Verified orchestration, role routing, and evidence-backed delivery for OpenAI Codex.
Fork repository · Quick start · Examples · Russian version
AgentFlow is a local orchestration and verification framework for Codex. It turns an explicitly marked prompt into a controlled engineering run with project memory, scoped lanes, architecture gates, trace validation, mandatory independent QA where required, and a local CodeGraph fact layer.
Use it when a coding agent must do more than make a small edit. AgentFlow is for work that needs bounded scope, evidence, reviewable handoffs, and a clear answer to: what changed, why is it safe, and how was it checked?
AgentFlow is built for Codex with OpenAI models. Claude Code, Cursor, Hermes, and other hosts are outside this package scope.
This README documents the maintained
agentHits/agent-flow
fork and its
agentHits branch.
You need Codex, Git, and Python. Python 3.12 is the tested and recommended version used by this repository's CI. AgentFlow works in the Codex desktop app, CLI, and IDE extension. If this is an existing installation, skip to Update.
mkdir -p "$HOME/.codex/skills" "$HOME/.agents/skills" "$HOME/.codex/agents"
git clone --branch agentHits --single-branch \
https://github.com/agentHits/agent-flow.git \
"$HOME/.codex/skills/agent-flow"
if [ ! -e "$HOME/.agents/skills/agent-flow" ]; then
ln -s "$HOME/.codex/skills/agent-flow" \
"$HOME/.agents/skills/agent-flow"
fi
python3 "$HOME/.codex/skills/agent-flow/scripts/sync-native-agent-configs.py" \
--target "$HOME/.codex/agents"
python3 "$HOME/.codex/skills/agent-flow/scripts/check-agent-deps.py" \
--post-install$directories = @(
"$HOME\.codex\skills"
"$HOME\.agents\skills"
"$HOME\.codex\agents"
)
foreach ($directory in $directories) {
New-Item -ItemType Directory -Force -Path $directory | Out-Null
}
git clone --branch agentHits --single-branch `
https://github.com/agentHits/agent-flow.git `
"$HOME\.codex\skills\agent-flow"
if (-not (Test-Path "$HOME\.agents\skills\agent-flow")) {
New-Item -ItemType Junction `
-Path "$HOME\.agents\skills\agent-flow" `
-Target "$HOME\.codex\skills\agent-flow" | Out-Null
}
py "$HOME\.codex\skills\agent-flow\scripts\sync-native-agent-configs.py" `
--target "$HOME\.codex\agents"
py "$HOME\.codex\skills\agent-flow\scripts\check-agent-deps.py" `
--post-installUse python instead of py if that is how Python is exposed on your system.
The install uses two skill paths intentionally:
| Path | Purpose |
|---|---|
~/.codex/skills/agent-flow |
managed Git checkout used by the AgentFlow updater and sync tools |
~/.agents/skills/agent-flow |
discovery link in Codex's documented user-skill directory |
~/.codex/agents/agent-flow-*.toml |
generated native role profiles with model and reasoning policy |
Codex supports symlinked skill folders. See the official Codex skills documentation and custom agents documentation.
Start a new Codex task after installation so Codex can discover the skill
and native role profiles. Open /skills and confirm that agent-flow appears,
then send:
$agent-flow Read this repository and its project instructions. Do not change files. Summarize the architecture, active work, verification commands, and risks.
If Codex reports a missing optional dependency, follow the install plan printed
by check-agent-deps.py. The post-install check does not install anything
silently.
The global discovery link makes AgentFlow available from every project folder; you do not need to clone it into every repository. Open a repository in Codex, start a new task, and include one of these explicit markers in the request:
Agent Flow <task>
AgentFlow <task>
$agent-flow <task>
agent-flow <task>
AgentFlow chooses the smallest useful workflow, reads project-local instructions and task memory, keeps changes scoped, runs relevant checks, and requires a real independent reviewer for file-changing work. It does nothing when the latest request does not contain an AgentFlow marker.
The global installation is enough to invoke AgentFlow from any project folder.
AgentFlow may bootstrap .codex/skills/agent-flow inside a repository so later
runs use the same project-local workflow. You do not need to create that copy
manually.
