← All projects

Omnigent

Open-source meta-harness: one orchestration layer over Claude Code, Codex, Cursor, Kimi, Pi and YAML-defined custom agents. Native bridges per agent, ALLOW/DENY/ASK policy gates, 8-provider cloud sandboxes, vendor-diverse code review.

Category
agent-platform
Language
Python · TypeScript · React
Runtime
Python 3.12+ · Node
Providers
In-house client (12 providers)
Agent loop
generator
Tool format
mcp / anthropic-tool_use / openai-fn
Memory
event-source
Caching
auto
Sandbox
docker + firewall + process
Pedagogical
★★★★★
Flags
multi-agent · thinking · md-skills · streaming
Concepts
agent-loop ·tool-calling-formats ·streaming-tools ·memory-compression ·prompt-caching ·extended-thinking ·multi-agent-coordination ·mailbox-patterns ·guardrails ·sandboxing ·provider-abstraction ·skills-as-md
Verified
cloned
Upstream
github.com/omnigent-ai/omnigent

What it is

A meta-harness. Omnigent doesn’t ship its own agent loop — it wraps the agents you already use (Claude Code, Codex, Cursor, Kimi, Pi, Goose, Qwen, OpenCode, plus YAML-defined customs) and gives them one shared session, one governance layer, and one set of cloud sandboxes. The real reasoning loop stays inside each wrapped CLI; Omnigent owns everything around it. For anyone building an orchestration layer over coding agents, this is the closest analogue in the corpus — and the single most relevant codebase here for Swisscheese.

What’s worth studying

Omnigent solves the problem most multi-agent projects dodge: how do you orchestrate agents you didn’t write and can’t fork?

  1. Inject without owning. Each wrapped agent gets a *_native* bridge family that attaches to the agent’s real CLI through whatever seam it exposes — tmux bracketed-paste + an MCP stdio server for Claude, a JSON-RPC app-server for Codex, HTTP+SSE for OpenCode, transcript-tailing of vendor JSONL/SQLite for Cursor/Goose/Kimi. Eleven agents, zero forks. The lesson: you integrate at the protocol the agent already speaks, not one you wish it spoke. See inject-without-owning.
  2. Everything is a child session. Delegating to a sub-agent, asking a second agent to review the first, even web_fetch — all reduce to the same primitive: post to a child conversation, end your turn, get woken by the inbox when it finishes. No bespoke RPC per feature. Because the unit of work is a conversation, every sub-task is shareable, resumable, and forkable for free. See everything-is-a-child-session.
  3. Two gates that never collapse. A policy ALLOW deliberately emits “no opinion,” not “allow,” so the deployment’s policy gate and the human’s consent prompt stay orthogonal — an org can block an action but can never silently approve one on the user’s behalf. Policies layer in three scopes (session → agent → server) and can only ever tighten. See two-gates-never-collapsed.
  4. The budget cap is a downgrade gate, not a kill switch. Hit your spend limit and Omnigent denies tool calls only while you’re on an expensive model — switch to a cheaper one with /model and you keep going. A guardrail that degrades gracefully is one people leave switched on. See cost-cap-as-downgrade-gate.
  5. Secretless sandboxes. Code in a sandbox authenticates to GitHub or an LLM API without ever holding the credential: a MITM egress proxy on the parent side injects the real Authorization header outbound, so nothing credential-shaped crosses the isolation boundary. See secretless-credential-proxy.

A sixth pattern is more methodology than trick: cross-vendor review by construction. In the bundled Polly/Scribe agents, the reviewer must run a different executor.harness than the writer, is handed only the diff and the contract (never the worktree), can report but not edit, and single-vendor availability is a hard refusal condition. That is a writer→reviewer→fixer pipeline encoded as a spec invariant.

Drill-down

The full per-doc analysis lives below — these are the original numbered analyses, rendered as styled HTML. Pick a section to study deeper.

Insights from this project

Non-obvious tricks pulled out as standalone study cards.