
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
Agent-neutral MCP runtime for virtual engineering teams with workflow gates, global memory, and traceable ChangeSets.
Turn AI coding agents into a traceable virtual engineering team.
Quickstart · MCP Config · How It Works · Docs · 中文
AgentWolf is an agent-neutral MCP runtime for organizing Codex, Claude Code, Cursor, Gemini CLI, and similar tools into a disciplined engineering workflow.
It does not replace coding agents. It gives them the process around coding:
Coding agents can produce code quickly, but production engineering also needs scope, design, verification, review, release notes, rollback, and learning.
This project provides the control plane for that work. The workflow runtime owns process decisions; external agents execute delegated role tasks.
Install globally:
npm install -g agentwolf
agentwolf server
Or run with npx:
npx -y agentwolf server
From source:
git clone https://github.com/PercivalLin/agentwolf.git
cd agentwolf
npm run verify
node ./bin/agentwolf.mjs server
Requires Node.js 20 or newer.
Using npm:
{
"mcpServers": {
"agentwolf": {
"command": "npx",
"args": ["-y", "agentwolf", "server"],
"env": {
"AGENTWOLF_HOME": "/Users/you/.agentwolf"
}
}
}
}
Using a local checkout:
{
"mcpServers": {
"agentwolf": {
"command": "node",
"args": ["/absolute/path/to/agentwolf/bin/agentwolf.mjs", "server"],
"env": {
"AGENTWOLF_HOME": "/Users/you/.agentwolf"
}
}
}
}
AGENTWOLF_HOME is optional. By default, global memory is stored in ~/.agentwolf.
Use advance_workflow as the main entrypoint:
{
"project_root": "/absolute/path/to/target-product",
"product_goal": "Build a traceable task manager with owners, status history, and audit export.",
"adapter": "codex",
"risk_level": "medium"
}
The runtime will scan the repository, retrieve global experience, generate role artifacts, ask only for high-impact unknowns, and stop at the next user decision, external agent task, gate blocker, or audit completion.
user product goal
-> context scan
-> global memory retrieval
-> clarification gate
-> requirements
-> architecture
-> planning
-> role task packet
-> evidence / ChangeSet / review
-> audit bundle
The workflow adapts the next execution role to the task type. Implementation work goes to Developer, documentation work goes to Writer, security review goes to Security, and read-only analysis goes to Reviewer.
Project-local workflow data is written to the target repository:
<target-project>/.agentwolf/
<target-project>/docs/ai-artifacts/
Global memory is written to:
~/.agentwolf/
These logs can contain sensitive project details. Review them before sharing.
| Guide | Purpose |
|---|---|
| Architecture | Runtime components and trust boundaries. |
| Workflow | Phases, gates, stopping points, and feedback. |
| MCP Tools | Public tool list and call patterns. |
| Roles | Virtual team roles and handoff rules. |
| Data And Traceability | Logs, ChangeSets, evidence, and audit trails. |
| Repository Structure | Source tree and contribution map. |
| Publishing | GitHub and npm release checklist. |
Examples live in examples/.
npm run check
npm test
npm run verify
npm run ci
npm run ci runs syntax checks, tests, audit, and package dry-run validation.
Early alpha. The MCP runtime, role packets, trace ledger, task-scoped gates, evidence validation, global memory, and audit bundle export are implemented. External adapters are currently task-packet based, not full external-agent process supervisors.
MIT
FAQs
Agent-neutral MCP runtime for virtual engineering teams with workflow gates, global memory, and traceable ChangeSets.
We found that agentwolf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.