If a repository already contains a project-local AgentFlow copy, refresh and register that existing directory with:
python3 "$HOME/.codex/skills/agent-flow/scripts/sync-project-agent-flow.py" \
--target "/path/to/project/.codex/skills/agent-flow"Successful project syncs register the target locally. Future global updates
then refresh registered copies automatically without scanning arbitrary
folders. The target directory must already exist; see Update for
first-sync safety rules when the project ignores .codex.
AgentFlow uses only the GPT-5.6 Codex family for child roles. Luna is the
minimum allowed model, Terra is the default for bounded implementation and
research lanes, and Sol is reserved for orchestration, architecture, review,
product/design judgment, critical QA, and justified escalation. Spark and
older model families are not accepted. Child roles never use ultra;
max is allowed only for an escalated Sol profile.
The canonical policy lives in agents/*.md. The generated native-agents/
TOML profiles make that policy selectable through Codex custom agents, while
references/model-routing.md lists the complete role matrix and escalation
rules. If a Codex subagent surface cannot select those profiles,
scripts/launch-verified-agent.py provides a separate fail-closed CLI path:
it reports verified only after persisted runtime model and effort readback
exactly matches the resolved policy. Add --return-final-message for a
critical reviewer: AgentFlow then returns the complete review only after the
private --output-last-message file matches JSONL and source/model/reasoning/cwd
readback. That one verified CLI reviewer can satisfy the mandatory review gate;
it does not require a duplicate native reviewer.
AgentFlow is not a wrapper around these projects, and none of them are runtime dependencies. They were used as research and design references for the shape of AgentFlow: local state, evidence-backed gates, reviewable handoffs, CodeGraph, and controlled learning from verified runs.
GitHub repositories:
- kayba-ai/agentic-context-engine for structured local learning, skillbook-style entries, provenance, and counter-based reflection.
- hexo-ai/sia for self-improvement loops that separate harness changes from model changes.
- Ancienttwo/repo-harness for repo-local workflow state, contracts, checks, review evidence, and handoffs.
- DanMcInerney/architect-loop for architect/builder separation, source-backed design, and boundary evidence.
- DietrichGebert/ponytail for the Engineering Simplicity Gate: prefer native, minimal, existing code before adding abstractions or dependencies.
- unclebob/swarm-forge for simple multi-agent coordination, durable handoffs, and work queue discipline.
- DeusData/codebase-memory-mcp for code intelligence and knowledge-graph tradeoffs that informed local CodeGraph boundaries.
arXiv papers:
- Evolving Contexts for Self-Improving Language Models for Agentic Context Engineering and structured context evolution.
- SIA: Self Improving AI with Harness & Weight Updates for separating harness learning from weight-update learning.
- Self-Harness: Harnesses That Improve Themselves for the idea that the harness itself can be improved through evaluation evidence, with guardrails.
Coding agents fail in predictable ways:
- they drift outside the requested scope;
- they make architecture claims that are not backed by files, tests, or traces;
- they call role-lane work a subagent run when no subagent trace exists;
- they close implementation work without independent QA;
- they mark risky work as
pass-with-riskswithout resolving the risk; - they repeat local mistakes because previous lessons were not structured.
AgentFlow turns those failure modes into gates. The user does not choose a workflow depth manually. The orchestrator reads the task, checks project state, chooses the smallest useful route, and requires evidence before a positive final answer.
AgentFlow runs only when the latest user request contains one of these markers:
Agent Flow <task>
AgentFlow <task>
$agent-flow <task>
agent-flow <task>
The marker can appear at the beginning, middle, or end of the prompt. Requests
without a marker stay outside AgentFlow and run as ordinary solo Codex work.
Project AGENTS.md files cannot force AgentFlow on.
AgentFlow has seven main layers.
The orchestrator owns routing, sequencing, lane coordination, and final
integration. It decides whether a task stays solo, needs trace artifacts, or
should split into role lanes or real subagents. light keeps work small.
standard and release may use architecture, implementation, QA, review, and
integration lanes when the extra control is worth the cost.
AgentFlow reads the current project's task memory before feature work. The Concurrent Project Work Gate lets multiple chats work in one repository when their task ownership is clear and their surfaces do not overlap. The Dependency Gate blocks or pauses only when another active task may touch the same files, API, data model, UI flow, tests, deploy path, or acceptance criteria.
Task Status Completion Gate keeps memory honest: completed work must move from
in_progress to done after verification or commit evidence exists.
Commit and push are scoped to the current chat/run: AgentFlow must stage only run-owned changes with explicit pathspecs and leave unrelated dirty files untouched.
For architecture-sensitive work, AgentFlow requires an Architecture Contract before workers start. Schema v2 trace runs can include:
- Architecture Matrix facets for product, surface, stack, risk, and verification context;
- Architecture Capability Router selections from
registries/architecture-capabilities.json; - Architecture Design Mode and an approved Architecture Design Brief;
- Architecture Artifact Authoring Automation through
init-run.py --architecture-gate; - Architecture Context Propagation from architect to workers, QA, and reviewer;
- Architecture Execution Control, including Engineering Simplicity Gate, Simplicity Scope Coverage, Lane Boundary Evidence Gate, and Claim Evidence Gate.
These gates are not checklist text. scripts/validate-run.py blocks positive
final verdicts when required artifacts are missing, stale, out of order, or not
backed by evidence.
Implementation and change runs that touch product files, tests, runtime docs,
validator behavior, templates, golden traces, ADR/spec/plan status, or commits
must run one real reviewer subagent before a positive final answer. Prefer a
native custom agent when its launcher can enforce selection and return runtime
readback. Otherwise use one separate verified CLI reviewer with
--return-final-message.
Role-lane review does not satisfy this gate. The run must provide:
delegation-summary.jsonwith a reviewer subagent record;- an agent trace with a spawned event and
codex_thread_id; - a terminal reviewer handoff;
- a final
Mandatory Independent QA Reviewevidence section.
For the verified CLI route, the spawned trace also carries verified
source/model/reasoning/cwd plus handoff_output byte count, SHA-256, and exact
JSONL-match evidence. The handoff bytes must match that digest. Complete CLI
evidence satisfies the gate once; a second native reviewer is not required.
If the subagent tool cannot launch or the reviewer runtime fails, the run closes
as blocked. AgentFlow must not fall back to solo review for mandatory QA.
Traceable work stores durable evidence under a local run directory. The central
file is lane-map.json; the validator checks lane ownership, handoffs,
artifact paths, timeline events, subagent traces, architecture controls,
handoff state, acceptance traceability, contract negative fixtures, and final
verdict rules. Opt-in Handoff State Gate uses handoff_state_required plus
scripts/record-handoff-state.py for queued, accepted, and completed
lane lifecycle state.
Golden Trace Runs in testdata/golden-traces/ are the runtime acceptance pack.
They include both valid and intentionally invalid runs, so changes to the gates
are tested against persisted traces instead of isolated unit cases only.
CodeGraph is a local fact layer for AgentFlow. It indexes the current working tree into SQLite and answers dependency, impact, test, context, boundary, and task-overlap questions through JSON-only CLI commands.
Public command:
python3 scripts/codegraph.py index
python3 scripts/codegraph.py status
python3 scripts/codegraph.py impact --target scripts/validate-run.py
python3 scripts/codegraph.py tests --target scripts/codegraph.py
python3 scripts/codegraph.py context --target CodeGraphError
python3 scripts/codegraph.py boundary --path scripts/codegraph.py --allowed 'scripts/**'
python3 scripts/codegraph.py deps --active-task 'edit validator' --new-task 'edit codegraph'
python3 scripts/codegraph.py doctorStorage and config:
.agent-work/codegraph/codegraph.sqlite
.agent-work/codegraph/config.json
CodeGraph v1 indexes tracked, dirty, and relevant untracked files while
respecting git ignore rules. It supports Python plus TypeScript/JavaScript with
Tree-sitter adapters and Python ast enrichment.
Boundary checks are graph-backed: boundary now fails when either direct
changed paths or graph-derived affected_surface_violations leave allowed
patterns or match forbidden patterns. CodeGraph is support evidence, not the
sole authority for release or security decisions.
AgentFlow learns locally, not globally. Harness Evaluation Loop writes
harness-evaluation.json when a run produces useful learning evidence:
continuation, blocked recovery, risk resolution, architecture drift, readiness
recovery, or a non-positive architecture final.
