash_predicate(
        f"pytest tests/ -k {feature} 2>&1 | grep -E 'FAIL|ERROR'",
        retry_with="The test should fail because the feature isn't built yet")
    await engine.send(impl, "Now implement it.")
    await engine.bash_predicate(
        f"pytest tests/ -k {feature}",
        retry_with="Tests are still failing. Output:\n{stdout}")
    reviewer = await engine.spawn("reviewer")
    return await engine.send(reviewer, "Final review of branch.")

Triggered by any agent: aegis_run_workflow(name="tdd-cycle", kwargs={"feature": "rate_limit"}). Workflows sit at the top of the stack — they span agents, they own the loop, they're the right tool when the spec is "follow this exact procedure" rather than "figure it out."

The aegis.workflows package ships four seed workflows registered on import: brainstorm_to_spec (Q/A → spec doc), execute_plan (parse plan → dispatch implementer per task with durable resume), review_branch (parallel reviewer fan-out → report), and tdd_cycle (predicate-driven TDD loop). See docs/workflows.md.

What else is in the box

• Multi-tab TUI. Generated alliterating handles (lucid-knuth, wry-hopper) for agents, purpose names (build, db) for terminals. State dots, sticky *, terminal bell when a backgrounded agent finishes. Click any block to copy it.
• Honest metrics. True input (incl. cache) with cached %, output, tool calls, per-turn and per-session wall-clock. Provisional while streaming, exact at turn end. Live ctx Nk (P%) segment shows the current turn's true input against the model's context window — Opus 4.x at 1M, Sonnet/Haiku at 200k, Gemini at 1M. No log scraping anywhere.
• Queue dashboard. Always-on one-line strip above the status bar shows live per-queue depth and the most recent in-flight worker. Ctrl+D expands into a full-screen modal with QUEUES / IN-FLIGHT / QUEUED / RECENT bands and a live assistant-text tail.
• File viewer + picker. Ctrl+O opens a fuzzy file picker (typeahead, keyboard nav, top-match preselected) over a background watchdog index; pick a file and it lands in a FileTab — syntax-highlighted read-only view by default, e toggles edit mode, Ctrl+S saves, Escape with unsaved edits prompts to discard. Agents can drop you into the same view via the aegis_view_file MCP tool, and Ctrl+click on a backtick-wrapped filename in any agent response opens it directly.
• Config panel. F2 opens the live .aegis.yaml editor inside the TUI — see agents/queues/telegram at a glance, add an agent through a validated modal. Same edit helpers back the scriptable aegis config CLI verbs and a parallel MCP surface (aegis_config_add_agent, …_add_queue, …_add_plugin_dir, …_set_schedule_enabled, plus removes and reads), so agents can extend the substrate from inside — declare a queue and enqueue to it within one session, no restart. Panel, CLI, and MCP all route through the same comment-preserving atomic-write path.
• Session persistence. aegis reopens the last workspace by default — agent tabs, terminal tabs, profiles, order, with each underlying session genuinely resumed (model memory intact). aegis --clean opts out.
• Workflow catalog. aegis.workflows ships four ready-to-use seeds (brainstorm_to_spec, execute_plan, review_branch, tdd_cycle); importing them registers. Engine offers ask_human, explicit checkpoint + durable resume, bash_predicate retry loops, and parallel fan-out.
• Headless + Telegram. aegis serve runs the SessionManager + MCP plane without a TUI. Add a Telegram token to drive the team from your phone.
• MCP plane. Every spawned agent is injected with the aegis MCP server: orientation (aegis_meta), session listing, handoff, queue dispatch, canvas ops, terminal ops, group broadcast/gather, workflow invocation. One consistent surface across providers. With --strict-mcp-config, aegis is the only MCP server the spawned agent sees.

