Skip to main content

Drydock — a local, provider-agnostic terminal coding agent for local LLMs

Project description

⚓ Drydock

A local-first, provider-agnostic terminal coding agent for your own LLM. No accounts, no telemetry, no cloud — the only outbound calls are to the model endpoint you configure and (optionally) the web-search tools you invoke. Primary target: dense Gemma-4-31B (QAT, 64K) served by llama.cpp on a single workstation.

v3 — clean-room rebuild. Drydock is being rebuilt as an original, Apache-2.0 codebase owned end to end (no upstream fork). Every release is gated by a credential-exfiltration scanner that blocks anything reaching off-box. See HARNESS_DESIGN.md and docs/PRD.md.

Why

A coding agent should build real projects from your machine without sending your code or credentials anywhere. Drydock runs entirely against a local model, feels like a first-class terminal agent, and keeps its data plane on your box.

Status

Shipping. Published on PyPI as drydock-cli (v3.x). The Textual TUI is the default surface: a scrolling transcript with streamed assistant text, collapsible tool cards, collapsible reasoning ("thinking") cards, a live nautical activity line, and a multi-line prompt. The agent loop, OpenAI-compatible provider, two-tier compaction, and the full agentic toolset (below) are in, with Gemma reliability hardening verified hands-on.

Capabilities

A full agentic CLI harness — every tool below is clean-room and dependency-free (nothing beyond openai + textual), and the model calls them autonomously:

  • Files & shellRead (with a structure index for huge files), Write, Edit, Bash, Glob, Grep.
  • Version controlGitStatus, GitDiff, GitLog, GitCommit (structured + truncated; commit is local and reversible).
  • InternetWebSearch + WebFetch (DuckDuckGo; offline-safe).
  • Knowledge base (GraphRAG) — build a local entity-graph index from your docs/code with /graphrag build <path>; the agent retrieves from it via the read-only Knowledge tool.
  • Multi-agentDispatch runs several read-only sub-agents in parallel; task runs one — each in a fresh context, for focused investigation.
  • MCP — connect to Model Context Protocol servers (~/.drydock/mcp.json); their tools appear as mcp__<server>__<tool>. List them with /mcp.
  • Skills — reusable /<name> commands authored as markdown in ~/.drydock/skills/ (or <project>/.drydock/skills/); $ARGS substitution.
  • Loops/loop <count> <prompt> runs a prompt iteratively (Esc stops).

Install

pip install drydock-cli
drydock

Requires Python 3.11+. From source instead: git clone https://github.com/fbobe321/drydock-v3.git && cd drydock-v3 && pip install -e .

On first launch with no config, Drydock probes localhost for a running local LLM (llama.cpp/vLLM :8000, Ollama :11434, LM Studio :1234) and wires up the first one it finds — no account or API-key prompt. Override anytime with --model / --provider / --base-url or ~/.drydock/config.toml.

Using it

Type a task and press Enter. Drydock reads/writes/edits files and runs commands to do the work, showing each as a collapsible tool card.

  • Enter submits · Ctrl+J newline (multi-line prompts)
  • ↑ / ↓ recall command history (persists across sessions)
  • PgUp / PgDn (and Ctrl+Home/End) scroll the transcript
  • Ctrl+O expand/collapse tool output · drag + Ctrl+C copy a selection
  • Ctrl+C twice (or Ctrl+D, /quit) to exit
  • A live activity line shows progress while it works: ◡ Keelhauling… (12s · ↓ 6.2k tokens · thinking with high effort)
  • Submit while it's working and the prompt queues (drains in order)
  • Slash commands: /model · /cwd · /undo (revert last write) · /back (rewind last turn) · /status · /compact (shrink context) · /graphrag (build/query a knowledge base) · /skills (list your /<name> skills) · /loop (repeat a prompt) · /mcp (list MCP servers) · /clear · /help · /quit

It honors AGENTS.md / DRYDOCK.md in the working directory for project conventions.