Validated findings can be promoted only into the current project's
## Evidence Records. Architecture Matrix, capability registry, role prompts,
validator guards, and Golden Trace Runs remain canonical runtime artifacts.
Promoted records use an ACE-inspired shape: Section, Keywords,
Provenance, Helpful, Harmful, Neutral, and Active. These fields help
the analyzer separate task context lessons from harness/runtime lessons, count
helpful or harmful reuse, and keep inactive evidence out of promotion decisions.
They do not add an ace-framework dependency, MCP server, vector store, or
separate skillbook. Outcome, Evidence, reuse boundaries, and fresh
verification remain the gate authority.
| Path | Purpose |
|---|---|
SKILL.md |
Codex entrypoint and runtime contract |
agents/*.md |
bundled role prompts |
agents/agent-identities.json |
stable role identities for traces and handoffs |
references/architecture-matrix.md |
reusable architecture facets |
references/architecture-capability-router.md |
capability routing and Soft Skill Binding |
references/architecture-artifact-authoring.md |
generated architecture artifact contract |
references/traceable-runs.md |
run directory structure and validator contract |
references/harness-evaluation-loop.md |
local learning contract |
references/definition-of-done.md |
completion gates |
references/delegation.md |
subagent and role-lane delegation rules |
references/role-catalog.md |
role lifecycle and boundaries |
requirements-codegraph.txt |
pinned CodeGraph parser dependencies |
requirements-integration.txt |
pinned live PostgreSQL integration dependencies |
requirements-dev.txt |
all local validation dependencies |
scripts/codegraph.py |
local CodeGraph CLI and SQLite indexer |
scripts/test-codegraph.py |
CodeGraph fixture and contract tests |
scripts/test-postgres-integration.py |
live PostgreSQL 18.4 integration fixtures |
scripts/check-all.py |
repository validation suite |
scripts/validate-run.py |
trace and lane-map validator |
scripts/init-run.py |
trace skeleton generator |
scripts/finalize-run.py |
final timeline, terminal handoff, and Harness Evaluation helper |
scripts/sync-project-agent-flow.py |
sync this checkout into a project-local Agent Flow copy |
scripts/sync-native-agent-configs.py |
render and safely install namespaced Codex custom-agent TOML profiles |
scripts/launch-verified-agent.py |
launch a resolved role through Codex CLI with fail-closed persisted runtime readback |
scripts/record-handoff-state.py |
Handoff State Gate state recorder |
scripts/record-lane-boundary.py |
worker changed-path boundary recorder |
scripts/promote-harness-evaluation.py |
promotion from Harness Evaluation into Evidence Records |
scripts/analyze-evidence-records.py |
local learning analyzer |
scripts/test-golden-traces.py |
Golden Trace Runs acceptance runner |
testdata/codegraph/ |
CodeGraph fixture notes |
testdata/golden-traces/ |
full valid and invalid trace fixtures |
The repository currently ships 27 roles and tracks 138 role skill dependencies.
The Quick Start installs the AgentFlow runtime and native role profiles. The dependencies below are optional for normal use; install them when you want local CodeGraph support or when developing and validating AgentFlow itself.
Install CodeGraph parser dependencies when you need CodeGraph locally:
python3 -m pip install -r ~/.codex/skills/agent-flow/requirements-codegraph.txt
python3 ~/.codex/skills/agent-flow/scripts/codegraph.py doctorInstall all validation dependencies when you need the full local suite, including the PostgreSQL integration fixtures:
python3 -m pip install -r ~/.codex/skills/agent-flow/requirements-dev.txtThe PostgreSQL integration test uses Testcontainers and starts an isolated
postgres:18.4 container. Docker must be available on CI, and CI forces
AGENT_FLOW_POSTGRES_PROVIDER=testcontainers so the local PostgreSQL fallback
cannot hide Docker/Testcontainers failures. On local machines, the default
provider is auto: it tries Testcontainers first and, without Docker, falls
back to installed PostgreSQL 18.4 binaries by creating a temporary cluster in a
private directory. The fallback checks postgres --version before startup and
fails with install/update guidance if the local binary is missing or older. On
macOS/Homebrew, install or select the matching keg with:
brew install postgresql@18
export PATH="/opt/homebrew/opt/postgresql@18/bin:$PATH"The fixture also detects the common Homebrew postgresql@18 keg before using
an older PostgreSQL found on PATH. Docker PostgreSQL 18 changed its default
PGDATA layout, but these tests use ephemeral containers without mounted data
volumes. The test does not read project .env files and does not connect to
dev or production databases.
Provider selection can be forced explicitly:
AGENT_FLOW_POSTGRES_PROVIDER=testcontainers python3 ~/.codex/skills/agent-flow/scripts/check-all.py --integration
python3 ~/.codex/skills/agent-flow/scripts/test-postgres-integration.py --provider localUse testcontainers when you need proof that Docker starts postgres:18.4.
Use local when you intentionally want the isolated PostgreSQL 18.4 fallback.
Preview the update first, then fast-forward the managed checkout from this
fork's agentHits branch:
python3 ~/.codex/skills/agent-flow/scripts/update-agent-flow-skill.py --branch agentHits --dry-run
python3 ~/.codex/skills/agent-flow/scripts/update-agent-flow-skill.py --branch agentHitsPowerShell:
py "$HOME\.codex\skills\agent-flow\scripts\update-agent-flow-skill.py" `
--branch agentHits `
--dry-run
py "$HOME\.codex\skills\agent-flow\scripts\update-agent-flow-skill.py" `
--branch agentHitsThe updater fetches origin, reports local state, and fast-forwards only a
clean checkout. Use --overwrite only when local edits or divergent commits
should be discarded deliberately.
The updater runs the full check suite by default. If the global Python environment is missing integration dependencies, install them before updating:
python3 -m pip install -r ~/.codex/skills/agent-flow/requirements-dev.txtIf the source checkout was already verified and you only need to fast-forward
the global checkout and sync registered project-local copies, use
--skip-check, then run at least the unit suite from a prepared environment:
python3 ~/.codex/skills/agent-flow/scripts/update-agent-flow-skill.py --branch agentHits --skip-check
python3 ~/.codex/skills/agent-flow/scripts/check-all.py --unitAfter a successful global update, the updater automatically syncs registered
project-local Agent Flow copies. Project copies are registered when they are
created or refreshed with scripts/sync-project-agent-flow.py. The updater
does not scan arbitrary folders. It refuses dirty project-local package copies
unless you pass --project-overwrite, and you can opt out with
--skip-project-sync.
The updater and project-copy sync also install namespaced
agent-flow-*.toml profiles into the matching .codex/agents directory.
AgentFlow records ownership hashes and refuses to replace a foreign or locally
modified profile. Use --native-agent-overwrite only after reviewing that
local edit, or --skip-native-agent-sync to opt out. Start a new Codex task
after installing or refreshing profiles so the runtime can discover them.
Sync this checkout into a project-local Agent Flow copy:
cd agent-flow
python3 scripts/sync-project-agent-flow.py \
--target ../project/.codex/skills/agent-flowThe sync command copies package files and preserves local .agent-work and
.code-review-graph. If the target itself is a standalone Agent Flow checkout,
the command also aligns git metadata with git reset --mixed instead of
reset --hard. If the target is nested inside a product repository, the command
uses file-only sync, checks dirtiness only under the target package path, and
never resets the parent product repository. If the parent repository ignores
the target package path, the first intentional replacement may require
--overwrite; the command then writes a local .agent-flow-sync-state.json so
later syncs can detect local package edits before overwriting them. Successful
syncs also update ~/.codex/agent-flow-project-copies.json, which is the local
registry used by the global updater's automatic project-copy sync.
To update every local project copy, register each existing copy once:
cd ~/.codex/skills/agent-flow
python3 scripts/sync-project-agent-flow.py \
--target /path/to/project/.codex/skills/agent-flow \
--skip-checkRepeat the command for every project that already has
.codex/skills/agent-flow. You can inspect the registered list with:
cat ~/.codex/agent-flow-project-copies.jsonAfter the copies are registered, future global updates are one command:
python3 ~/.codex/skills/agent-flow/scripts/update-agent-flow-skill.py --branch agentHitsThat command updates the global checkout first, then syncs all registered
project-local copies. If a project copy has local package edits, the updater
stops instead of overwriting it; inspect that copy first, then rerun with
--project-overwrite only when replacing those edits is intentional. The
registry is the authoritative list of local project copies to update; do not
hard-code personal machine paths in repository docs or scripts.
