Agentic orchestrator for parallel coding agents — plans tasks, spawns agents, and autonomously handles CI fixes, merge conflicts, and code reviews.
Go to file
Prateek 65c1b3c841 feat: validate tracker issues on spawn with fail-fast behavior
Adds validation to ensure issue IDs exist in tracker before spawning sessions,
preventing broken metadata and dashboard links.

**Implementation:**
- Added `isIssueNotFoundError()` helper to detect "not found" vs other errors
- Session manager validates issues BEFORE creating resources (fail-fast)
- Clear error messages distinguish issue not found vs auth/network errors
- Batch-spawn continues on failures, reports summary

**Key Design:**
- No auto-creation - orchestrator handles issue creation separately
- Libraries have no console output (CLI handles user messaging)
- Simple error handling without misleading categorization
- Tracker-agnostic via pattern matching on error messages

**Testing:**
- Unit tests cover validation flow and error detection
- All CI checks passing (Lint, Typecheck, Test, Integration)
- Bugbot approved

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-16 11:02:43 +05:30
.changeset feat: publish to npm under @composio scope (#32) 2026-02-15 04:28:57 +05:30
.cursor feat: publish to npm under @composio scope (#32) 2026-02-15 04:28:57 +05:30
.github/workflows feat: implement comprehensive security audit and secret leak prevention (#67) 2026-02-16 10:33:50 +05:30
.husky feat: implement comprehensive security audit and secret leak prevention (#67) 2026-02-16 10:33:50 +05:30
artifacts feat: publish to npm under @composio scope (#32) 2026-02-15 04:28:57 +05:30
docs feat: implement comprehensive security audit and secret leak prevention (#67) 2026-02-16 10:33:50 +05:30
packages feat: validate tracker issues on spawn with fail-fast behavior 2026-02-16 11:02:43 +05:30
scripts feat: add agent-orchestrator (ao) as a self-hosting project 2026-02-13 15:44:17 +05:30
.gitignore feat: implement comprehensive security audit and secret leak prevention (#67) 2026-02-16 10:33:50 +05:30
.gitleaks.toml feat: implement comprehensive security audit and secret leak prevention (#67) 2026-02-16 10:33:50 +05:30
.npmrc feat: publish to npm under @composio scope (#32) 2026-02-15 04:28:57 +05:30
.prettierignore chore: add ESLint, Prettier, CI workflow, and comprehensive CLAUDE.md conventions 2026-02-13 18:01:52 +05:30
.prettierrc chore: add ESLint, Prettier, CI workflow, and comprehensive CLAUDE.md conventions 2026-02-13 18:01:52 +05:30
CLAUDE.md fix: prevent "Leave Site?" dialog on session pages (#47) 2026-02-15 19:39:53 +05:30
CLAUDE.orchestrator.md fix: address all review comments, lint/format, bugbot issues 2026-02-13 18:42:45 +05:30
DASHBOARD_FIXES_SUMMARY.md fix: resolve dashboard GitHub API rate limiting and PR enrichment (#37) 2026-02-15 04:14:54 +05:30
LICENSE feat: publish to npm under @composio scope (#32) 2026-02-15 04:28:57 +05:30
README.md feat: implement comprehensive security audit and secret leak prevention (#67) 2026-02-16 10:33:50 +05:30
SECURITY.md feat: implement comprehensive security audit and secret leak prevention (#67) 2026-02-16 10:33:50 +05:30
agent-orchestrator.yaml Wire xterm.js terminal embed into web dashboard (#29) 2026-02-15 01:37:07 +05:30
agent-orchestrator.yaml.example feat: layered prompt system for agent sessions (#27) 2026-02-14 20:07:13 +05:30
eslint.config.js feat: implement DirectTerminal with XDA clipboard support (#55) 2026-02-16 04:34:15 +05:30
package.json feat: implement comprehensive security audit and secret leak prevention (#67) 2026-02-16 10:33:50 +05:30
pnpm-lock.yaml feat: implement comprehensive security audit and secret leak prevention (#67) 2026-02-16 10:33:50 +05:30
pnpm-workspace.yaml feat: scaffold TypeScript monorepo with all plugin interfaces 2026-02-13 17:02:42 +05:30
tsconfig.base.json feat: scaffold TypeScript monorepo with all plugin interfaces 2026-02-13 17:02:42 +05:30

README.md

Agent Orchestrator

Open-source system for orchestrating parallel AI coding agents. Agent-agnostic, runtime-agnostic, tracker-agnostic.

Core principle: Push, not pull. Spawn agents, walk away, get notified when your judgment is needed.

