A coding agent that jails model commands and uses editable state machines for long-running tasks.
Project description
agent6
A coding agent that jails model commands and uses editable state machines for long-running tasks.
The model can write code and ask to run commands, but those commands go through a jail with restricted filesystem and network access. Long-running workflows can be written, reviewed, edited, resumed, and replayed as declarative state machines instead of being left to an open-ended agent loop.
Full documentation: agent6.dev
Features
- Sandboxed execution for every LLM-chosen child process, jailed individually
(Landlock + seccomp +
pivot_root), with.gitrebound read-only and egress confined to your provider - Works with Anthropic and any OpenAI-compatible endpoint (OpenAI, OpenRouter, Ollama, vLLM, llama.cpp, LM Studio)
- Per-step git commits, snapshot-resumable runs, per-turn forkable checkpoints, USD and token budgets with hard stops
- Plan, run, review, and ask modes; a live terminal dashboard; persistent transcripts and a searchable run history
- State machines (
agent6 machine) for long-running automated tasks: LLM-drafted, operator-reviewed, journaled, and replayable - Small, fixed LLM tool surface; the only extension point is operator-configured MCP servers, off by default
- Eight runtime dependencies, no telemetry, no auto-update
Install
uv tool install agent6 # or: pipx install agent6
agent6 needs Linux for the sandbox (kernel 6.7+ for TCP rules), Python 3.12+, and an API key for at least one provider. macOS and Windows run unsandboxed behind a warning. See installation for the full requirements and building from source.
Quick start
# Connect a provider once (stored in ~/.config/agent6/, key in a 0600 secrets file).
agent6 connect # interactive: pick provider, paste API key
agent6 model worker anthropic claude-sonnet-4-6
# Run the agent on a task. agent6 infers a verify command if you haven't set one.
cd your-repo
agent6 run "add a --json output mode to the CLI"
# Audit the effective config, pre-flight the sandbox, resume or fork a run.
agent6 config show
agent6 check
agent6 resume <run-id>
agent6 fork <run-id> --at-turn 7
That is the whole loop. See getting started for the full command tour, configuration for every field, and the security model for what the sandbox enforces.
Config is layered: built-in secure defaults, then the global ~/.config/agent6/config.toml,
then the per-repo config (out of the workspace, per-machine, not committed), then an
explicit --config FILE. Every field has a default; security-sensitive fields default to
the safe value (agent_network = "providers", tool_network = "block",
run_commands = "ask", protect_git = true, git.allow_* = false), and git_ops.py
refuses push, --force, and history rewrites unconditionally.
Benchmarks
Reproducible harnesses live under bench/: real-world SWE-bench-Lite-style tasks,
head-to-head runs against Claude Code / opencode / aider, machine create validation, and
a perf-optimization harness. See each directory's README for recorded numbers (single runs,
no variance measured; re-run before quoting).
Contributing
Read AGENTS.md first. The repo's verify command decides whether a change is landable:
uv run ruff check && uv run ruff format --check && \
uv run pyright && uv run tach check && uv run pytest
Changes under sandbox/, tools/, git_ops.py, providers/, or graph/curator must
include a security review note in the commit message.
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent6-0.0.14.tar.gz.
File metadata
- Download URL: agent6-0.0.14.tar.gz
- Upload date:
- Size: 544.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0706008b024fa82802208ab64000ff67d922c4b11fad4a3199a53c18757a202a
|
|
| MD5 |
5bc26e81ee187bca0502dd2311d8bc0b
|
|
| BLAKE2b-256 |
c17b85f4627d31dc015230a784a83e6ca3d3eb200c63ed1f02d904feee071dda
|
Provenance
The following attestation bundles were made for agent6-0.0.14.tar.gz:
Publisher:
pypi.yml on agent6-dev/agent6
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agent6-0.0.14.tar.gz -
Subject digest:
0706008b024fa82802208ab64000ff67d922c4b11fad4a3199a53c18757a202a - Sigstore transparency entry: 2003931038
- Sigstore integration time:
-
Permalink:
agent6-dev/agent6@60fefe0885cef67dcabff6c8183f3ff0852b5575 -
Branch / Tag:
refs/tags/v0.0.14 - Owner: https://github.com/agent6-dev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi.yml@60fefe0885cef67dcabff6c8183f3ff0852b5575 -
Trigger Event:
release
-
Statement type:
File details
Details for the file agent6-0.0.14-py3-none-manylinux_2_17_x86_64.musllinux_1_2_x86_64.whl.
File metadata
- Download URL: agent6-0.0.14-py3-none-manylinux_2_17_x86_64.musllinux_1_2_x86_64.whl
- Upload date:
- Size: 918.3 kB
- Tags: Python 3, manylinux: glibc 2.17+ x86-64, musllinux: musl 1.2+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
903bc9ed1d56cb17cc9d29e2bd5cd5940c89044138dab48db6b464b59bdfeb6f
|
|
| MD5 |
c6289b069a4609a26bbae1427f965d2d
|
|
| BLAKE2b-256 |
53981934e5042dc836405ca980365b7f244ca20e948b9a5708c23bf1e2c714b0
|
Provenance
The following attestation bundles were made for agent6-0.0.14-py3-none-manylinux_2_17_x86_64.musllinux_1_2_x86_64.whl:
Publisher:
pypi.yml on agent6-dev/agent6
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agent6-0.0.14-py3-none-manylinux_2_17_x86_64.musllinux_1_2_x86_64.whl -
Subject digest:
903bc9ed1d56cb17cc9d29e2bd5cd5940c89044138dab48db6b464b59bdfeb6f - Sigstore transparency entry: 2003931202
- Sigstore integration time:
-
Permalink:
agent6-dev/agent6@60fefe0885cef67dcabff6c8183f3ff0852b5575 -
Branch / Tag:
refs/tags/v0.0.14 - Owner: https://github.com/agent6-dev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi.yml@60fefe0885cef67dcabff6c8183f3ff0852b5575 -
Trigger Event:
release
-
Statement type:
File details
Details for the file agent6-0.0.14-py3-none-manylinux_2_17_aarch64.musllinux_1_2_aarch64.whl.
File metadata
- Download URL: agent6-0.0.14-py3-none-manylinux_2_17_aarch64.musllinux_1_2_aarch64.whl
- Upload date:
- Size: 892.8 kB
- Tags: Python 3, manylinux: glibc 2.17+ ARM64, musllinux: musl 1.2+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a547fc96f238174eccd7447f4da0e544b566e142e2d90cfc0263ea768d0913b4
|
|
| MD5 |
4c5378da20583c2cf01fd875e404fe48
|
|
| BLAKE2b-256 |
d0ce58ad0a07df3d1a83049091465bb1966d76b15f2a1b7dd10f478a583eb030
|
Provenance
The following attestation bundles were made for agent6-0.0.14-py3-none-manylinux_2_17_aarch64.musllinux_1_2_aarch64.whl:
Publisher:
pypi.yml on agent6-dev/agent6
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agent6-0.0.14-py3-none-manylinux_2_17_aarch64.musllinux_1_2_aarch64.whl -
Subject digest:
a547fc96f238174eccd7447f4da0e544b566e142e2d90cfc0263ea768d0913b4 - Sigstore transparency entry: 2003931119
- Sigstore integration time:
-
Permalink:
agent6-dev/agent6@60fefe0885cef67dcabff6c8183f3ff0852b5575 -
Branch / Tag:
refs/tags/v0.0.14 - Owner: https://github.com/agent6-dev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi.yml@60fefe0885cef67dcabff6c8183f3ff0852b5575 -
Trigger Event:
release
-
Statement type: