Drydock — a local, provider-agnostic terminal coding agent for local LLMs
Project description
⚓ Drydock
A local-first, provider-agnostic terminal coding agent for your own LLM. No accounts, no telemetry, no cloud — the only outbound calls are to the model endpoint you configure and (optionally) the web-search tools you invoke. Primary target: dense Gemma-4-31B (QAT, 64K) served by llama.cpp on a single workstation.
v3 — clean-room rebuild. Drydock is being rebuilt as an original, Apache-2.0 codebase owned end to end (no upstream fork). Every release is gated by a credential-exfiltration scanner that blocks anything reaching off-box. See
HARNESS_DESIGN.mdanddocs/PRD.md.
Why
A coding agent should build real projects from your machine without sending your code or credentials anywhere. Drydock runs entirely against a local model, feels like a first-class terminal agent, and keeps its data plane on your box.
Status
Shipping. Published on PyPI as drydock-cli (v3.x). The Textual TUI is the
default surface: a scrolling transcript with streamed assistant text, collapsible
tool cards, collapsible reasoning ("thinking") cards, a live nautical activity
line, and a multi-line prompt. The agent loop, OpenAI-compatible provider,
two-tier compaction, and the full agentic toolset (below) are in, with Gemma
reliability hardening verified hands-on.
Capabilities
A full agentic CLI harness — every tool below is clean-room and dependency-free
(nothing beyond openai + textual), and the model calls them autonomously:
- Files & shell —
Read(with a structure index for huge files),Write,Edit,Bash,Glob,Grep. - Version control —
GitStatus,GitDiff,GitLog,GitCommit(structured + truncated; commit is local and reversible). - Internet —
WebSearch+WebFetch(DuckDuckGo; offline-safe). - Knowledge base (GraphRAG) — build a local entity-graph index from your
docs/code with
/graphrag build <path>; the agent retrieves from it via the read-onlyKnowledgetool. - Multi-agent —
Dispatchruns several read-only sub-agents in parallel;taskruns one — each in a fresh context, for focused investigation. - MCP — connect to Model Context Protocol servers (
~/.drydock/mcp.json); their tools appear asmcp__<server>__<tool>. List them with/mcp. - Skills — reusable
/<name>commands authored as markdown in~/.drydock/skills/(or<project>/.drydock/skills/);$ARGSsubstitution. - Loops —
/loop <count> <prompt>runs a prompt iteratively (Esc stops).
Slash commands
Typed into the prompt. The agent also knows these, so you can just ask it ("how do I add my own docs?") and it'll point you to the right one.
| Command | What it does |
|---|---|
/graphrag build <path> |
Build a knowledge base from a file or folder of docs/code |
/graphrag add <path> |
Incrementally add more documents to the base |
/graphrag query <q> |
Test what the base returns (no model) |
/graphrag status · clear |
List indexed sources · wipe the base |
/skills |
List your skills |
/skills new <name> <prompt> |
Create a reusable /<name> skill (use $ARGS for input) |
/<name> |
Run a skill |
/loop <count> <prompt> |
Repeat a prompt N times (Esc stops) |
/mcp |
List connected MCP servers + their tools |
/rmf bootstrap [families] |
Ingest the NIST SP 800-53 catalog (RMF automation) |
/rmf-control · /rmf-categorize · /rmf-review · /rmf-poam |
Bundled RMF skills |
/model · /cwd |
Show/set model & endpoint · working directory |
/undo · /back |
Revert the last write · rewind the last turn |
/compact · /status · /clear |
Shrink context · session stats · reset |
/help · /quit |
Help · exit |
Knowledge base (GraphRAG) — ingesting your documents
/graphrag build ./docs # index a file or a whole folder
/graphrag add ./more_docs # add more later, incrementally
/graphrag query "how are refunds handled?" # check retrieval
/graphrag status # what's indexed
Once built, the agent automatically retrieves from it (read-only Knowledge
tool) when a question touches your material. Ingests text formats
(.md .txt .py .js .json .yaml .sql …) plus PDF and Word (.docx). .docx
needs nothing extra; PDF uses the pdftotext binary (poppler) if present, else
pip install drydock-cli[pdf] (pypdf). The index is a single JSON at
<project>/.drydock/graphrag.json — clean-room, no embeddings.
Custom skills
/skills new commitmsg Write a concise conventional-commit message for: $ARGS
/commitmsg the staged auth changes # runs the skill with $ARGS substituted
Skills are markdown files in ~/.drydock/skills/ (personal) or
<project>/.drydock/skills/ (project); /skills new writes one for you.
RMF automation (NIST SP 800-53)
For Risk Management Framework work, Drydock can ingest the NIST SP 800-53 Rev 5 control catalog into the knowledge base and ships four RMF skills — all 100% local for CUI/sensitive systems.
/rmf bootstrap # one-time: fetch + ingest the 800-53 catalog (offline after)
/graphrag build ./ssp # ingest your own SSP/POA&M (PDF/Word/text)
/rmf-control AC-2 # look up a control
/rmf-categorize ... # FIPS 199 categorization + tailored baseline
/rmf-review AC-2 # review an SSP implementation statement vs 800-53A
/rmf-poam <finding> # generate a POA&M entry from a scan/STIG finding
Beyond text retrieval, /rmf bootstrap also builds a typed ontology graph
(Control / Component / Vulnerability nodes; IMPLEMENTS / RESIDES_ON / ASSESSES
edges). The agent records your system topology with GraphAdd and traces
relationships with GraphQuery — including control inheritance ("which
servers inherit physical controls from their enclave?"). Stdlib in-memory graph,
no Neo4j.
Install
pip install drydock-cli
drydock
Requires Python 3.11+. From source instead:
git clone https://github.com/fbobe321/drydock-v3.git && cd drydock-v3 && pip install -e .
On first launch with no config, Drydock probes localhost for a running local
LLM (llama.cpp/vLLM :8000, Ollama :11434, LM Studio :1234) and wires up
the first one it finds — no account or API-key prompt. Override anytime with
--model / --provider / --base-url or ~/.drydock/config.toml.
Using it
Type a task and press Enter. Drydock reads/writes/edits files and runs commands to do the work, showing each as a collapsible tool card.
- Enter submits · Ctrl+J newline (multi-line prompts)
- ↑ / ↓ recall command history (persists across sessions)
- PgUp / PgDn (and Ctrl+Home/End) scroll the transcript
- Ctrl+O expand/collapse tool output · drag + Ctrl+C copy a selection
- Ctrl+C twice (or Ctrl+D,
/quit) to exit - A live activity line shows progress while it works:
◡ Keelhauling… (12s · ↓ 6.2k tokens · thinking with high effort) - Submit while it's working and the prompt queues (drains in order)
- Slash commands:
/model·/cwd·/undo(revert last write) ·/back(rewind last turn) ·/status·/compact(shrink context) ·/graphrag(build/query a knowledge base) ·/skills(list your/<name>skills) ·/loop(repeat a prompt) ·/mcp(list MCP servers) ·/clear·/help·/quit
It honors AGENTS.md / DRYDOCK.md in the working directory for project
conventions.
Safety
Two tiers, plus advisory guards — all designed so legitimate work is never blocked:
- Catastrophic denylist — commands like
rm -rf /,mkfs, raw block-device writes, and fork bombs are refused outright (never run). - Approval prompt — sensitive-but-legitimate commands (
sudo, package installs, network fetches,git push) pause for Allow / Always / Deny. - Advisory write guards — Drydock flags (never blocks) Python syntax errors,
stub-only files, imports of sibling modules that don't exist yet, bare
raiseoutside an except, and refuses to write git conflict-marker content.
Point it at a local OpenAI-compatible endpoint (e.g. llama.cpp's server-cuda
serving Gemma-4-31B). The web tools (WebSearch/WebFetch) are read-only and
degrade cleanly offline; the release scanner allowlists only the search backend.
Model server (reference setup)
Drydock is provider-agnostic, but it's tuned and measured against this rig:
- Model: dense Gemma-4-31B (QAT
Q4_K_XLGGUF), served byghcr.io/ggml-org/llama.cpp:server-cudawith--jinja. Swapped from the 26B-A4B MoE, whose ~4B active params caused fatal agentic tool-loops; the dense 31B is loop-free (slower, but it finishes). - GPUs: 2× NVIDIA RTX 4060 Ti 16GB, tensor-split across both cards
(
--tensor-split 1,1) so the 31B weights fit. - Context: 64k (
-c 65536) withq8_0KV-cache quantization (-ctk q8_0 -ctv q8_0); setcontext_limitin~/.drydock/config.tomlto match your server's-c. - Throughput: ~15 tok/s decode (tensor-split 31B). Faster single-GPU options exist if you drop to a smaller model.
- Provider-agnostic: any OpenAI-compatible endpoint (llama.cpp, vLLM,
Ollama, LM Studio) works — point
--base-urlat it.
Principles
- Clean provenance — original code only; nothing copied from any other project.
- Local-only data plane — no telemetry, no phone-home, no hardcoded third-party hosts, no credential transmission.
- Advisory, never blocking — loop/safety mechanisms inject better context; they never hard-stop legitimate work.
- The scanner is law —
scripts/security_scan.pygates every release.
Security scan
python3 scripts/security_scan.py drydock/ # scan the source tree
python3 scripts/security_scan.py dist/*.whl # scan a built wheel
Exit 2 (HIGH finding) blocks a release.
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file drydock_cli-3.0.72.tar.gz.
File metadata
- Download URL: drydock_cli-3.0.72.tar.gz
- Upload date:
- Size: 160.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4f09ac79b55bf0bfd435961a9670e4359f6da7c15172bf02f98bbe41a1261079
|
|
| MD5 |
f256d571b2752cbfc56a98d7676e0a14
|
|
| BLAKE2b-256 |
7585998904a067a87fc03eabde211665afda0b915096e0683cafb73dc1e0c7ef
|
File details
Details for the file drydock_cli-3.0.72-py3-none-any.whl.
File metadata
- Download URL: drydock_cli-3.0.72-py3-none-any.whl
- Upload date:
- Size: 123.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9da2efa88a0f6bc48f31ba52b7875a0e6ca4ebab3b5e068354967cfc5bb1e1aa
|
|
| MD5 |
87c6f2375121305403625301aa128234
|
|
| BLAKE2b-256 |
41e9474bf1506dd2952adeb0e10089a9947ff04b3f32fbf98814b479ecb2fbd2
|