-
Notifications
You must be signed in to change notification settings - Fork 8
Home
scottgl edited this page May 5, 2026
·
4 revisions
skelm is a TypeScript-first framework for authoring, running, and operating secure, agentic, long-running workflows. Build workflows as typed TypeScript modules with default-deny permissions, multi-backend agents, MCP-native integration, and a self-hosted gateway.
- Installation — Install and set up skelm
- Quick Start Tutorial — Build your first workflow in 5 minutes
- Project Structure — Layout and conventions
-
Workflows — Pipeline architecture and typed orchestrations
- Typed Context Flow — How data flows through workflows
-
Step Kinds —
code(),llm(),agent() -
Control Flow —
parallel,forEach,branch,loop,wait
-
Permissions — Default-deny security model
- Trust Boundary — Gateway as single enforcement point
- Security Best Practices — Hardening checklist
- Approval Gates — Human-in-the-loop approvals
-
Backend Architecture — Model vs Agent providers
- Available Backends — LLM and agent options
-
Agent Definitions —
AGENTS.mdandSOUL.mdformats -
Skills System — Capabilities as data (
SKILL.mdformat) - MCP Integration — Model Context Protocol servers
-
State Storage — RunStore, KV, append-only journals
- RunStore Architecture — Persistent state handling
- Idempotency Patterns — Safe retry & dedup
-
Audit Log — Hash-chained, tamper-evident event log
- Event Bus — Structured run events
- OpenTelemetry — Distributed tracing
- Prometheus Metrics — Monitoring & alerting
- Gateway Service — Long-running orchestrator, HTTP + SSE API
-
Configuration — Settings, env vars, runtime options
- Secrets — Credential handling
- Scheduling — Triggers, sources, automated execution
- CLI Reference — Complete command reference
- Deployment (systemd) — Production install, reverse proxy, monitoring
- Recipes Index — Email triage, ticket-to-PR, coding agent, HTTP enrichment, OTel exporter
- API Reference — Builder functions, control flow builders, types
- Contributing — Development setup, testing, code style, PR process
- Changelog — Version history and release notes
- Migration Guide — Breaking changes and upgrade steps
# Install globally
npm install -g skelm
# Initialize a new project
skelm init my-bot && cd my-bot
# Run your first workflow
skelm run workflows/hello.workflow.ts --input '{"name":"world"}'| Feature | Description |
|---|---|
| Default-Deny Security | Every agent step declares allowed tools, executables, MCP servers, network egress, and filesystem roots |
| TypeScript-Native | Workflows are real .ts modules — refactor, test, type-check, version like any other code |
| Multi-Backend Agents | Opencode, ACP (Copilot, Claude Code, Gemini), OpenAI, Anthropic, Pi — provider SPI for custom ones |
| MCP-Native | Model Context Protocol servers are first-class registry citizens, lifecycle-managed by the gateway |
| Long-Running Gateway | Hosts workflows over HTTP + SSE, drives the scheduler, owns the trust boundary |
| Local-First | SQLite by default; Postgres + vault drivers for production. No managed cloud, no telemetry |
- Security — Default-deny everywhere. A backend that cannot enforce a declared permission fails at step start instead of bypassing it. The gateway is the single trust boundary.
- Maintenance — A small core, a narrow public surface, no DSL. Workflows are TypeScript modules.
- Robustness — Typed context end-to-end. Explicit error semantics. Deterministic event log. Durable wait/resume. Persistent state and per-agent workspaces.
- Quick Start Tutorial — Build your first workflow
- Workflows — Understand the architecture
- Permissions — Learn the security model
- Recipes — See real-world examples