Remote plane — cross-machine handoff

aegis serve can expose a second HTTP plane — distinct from the loopback MCP plane, bound wherever you want it reachable — that other aegis serve instances POST into. One agent on one machine can hand a long task off to another without leaving the substrate:

aegis_enqueue(
    queue="implementation",
    payload="Implement the design at <path> with TDD…",
    from_handle="lucid-knuth",
    target="builder",           # ← new — routes to a remote aegis
)
# → {task_id: "01J…", target: "builder",
#    callback_note: "no wire return channel in v1; completion behavior
#                    is whatever the receiving serve is configured to do"}

Configuration lives in .aegis.yaml. Outbound — the peers this serve can call:

remotes:
  builder:
    url: http://100.64.0.5:8556
    # token: "<optional bearer>"

Inbound — opt-in receive side; default off:

remote_plane:
  bind: 100.64.0.5:8556         # the address to listen on
  accept_tokens: []             # optional bearer-token allowlist
  accept_from: []               # optional source-IP allowlist

Bind the plane wherever it should be reachable from, and only from — typically a private overlay network (Tailscale/Headscale/WireGuard/ VPN) so the network itself is the trust anchor. Bearer-token and source-IP gates compose with AND on top. By default the call is fire-and-forget: the receiving serve runs the worker under its own config and whatever it does on completion (commit and push, message through its own bridge, write to a shared folder, nothing) is up to it.

Since v0.8.0, aegis_enqueue(target=…, callback=True) opts in to a wire callback that delivers the remote worker's final message back to the originating agent's inbox as a normal ✉ from queue:<peer>:<name> envelope (symmetric peers config required — both sides define each other in remotes:). A small /remote/v1/schedule/* control plane (with aegis_schedule_* MCP tools and aegis schedule push --to <peer> / --remote <peer> CLI verbs) lets one serve push schedules into a peer and inspect or remove them remotely — useful for self-scheduling future work or managing a fleet from one host. Full surface, error model, and patterns in docs/remote.md.

Per-queue budgets

— the programmable pillar.

Declare rolling USD or output-token ceilings on any queue. The substrate enforces them at enqueue time — if admitting the task would push the queue over any configured ceiling, the enqueue is rejected immediately with a structured error that names the blocking constraint and gives an ETA for when the queue will unblock.

# .aegis.py
queues = {
    "impl": {
        "agent": "opus",
        "max_parallel": 2,
        "budgets": [
            {"usd": 1.00,             "window": "1h"},
            {"usd": 10.00,            "window": "24h"},
            {"output_tokens": 500000, "window": "1h"},   # runaway belt
            {"usd": 50.00,            "window": "7d"},
        ],
    },
    "fast": {
        "agent": "haiku-fast",
        "max_parallel": 4,
        # no budgets: key → no caps; behaves as before
    },
}

All-must-allow: a task is admitted only if every budget entry is under its ceiling. When rejected, the error names every blocking constraint, how much was spent vs the limit, and an unblock_at ETA.

Budget state is visible via aegis budget list/show (with --remote <peer> for cross-host), the aegis_budget_status MCP tool, and the read-only GET /remote/v1/budget endpoints on the remote plane. No alerts — observability is pull-only; the rejection at enqueue time is the only loud signal.

See docs/budget.md for the full model.

Scheduled workflows

— the programmable pillar.

Aegis runs a cron-style scheduler alongside QueueManager and the inbox router. Schedules are declared in .aegis.yaml and can be split into drop-in overlays under .aegis/schedules/<name>.yaml. Each entry names a workflow (built-in or registered), a trigger (cron or fire_at), a lifecycle (forever / once / {fires: N} / {until: <iso>}), and an overlap policy (skip / queue / kill).

# .aegis.yaml
schedules:
  morning-briefing:
    workflow: prompt
    cron: "0 6 * * *"
    timezone: America/Havana
    args: { agent: default, message: "Write today's briefing." }
  ci-watch:
    workflow: enqueue
    cron: "*/5 * * * *"
    lifecycle: forever
    on_overlap: skip
    args: { queue: ci, payload: "Check CI status and report failures." }

Two workflows ship in-tree: prompt (one-shot agent message) and enqueue (scheduler → queue handoff).

The substrate writes a JSONL audit log per schedule under .aegis/state/schedules/<name>.jsonl plus a derived schedules.snapshot.json for dashboards. On boot it replays each log to rebuild fire counts and closes any dangling fire_requested record as failed:interrupted. Editing .aegis.yaml or any overlay file hot-swaps the schedule table without a restart — entries that didn't change keep their state.

aegis schedule list                # current schedules + next fire
aegis schedule show morning-briefing
aegis schedule run morning-briefing   # force-fire once
aegis schedule disable morning-briefing  # comment-preserving YAML edit
aegis schedule logs morning-briefing -n 50

Install

pip install aegis-harness        # or: uv pip install aegis-harness

Requires Python 3.13+ and at least one of: claude, gemini, or opencode on your PATH, signed-in.

Quickstart

aegis          # full-screen TUI; opens ConfigPanel if no .aegis.yaml

With no .aegis.yaml in the directory, aegis drops you straight into the TUI ConfigPanel — press a to add your first agent and save. The scriptable equivalent:

aegis config agent add main --provider claude-code \
                            --model opus --effort high
aegis                       # start the TUI normally

.aegis.yaml is declarative YAML — edit it by hand or use aegis config verbs (every section reachable: agents, queues, telegram, default-agent, plugin-dir). Mid-session, reach the ConfigPanel via F2.

Keys

Key	Action
Enter	Send
Ctrl+T / Ctrl+N	New tab (default agent) / new tab (pick agent)
Ctrl+E	New terminal tab (term:<name>)
Ctrl+W	Close tab (last → quit)
Ctrl+1..9 / Ctrl+Tab / Ctrl+←→	Switch tabs
Ctrl+K	Toggle terminal-tab input between run and raw mode
Ctrl+D	Open / close the queue dashboard
F2	Open the ConfigPanel — edit agents/queues/etc. live
Escape	Interrupt the active turn (or dismiss a modal)
Click on a block	Copy that message / tool result to clipboard
Ctrl+Q	Quit

A backgrounded tab that finishes shows a * and rings the bell.

Configuration

.aegis.yaml is declarative YAML. Author it interactively (the TUI ConfigPanel — boot-into-panel when no config exists, F2 mid-session) or with the scriptable CLI (aegis config agent add, aegis config queue add, aegis config telegram set, …). Shape:

default_agent: default

agents:
  default:
    provider: claude-code
    model: opus
    effort: high
    permission: auto
  reviewer:
    provider: claude-code
    model: sonnet
    permission: read
  fast:
    provider: gemini
    model: gemini-3-flash-preview
    permission: full
  oss:
    provider: opencode
    model: opencode/kimi-k2.6
    permission: full

queues:
  review:
    agent: reviewer
    max_parallel: 2
  fast:
    agent: fast
    max_parallel: 4

Full reference: Configuration.

Headless + Telegram

aegis serve runs the SessionManager and MCP plane without the TUI; add a Telegram token to drive it from your phone:

# .aegis.yaml
telegram:
  token: "…"               # or set AEGIS_TELEGRAM_TOKEN (env wins)
  chat_id: 123456          # the single allowed chat

v0.10 ships a full substrate command surface alongside the original session-spawn verbs:

Command	Action
/new [agent]	Spawn a new session
/close [handle]	Close a session
/interrupt	Interrupt the active turn
/queue list	Per-queue depth + in-flight (local)
/queue show <name>	Full queue detail (local)
/schedule list [@peer]	All schedules with next fire
/schedule show <name> [@peer]	Full schedule detail
/schedule run <name>	Force-fire a schedule now (local)
/budget list [@peer]	Budget state per queue
/budget show <queue> [@peer]	Per-constraint budget detail
/peers	Remotes with reachability probe
/help [command]	Registry-driven help

A systemd unit template lives at scripts/aegis-serve.service. Full setup, output examples, and FAQ: docs/telegram.md.

Docs

Full documentation: https://apiad.github.io/aegis/

• Install
• Usage
• Configuration
• Drivers — Claude / Gemini / OpenCode
• Queues — inter-agent delegation
• Canvas — shared markdown blackboard
• Terminals — shared live PTY
• Groups — broadcast-and-gather committees
• Remote plane — laptop ↔ VPS enqueue over HTTP
• Workflows — Python orchestration + catalog
• Budgets
• Telegram — substrate commands from the phone
• MCP plane — the tool surface
• Architecture
• Roadmap
• API reference

Status

Beta. Personal-infrastructure-grade, evolves fast. Expect change before 1.0. See the roadmap for what's next.

License

MIT — see LICENSE.