Start a new Codex task after an update so refreshed skill instructions and native role profiles are used by the new task.
Check that the discovery link and skill entrypoint exist:
ls -la ~/.agents/skills/agent-flow
test -f ~/.agents/skills/agent-flow/SKILL.md && echo "AgentFlow skill found"If the checkout exists but the link is missing, recreate only the link:
mkdir -p ~/.agents/skills
ln -s ~/.codex/skills/agent-flow ~/.agents/skills/agent-flowThen restart Codex if necessary and open a new task. Codex normally detects skill changes automatically, but a restart is the clean recovery path when it does not.
Check the installed profiles against the canonical role policy:
python3 ~/.codex/skills/agent-flow/scripts/sync-native-agent-configs.py \
--target ~/.codex/agents \
--checkIf the check fails, rerun the same command without --check to synchronize
AgentFlow-owned profiles. The sync refuses to overwrite foreign or locally
modified profiles unless you explicitly pass --overwrite.
AgentFlow only fast-forwards a clean managed checkout by default. Inspect the local changes before deciding what to do:
git -C ~/.codex/skills/agent-flow status --short --branch
python3 ~/.codex/skills/agent-flow/scripts/update-agent-flow-skill.py \
--branch agentHits \
--dry-runDo not use --overwrite unless discarding those local changes is intentional.
Inspect the registry and ask the updater to verify every registered copy:
cat ~/.codex/agent-flow-project-copies.json
python3 ~/.codex/skills/agent-flow/scripts/update-agent-flow-skill.py \
--branch agentHits \
--check-project-copiesThe updater never discovers project copies by scanning your disk. Register a
missing copy once with sync-project-agent-flow.py, as shown in
Quick Start.
Resolved policy is not the same as runtime proof. When the active launcher
cannot read back the actual child model and reasoning effort, AgentFlow keeps
the runtime status unverified. Use scripts/launch-verified-agent.py when
exact fail-closed runtime verification is required; see
Model Routing for the escalation and evidence
contract. For a final reviewer response in the same result, add
--return-final-message; AgentFlow releases handoff.text only after runtime
and output verification pass. Any timeout, output drift, or readback mismatch
returns no accepted text.
Run checks from repository root:
python3 scripts/check-all.py --unit
python3 scripts/check-all.py --integration
python3 scripts/check-all.py
python3 scripts/check-agent-deps.py --strict
python3 scripts/validate-architecture-capabilities.py
python3 scripts/codegraph.py doctor
python3 scripts/test-codegraph.py
python3 scripts/test-postgres-integration.py--unit runs the fast non-PostgreSQL validation suite. --integration runs
only the live PostgreSQL 18.4 fixture, using provider selection described
above. The default check-all.py command runs the full suite, including
PostgreSQL integration.
The same commands are exposed as npm aliases: npm run test:unit,
npm run test:integration, and npm test.
Expected final line from check-all.py:
PASS all Agent Flow checks
Read a repository without changing it:
Agent Flow Read the repository and project memory. Return active work, blocked items, next actions, and risks. Do not change anything.
Fix a bug with verification:
Agent Flow Investigate this bug: <description>. Find the cause, make the smallest fix, run checks, and return changed files plus residual risks.
Run architecture-sensitive work:
Agent Flow Implement <feature>. Use architecture gates where needed, keep worker changes inside approved boundaries, verify the result, and report evidence.
Use CodeGraph as support evidence:
Agent Flow Before changing <area>, run CodeGraph status, impact, tests, boundary, and deps checks. Use graph output as support evidence, then verify with normal tests.
Remove overengineering with Simplicity Gate:
Agent Flow Review this codebase for overengineering using Engineering Simplicity Gate and Simplicity Scope Coverage. Look for unnecessary abstractions, duplicated helpers, dependency drift, broad changes, or code that solves problems we do not have. Remove only evidence-backed issues, do not introduce new frameworks, preserve behavior, and verify the cleanup.
Prepare a release review:
Agent Flow Finish this feature for release. Run architecture, QA, and review gates, then return ship/pass-with-risks/blocked status with evidence.