Features

  • 8 plugin slots — Runtime (tmux, docker, k8s), Agent (Claude Code, Codex, Aider), Workspace (worktree, clone), Tracker (GitHub, Linear), SCM (GitHub), Notifier (desktop, Slack), Terminal (iTerm2, web), Lifecycle (core)
  • Agent-agnostic — Works with Claude Code, Codex, Aider, Goose, or custom agents
  • Runtime-agnostic — Run in tmux (local), Docker, Kubernetes, SSH, or E2B
  • Tracker-agnostic — GitHub Issues, Linear, Jira (extensible)
  • Auto-reactions — CI failures, review comments, merge conflicts → auto-handled
  • Push notifications — Desktop, Slack, Discord, Webhook, Email
  • Web dashboard — Real-time session monitoring with SSE
  • TypeScript — Strict types, ESM modules, Zod validation

Quick Start

# Install dependencies
pnpm install

# Build all packages
pnpm build

# Copy and configure
cp agent-orchestrator.yaml.example agent-orchestrator.yaml
# Edit agent-orchestrator.yaml with your settings (see Configuration section)

# Start the web dashboard
cd packages/web
pnpm dev

# Or use the CLI
pnpm --filter @composio/ao-cli build
./packages/cli/bin/ao.js start

Configuration

Agent Orchestrator reads agent-orchestrator.yaml from your working directory.

Minimal Example

# Paths
dataDir: ~/.agent-orchestrator
worktreeDir: ~/.worktrees
port: 3000

# Projects
projects:
  my-app:
    repo: org/my-app
    path: ~/my-app
    defaultBranch: main

Using Secrets Securely

⚠️ NEVER commit real secrets to git!

Use environment variables for all tokens and API keys:

notifiers:
  slack:
    plugin: slack
    webhookUrl: ${SLACK_WEBHOOK_URL}  # Reference env var

projects:
  my-app:
    tracker:
      plugin: linear
      apiKey: ${LINEAR_API_KEY}  # Reference env var

Then set in your shell:

export SLACK_WEBHOOK_URL="https://hooks.slack.com/services/..."
export LINEAR_API_KEY="lin_api_..."
export GITHUB_TOKEN="ghp_..."

See SECURITY.md for best practices.

Full Example

See agent-orchestrator.yaml.example for all options.

Commands

# Development
pnpm install          # Install dependencies
pnpm build            # Build all packages
pnpm dev              # Start web dashboard (dev mode)
pnpm test             # Run tests

# Code quality
pnpm lint             # Check linting
pnpm lint:fix         # Auto-fix linting
pnpm format           # Format with Prettier
pnpm typecheck        # TypeScript type checking

# Package management
pnpm clean            # Clean build artifacts

Architecture

Plugin Slots

Every abstraction is swappable:

Slot Interface Default Plugins
Runtime Runtime tmux, process, docker, kubernetes, ssh, e2b
Agent Agent claude-code, codex, aider, goose, opencode
Workspace Workspace worktree, clone
Tracker Tracker github, linear
SCM SCM github
Notifier Notifier desktop, slack, composio, webhook
Terminal Terminal iterm2, web
Lifecycle (core)

All interfaces defined in packages/core/src/types.ts.

Directory Structure

packages/
  core/          — @composio/ao-core (types, config, services)
  cli/           — @composio/ao-cli (the `ao` command)
  web/           — @composio/ao-web (Next.js dashboard)
  plugins/
    runtime-{tmux,process,docker,kubernetes,ssh,e2b}/
    agent-{claude-code,codex,aider,goose,opencode}/
    workspace-{worktree,clone}/
    tracker-{github,linear}/
    scm-github/
    notifier-{desktop,slack,composio,webhook}/
    terminal-{iterm2,web}/
  integration-tests/

Security

🔒 This repository uses automated secret scanning to prevent accidental commits of API keys, tokens, and other secrets.

For Developers

  • Pre-commit hook — Scans staged files before every commit
  • CI pipeline — Scans full git history on every push/PR
  • Gitleaks — Industry-standard secret detection

Before committing:

# Scan current files
gitleaks detect --no-git

# Scan staged files (automatic in pre-commit hook)
gitleaks protect --staged

For Users

  • Use environment variables for all secrets
  • Never hardcode tokens in config files
  • Store agent-orchestrator.yaml securely (it's in .gitignore)
  • Rotate tokens regularly

See SECURITY.md for detailed security practices and how to report vulnerabilities.

Required Secrets

Depending on which features you use, you may need:

Service Environment Variable Where to Get
GitHub GITHUB_TOKEN https://github.com/settings/tokens
Linear LINEAR_API_KEY https://linear.app/settings/api
Slack SLACK_WEBHOOK_URL https://api.slack.com/messaging/webhooks
Anthropic ANTHROPIC_API_KEY https://console.anthropic.com/

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Run tests: pnpm test
  5. Run linting: pnpm lint && pnpm typecheck
  6. Commit (pre-commit hook will scan for secrets)
  7. Open a pull request

See CLAUDE.md for code conventions and architecture details.

License

MIT — see LICENSE file.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@composio.dev. See SECURITY.md for details.

Tech Stack

  • TypeScript (ESM modules, strict mode)
  • Node 20+
  • pnpm workspaces
  • Next.js 15 (App Router) + Tailwind
  • Commander.js CLI
  • YAML + Zod config
  • Server-Sent Events for real-time
  • ESLint + Prettier
  • vitest for testing

Resources