Safety

Two tiers, plus advisory guards — all designed so legitimate work is never blocked:

  • Catastrophic denylist — commands like rm -rf /, mkfs, raw block-device writes, and fork bombs are refused outright (never run).
  • Approval prompt — sensitive-but-legitimate commands (sudo, package installs, network fetches, git push) pause for Allow / Always / Deny.
  • Advisory write guards — Drydock flags (never blocks) Python syntax errors, stub-only files, imports of sibling modules that don't exist yet, bare raise outside an except, and refuses to write git conflict-marker content.

Point it at a local OpenAI-compatible endpoint (e.g. llama.cpp's server-cuda serving Gemma-4-31B). The web tools (WebSearch/WebFetch) are read-only and degrade cleanly offline; the release scanner allowlists only the search backend.

Model server (reference setup)

Drydock is provider-agnostic, but it's tuned and measured against this rig:

  • Model: dense Gemma-4-31B (QAT Q4_K_XL GGUF), served by ghcr.io/ggml-org/llama.cpp:server-cuda with --jinja. Swapped from the 26B-A4B MoE, whose ~4B active params caused fatal agentic tool-loops; the dense 31B is loop-free (slower, but it finishes).
  • GPUs: 2× NVIDIA RTX 4060 Ti 16GB, tensor-split across both cards (--tensor-split 1,1) so the 31B weights fit.
  • Context: 64k (-c 65536) with q8_0 KV-cache quantization (-ctk q8_0 -ctv q8_0); set context_limit in ~/.drydock/config.toml to match your server's -c.
  • Throughput: ~15 tok/s decode (tensor-split 31B). Faster single-GPU options exist if you drop to a smaller model.
  • Provider-agnostic: any OpenAI-compatible endpoint (llama.cpp, vLLM, Ollama, LM Studio) works — point --base-url at it.

Principles

  • Clean provenance — original code only; nothing copied from any other project.
  • Local-only data plane — no telemetry, no phone-home, no hardcoded third-party hosts, no credential transmission.
  • Advisory, never blocking — loop/safety mechanisms inject better context; they never hard-stop legitimate work.
  • The scanner is lawscripts/security_scan.py gates every release.

Security scan

python3 scripts/security_scan.py drydock/      # scan the source tree
python3 scripts/security_scan.py dist/*.whl    # scan a built wheel

Exit 2 (HIGH finding) blocks a release.

License

Apache-2.0, © 2026 Frank Bobe III. See LICENSE and NOTICE.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

drydock_cli-3.0.57.tar.gz (125.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

drydock_cli-3.0.57-py3-none-any.whl (95.9 kB view details)

Uploaded Python 3

File details

Details for the file drydock_cli-3.0.57.tar.gz.

File metadata

  • Download URL: drydock_cli-3.0.57.tar.gz
  • Upload date:
  • Size: 125.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for drydock_cli-3.0.57.tar.gz
Algorithm Hash digest
SHA256 af1555e4079e4df1e8e0aa96ef01548f9f4405f4a21f45bfb5673565567ea2fc
MD5 2fde7ecf7f6ea7c144a13bf13d66b5e3
BLAKE2b-256 483f3919972552db98075b2ba319cdb9b2299e2d994921d4447eccd55690602e

See more details on using hashes here.

File details

Details for the file drydock_cli-3.0.57-py3-none-any.whl.

File metadata

  • Download URL: drydock_cli-3.0.57-py3-none-any.whl
  • Upload date:
  • Size: 95.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for drydock_cli-3.0.57-py3-none-any.whl
Algorithm Hash digest
SHA256 1d2e8d0c64ac776e97579a067cebbdd5dc49f5204a89532c84f0971406aca1bd
MD5 a7510388e513ea7644c6579380f7d771
BLAKE2b-256 c15c21a84fe7e3c3be4cffd6bc57e5b21d952949c06c9c7a1537209295e3413d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page