A coding agent that jails model commands and uses editable state machines for long-running tasks.
Project description
agent6
A coding agent that jails model commands and uses editable state machines for long-running tasks.
The model can write code and ask to run commands, but those commands go through a jail with restricted filesystem and network access. Long-running workflows can be written, reviewed, edited, resumed, and replayed as declarative state machines instead of being left to an open-ended agent loop.
Full documentation: agent6.dev
Features
- Sandboxed execution for every LLM-chosen child process, jailed individually
with Landlock + seccomp; the default
strictprofile adds namespaces +pivot_root, rebinds.gitread-only, and confines egress to your provider - Works with Anthropic and any OpenAI-compatible endpoint (OpenAI, OpenRouter, Ollama, vLLM, llama.cpp, LM Studio)
- Per-step git commits, snapshot-resumable runs, per-turn forkable checkpoints, token budgets with hard stops and a best-effort USD ceiling
- Plan, run, review, and ask modes; a live terminal dashboard and a zero-dependency
browser UI (
agent6 web, phone-friendly); persistent transcripts and a searchable run history - State machines (
agent6 machine) for long-running automated tasks: LLM-drafted, operator-reviewed, journaled, and replayable; a machine can wait indefinitely for a human, be poked with a payload, steer/answer its agent states from any front-end, and notify you when it needs attention - Small, fixed LLM tool surface; the only extension point is operator-configured MCP servers, off by default
- Eight runtime dependencies, no telemetry, no auto-update
Install
uv tool install agent6 # or: pipx install agent6
agent6 needs Linux for the sandbox (kernel 6.7+ for TCP rules), Python 3.12+, and an API key for at least one provider. macOS runs unsandboxed behind a warning; on Windows use WSL. See installation for the full requirements and building from source.
Quick start
# Connect a provider once (stored in ~/.config/agent6/, key in a 0600 secrets file).
agent6 connect # interactive: pick provider, paste API key
agent6 model worker anthropic claude-sonnet-4-6
# Run the agent on a task. agent6 infers a verify command if you haven't set one.
cd your-repo
agent6 run "add a --json output mode to the CLI"
# Watch and drive runs from a terminal, a full-screen TUI, or a browser.
agent6 watch <run-id> # plain live event stream (default)
agent6 tui # full-screen dashboard hub
agent6 web # browser UI on http://127.0.0.1:8901 (phone-friendly)
# Audit the effective config, pre-flight the sandbox, resume or fork a run.
agent6 config show
agent6 check
agent6 resume <run-id>
agent6 fork <run-id> --at-turn 7
That is the whole loop. See getting started for the full command tour, the web UI for driving runs from a phone, configuration for every field, and the security model for what the sandbox enforces.
Config is layered: built-in secure defaults, then the global ~/.config/agent6/config.toml,
then the per-repo config (out of the workspace, per-machine, not committed), then an
explicit --config FILE. Every field has a default; security-sensitive fields default to
the safe value (agent_network = "providers", tool_network = "block",
run_commands = "ask", protect_git = true, git.allow_* = false), and git_ops.py
refuses push, --force, and history rewrites unconditionally.
Benchmarks
Reproducible harnesses live under bench/: real-world SWE-bench-Lite-style tasks,
head-to-head runs against Claude Code / opencode / aider, machine create validation, and
a perf-optimization harness. See each directory's README for recorded numbers (single runs,
no variance measured; re-run before quoting).
Contributing
Read AGENTS.md first. The repo's verify command decides whether a change is landable:
uv run ruff check && uv run ruff format --check && \
uv run pyright && uv run tach check && uv run pytest
Adding a tool, loosening a security default, dialling a new network destination, or
changing the jail (src/agent6/jail/) requires a Security review note: paragraph in
the commit message.
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent6-0.0.17.tar.gz.
File metadata
- Download URL: agent6-0.0.17.tar.gz
- Upload date:
- Size: 640.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
03347e4c3a708c11ca2e34274cdcd8ad7ad2ffd3ca374d6c44fde0a397d47d4f
|
|
| MD5 |
eb59df92594fe3fed6ed9003dbd77403
|
|
| BLAKE2b-256 |
835dea4b520210a585950654856f1122ba13f92217c86010cc00ab58295aa8ff
|
Provenance
The following attestation bundles were made for agent6-0.0.17.tar.gz:
Publisher:
pypi.yml on agent6-dev/agent6
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agent6-0.0.17.tar.gz -
Subject digest:
03347e4c3a708c11ca2e34274cdcd8ad7ad2ffd3ca374d6c44fde0a397d47d4f - Sigstore transparency entry: 2055931427
- Sigstore integration time:
-
Permalink:
agent6-dev/agent6@de9b9eb5cc5afb20ca95674e3256d405aafaaf08 -
Branch / Tag:
refs/tags/v0.0.17 - Owner: https://github.com/agent6-dev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi.yml@de9b9eb5cc5afb20ca95674e3256d405aafaaf08 -
Trigger Event:
release
-
Statement type:
File details
Details for the file agent6-0.0.17-py3-none-manylinux_2_17_x86_64.musllinux_1_2_x86_64.whl.
File metadata
- Download URL: agent6-0.0.17-py3-none-manylinux_2_17_x86_64.musllinux_1_2_x86_64.whl
- Upload date:
- Size: 1.0 MB
- Tags: Python 3, manylinux: glibc 2.17+ x86-64, musllinux: musl 1.2+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
51397f95382bfa8edf26c8a67dbf346533e12eaa4ec782e1da0942a97addd42b
|
|
| MD5 |
42520293bc6c48ae969505eba2f06093
|
|
| BLAKE2b-256 |
827facb5757835bc61c8c60f537f08dcf10ec065047e17b999e5e9259b697885
|
Provenance
The following attestation bundles were made for agent6-0.0.17-py3-none-manylinux_2_17_x86_64.musllinux_1_2_x86_64.whl:
Publisher:
pypi.yml on agent6-dev/agent6
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agent6-0.0.17-py3-none-manylinux_2_17_x86_64.musllinux_1_2_x86_64.whl -
Subject digest:
51397f95382bfa8edf26c8a67dbf346533e12eaa4ec782e1da0942a97addd42b - Sigstore transparency entry: 2055931467
- Sigstore integration time:
-
Permalink:
agent6-dev/agent6@de9b9eb5cc5afb20ca95674e3256d405aafaaf08 -
Branch / Tag:
refs/tags/v0.0.17 - Owner: https://github.com/agent6-dev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi.yml@de9b9eb5cc5afb20ca95674e3256d405aafaaf08 -
Trigger Event:
release
-
Statement type:
File details
Details for the file agent6-0.0.17-py3-none-manylinux_2_17_aarch64.musllinux_1_2_aarch64.whl.
File metadata
- Download URL: agent6-0.0.17-py3-none-manylinux_2_17_aarch64.musllinux_1_2_aarch64.whl
- Upload date:
- Size: 990.4 kB
- Tags: Python 3, manylinux: glibc 2.17+ ARM64, musllinux: musl 1.2+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8f8210282290bb157cbca163b429ec8fe3a60a35ceb95501e7b4fe46d2b46fa7
|
|
| MD5 |
d3e8a09c78e29d08f7eba75aaa7b11e1
|
|
| BLAKE2b-256 |
47874fc8c401017836b5a83306850d40574263e3d7516972fcd210fedf922e78
|
Provenance
The following attestation bundles were made for agent6-0.0.17-py3-none-manylinux_2_17_aarch64.musllinux_1_2_aarch64.whl:
Publisher:
pypi.yml on agent6-dev/agent6
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agent6-0.0.17-py3-none-manylinux_2_17_aarch64.musllinux_1_2_aarch64.whl -
Subject digest:
8f8210282290bb157cbca163b429ec8fe3a60a35ceb95501e7b4fe46d2b46fa7 - Sigstore transparency entry: 2055931509
- Sigstore integration time:
-
Permalink:
agent6-dev/agent6@de9b9eb5cc5afb20ca95674e3256d405aafaaf08 -
Branch / Tag:
refs/tags/v0.0.17 - Owner: https://github.com/agent6-dev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi.yml@de9b9eb5cc5afb20ca95674e3256d405aafaaf08 -
Trigger Event:
release
-
Statement type: