Skip to main content

A fully autonomous terminal AI agent — multi-model routing, persistent memory, real tool execution

Project description

English | Chinese

PawnLogic

License: MIT Version PyPI CI Python 3.10+ Platform

PawnLogic is a terminal-first autonomous AI agent with multi-provider model routing, persistent memory, real local tool execution, MCP integration, and a CTF-oriented toolchain. The current public release is 0.1.7.

System Requirements

  • Linux or WSL2
  • Python 3.10+
  • pip
  • git only for source checkouts, development, or git-backed skill packs
  • ~/.local/bin in PATH when using the global pawn launcher
  • Optional: Docker for container tools, browser dependencies for Patchright / Scrapling, and CTF packages for pwn workflows

Quick Start

Option A: install from PyPI

pip install pawnlogic
pawn

The first run opens the API key configuration flow. Runtime files are created under ~/.pawnlogic/, not inside the project directory.

Option B: one-line installer

curl -fsSL https://raw.githubusercontent.com/john0123412/PawnLogic/main/install.sh | bash
pawn

The installer creates an isolated venv under ~/.local/share/pawnlogic, installs the official PyPI package, and writes ~/.local/bin/pawn.

Option C: source checkout for development

git clone https://github.com/john0123412/PawnLogic.git
cd PawnLogic
python3 -m venv venv
source venv/bin/activate
pip install -e ".[dev]"
pawn

Optional extras:

pip install "pawnlogic[docker]"    # Docker SDK integration
pip install "pawnlogic[browser]"   # Scrapling + Patchright browser tools
pip install "pawnlogic[ctf]"       # pwntools, ROPgadget, ropper
pip install -e ".[dev,ctf]"        # source checkout with tests and CTF tools

pawnlogic[ctf] installs CTF tooling dependencies only. CTF skill packs are optional extension assets that users install explicitly, for example with /sp install <repo_url> into ~/.pawnlogic/skills. Third-party skill packs are not bundled into PyPI distributions unless their upstream license and notices have been reviewed for redistribution. Git-backed skill-pack installs accept only https://, ssh://, or git@host:owner/repo.git remotes.

Source-checkout launcher fallback:

./pawn.sh

CLI entry points:

pawn
pawn --debug
pawn --eval "summarize this repository"
pawn --eval "summarize this repository" --json
python -m pawnlogic --help

Default pawn uses user-friendly output and hides raw tool-call internals, parser diagnostics, detailed reasoning streams, and low-level API errors. Use pawn --debug or /mode when you need detailed diagnostics.

What's New

Version 0.1.7 continues the maintenance hardening track:

  • Release consistency preflight checks now keep release-facing docs aligned with the runtime version source of truth.
  • Documentation checks now guard the formal README_zh-CN.md and GUIDE_zh-CN.md filenames and reject legacy *_CN.md documentation names.
  • run_turn has smaller autosave and anti-loop bookkeeping helpers while preserving message shapes, reasoning persistence, and tool result ordering.
  • Provider stream regression coverage now protects partial-content interruption events and Anthropic multi-tool delta ordering.
  • Workspace restore rollback coverage now protects the existing workspace if replacement fails after the current workspace was moved aside.
  • The typed-island CI check now covers workspace cleanup and maintenance tools.

See CHANGELOG.md for the full release history.

Key Capabilities

Capability Description
Multi-provider models Built-in DeepSeek, OpenAI, and Anthropic aliases plus custom OpenAI-compatible or Anthropic-style providers through /provider.
Persistent workspace SQLite-backed sessions, searchable history, memory commands, knowledge base, per-session workspaces, and audit logs under ~/.pawnlogic/.
Real tool execution Host shell, code sandbox, file operations, URL fetch, browser automation, Docker containers, and CTF helpers.
Trust-boundary UX User-mode warnings make it explicit when a tool crosses local host, container, browser, network, delegate, or plaintext HTTP boundaries.
MCP integration Stdio MCP servers can be configured from ~/.pawnlogic/mcp_configs.json, with roots and stderr logging handled by PawnLogic.
CTF / pwn workflows Optional pwn tooling, Docker container helpers, GDB automation, ROP chain support, libc leak workflows, and user-installed local skill packs.
Release hygiene CI runs Ruff, typed-island mypy, and fast Python 3.11 PR checks first, then release/manual validation covers Python 3.10/3.11/3.12, packaging, dynamic E2E, docs structure, language policy, package build, and Trusted Publishing guardrails.

Supported Models

PawnLogic ships with preconfigured model aliases. Only active providers with a configured API key are shown in /model and Tab completion.

Provider Aliases Notes
DeepSeek ds-v4-flash, ds-v4-pro Default provider; fast primary model plus flagship reasoning model.
OpenAI gpt-5.5, gpt-5.4, gpt-5.4-mini, gpt-5.4-nano, gpt-4o, gpt-4.1, o3 Coding, vision, multimodal, low-latency, and reasoning aliases.
Anthropic claude-opus, claude-sonnet, claude-haiku Opus, Sonnet, and Haiku aliases for Anthropic's Messages API path.

Custom provider model descriptions come from ~/.pawnlogic/custom_providers.json. Re-running /provider update <name> refreshes selected models and writes English fallback descriptions for fetched models when the provider does not supply a useful description.

Provider Management

/provider                         # open the provider TUI
/provider add <name> <base_url> <ENV_KEY> [anthropic]
/provider fetch <name>            # fetch available models and select aliases
/provider update <name>           # re-fetch provider models
/provider activate <name>         # show selected provider models
/provider deactivate <name>       # hide provider models
/provider list                    # show provider and key status
/provider test <model>            # test connectivity for a model alias
/setkey                           # run key setup again
/keys                             # show configured key status

API keys are stored in ~/.pawnlogic/.env. Provider configs, model aliases, and descriptions are stored in ~/.pawnlogic/custom_providers.json without secret values. Provider setup does not write keys into shell startup files.

Plain http:// provider endpoints are allowed for local relays and lab setups, but user-friendly mode prints a trust-boundary warning because requests and API keys are not protected by TLS.

Quick Command Reference

/model [alias]                    # switch model
/mode                             # toggle user-friendly/debug output
/chat find <keyword>              # search all sessions
/think <prompt>                   # run one deeper reasoning turn
/compact                          # summarize and compact context
/undo [n]                         # roll back recent turns
/deep                             # full-power mode
/init_project [desc]              # initialize project state
/pwnenv                           # check CTF toolchain integrity
/ctf init <name>                  # start CTF workspace metadata
/ctf solved [flag]                # mark a confirmed CTF flag as solved
/ctf writeup                      # export a CTF writeup draft
/sp install <repo_url>            # install a git-backed skill pack

Run /help inside PawnLogic for the full command list.

Trust Boundary

PawnLogic is an agent execution tool, not a security sandbox. It intentionally executes real tools with the current user's permissions when you ask it to do so. Pattern filters, Docker boundaries, and capability profiles reduce accidents; they do not contain a determined attacker.

User-friendly mode prints explicit trust-boundary notices for host shell execution, Docker container exec, browser/network-capable tools, private network URL access, delegated sub-agents, and plaintext HTTP providers. Use pawn --debug when you need lower-level tool arguments and diagnostics. Docker file mounts are workspace-bound by default, including read-only mounts; outside read-only challenge files require explicit allow_host_read_mount.

Host shell execution now passes through an operation policy before subprocess startup. Low-risk commands run normally, medium-risk commands are classified for audit, high-risk commands require explicit interactive confirmation, and critical operations are denied by default. Non-interactive execution, including pawn --eval, fails closed when a high-risk command would require confirmation. DANGEROUS_PATTERNS remains only one misuse/risk classifier; it is not a sandbox boundary and cannot stop a malicious local user.

MCP Tool Integration

For pip or one-line installer users, PawnLogic creates editable templates in ~/.pawnlogic/ on startup:

pawn
cp ~/.pawnlogic/mcp_configs.example.json ~/.pawnlogic/mcp_configs.json
# edit ~/.pawnlogic/mcp_configs.json and add keys with /setkey or ~/.pawnlogic/.env
pawn

For source checkout users, the repository template can also be copied directly:

cp mcp_configs.example.json ~/.pawnlogic/mcp_configs.json

Supported example MCP servers include Tavily search, Playwright browser automation, and a filesystem bridge. External fetch MCP is disabled in the example because uvx mcp-server-fetch may contact PyPI during startup; use PawnLogic's built-in fetch_url unless you explicitly enable that MCP server.

MCP subprocess stderr is written to ~/.pawnlogic/logs/mcp/<server>.stderr.log by default. Set top-level "debug_stderr": true in mcp_configs.json when you want raw MCP stderr on the console. PawnLogic advertises MCP roots for the current working directory and ~/.pawnlogic/workspace.

Data Layout

All runtime data and API keys are stored in ~/.pawnlogic/.

~/.pawnlogic/
├── .env                    # API keys
├── custom_providers.json   # user provider configs, no keys
├── mcp_configs.json        # MCP server declarations
├── pawn.db                 # sessions, messages, knowledge base
├── global_skills.md        # GSA skill archive
├── skills/                 # optional user-installed skill packs
├── workspace/              # per-session working directories
└── logs/                   # audit logs

The project directory contains no secrets and is safe to commit or share.

Documentation

Document Description
README.md This page
README_zh-CN.md Chinese README
GUIDE.md Full reference: commands, architecture, and FAQ
GUIDE_zh-CN.md Chinese full reference
CHANGELOG.md Version history and release notes
CONTRIBUTING.md Contribution, provider, and test workflow
SECURITY.md Vulnerability reporting policy
THIRD_PARTY_NOTICES.md Third-party attribution and redistribution notes

Support

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pawnlogic-0.1.7.tar.gz (346.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pawnlogic-0.1.7-py3-none-any.whl (289.1 kB view details)

Uploaded Python 3

File details

Details for the file pawnlogic-0.1.7.tar.gz.

File metadata

  • Download URL: pawnlogic-0.1.7.tar.gz
  • Upload date:
  • Size: 346.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pawnlogic-0.1.7.tar.gz
Algorithm Hash digest
SHA256 1221703eefc4a02b43588a706fcf5cb7202b4af69d627563c2e695513a31605d
MD5 c690da9d478806bebce0c8083dace244
BLAKE2b-256 017735207c4e7fd9069dcaa6b63cedb059a966f864cd27840395897436e0dec4

See more details on using hashes here.

Provenance

The following attestation bundles were made for pawnlogic-0.1.7.tar.gz:

Publisher: publish.yml on john0123412/PawnLogic

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pawnlogic-0.1.7-py3-none-any.whl.

File metadata

  • Download URL: pawnlogic-0.1.7-py3-none-any.whl
  • Upload date:
  • Size: 289.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pawnlogic-0.1.7-py3-none-any.whl
Algorithm Hash digest
SHA256 dab7eec130bbfc369764690a054f4df8e48ba46fbebd30ecc248f5a8f7407da8
MD5 5d535c1c7f8698184f6074190ea36aaf
BLAKE2b-256 f0d950cec9949890c4524426229ae1504323abefb061d4f4bc34d4f7a7a664e8

See more details on using hashes here.

Provenance

The following attestation bundles were made for pawnlogic-0.1.7-py3-none-any.whl:

Publisher: publish.yml on john0123412/PawnLogic

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page