From dev to imperator β command a legion of bots at the next level. Veni, vidi, merged.
Bots, as code. Declarative workflow orchestration for AI agents.
Stop coding like a mortal. Define your bots as readable .bot files β chain agents, judges, routers, human gates, parallel branches, bounded loops, and budget caps into a single, auditable execution graph, then command from the next level.
β οΈ This project is highly experimental. APIs, DSL syntax, and storage formats may change without notice. Use at your own risk in production environments. Feedback and contributions are welcome!
π New here? Read Why Iterion? β the origin story, the patterns we've seen work, the asymptote lens that motivated the engine, and the workflow-lab dimension. Helps you decide whether Iterion fits how you work before you install anything.
- Why Iterion? β origin + recipe + asymptote + lab
- What is Iterion?
- Features
- Meet the legion
- Getting Started
- Workflow files
- A Taste of the DSL
- Documentation
- License
If you've ever noticed yourself repeating the same prompt-and-review patterns while vibe-coding with an LLM β "ask the model, eyeball the diff, ask it to fix what it missed, run the tests, ask again" β and wondered how to automate and optimize that loop, Iterion is built for you. Capture the pattern once as a .bot workflow, give it budget caps, parallel reviewers, judges and human gates, and let the engine run it deterministically every time.
Iterion is a workflow engine that turns .bot files into executable AI pipelines. You describe what your agents should do β review code, plan fixes, check compliance, ask a human β and Iterion handles how: scheduling branches in parallel, enforcing budgets, persisting state, and routing between nodes.
flowchart LR
BOT[".bot file"] --> PARSE["Parse"]
PARSE --> COMPILE["Compile"]
COMPILE --> VALIDATE["Validate"]
VALIDATE --> EXEC["Execute"]
EXEC --> NODES["agents, judges,<br/>routers, await,<br/>humans, tools<br/>running in parallel<br/>with budget tracking"]
NODES --> OUT["results, artifacts, event log"]
Think of it as a DAG runner purpose-built for LLM workflows β with first-class support for things like structured I/O, conversation sessions, human-in-the-loop pauses, and cost control.
The studio's visual editor β drag-and-drop graph, live diagnostics, and an inspector for every node. See more screenshots.
- π Declarative DSL β Human-readable
.botfiles with indentation-based syntax - π€ Multi-agent orchestration β Chain agents, judges, routers, and await-based convergence into complex graphs
- π₯οΈ Visual editor β Browser-based workflow builder with drag-and-drop, live validation, and source view
- π Human-in-the-loop β Pause for human input, auto-answer via LLM, or let the LLM decide when to ask β see docs/human-in-the-loop.md
- π Parallel branching β Fan-out via routers, converge at downstream nodes with
await: wait_all/await: best_effort - π§ 4 routing modes β
fan_out_all,condition,round_robin, andllm-driven routing - π Bounded loops β Retry and refinement cycles with configurable iteration limits
- π² Structured I/O β Typed schemas for inputs and outputs with enum constraints
- π MCP support β Declare MCP servers directly in
.botfiles (stdio,http) - π§ͺ Recipe system β Bundle workflows with presets for comparison and benchmarking
- π Mermaid diagrams β Auto-generate visual workflow diagrams (compact / detailed / full)
- π Delegation β Offload execution to external agents (Claude Code, Codex) with full tool access β works with Claude and ChatGPT/Codex subscriptions
- π Provider-agnostic β In-process
clawbackend supports Anthropic and OpenAI (validated), plus Bedrock, Vertex, Foundry (via the vendoredclaw-code-goSDK) - π° Budget enforcement β Shared, mutex-protected caps on tokens, cost (USD), duration, parallel branches, and loop iterations
- π‘οΈ Tool policies β Allowlist-based access control with exact, namespace, and wildcard matching
- π³ Worktree auto-finalization β
worktree: autoruns the workflow in a fresh git worktree, persists commits to a named branch, and fast-forwards the current branch on success β see docs/resume.md - π‘οΈ Per-run sandbox β
sandbox: autoisolates each run inside a Docker/Podman container with the worktree bind-mounted at/workspaceand an HTTP CONNECT proxy enforcing a network allowlist β see docs/sandbox.md - π Privacy filter β Built-in Go-native
privacy_filter/privacy_unfiltertools redact and restore PII (emails, phones, IBANs, credit cards, URLs, ~25 secret patterns) β see docs/privacy_filter.md
- π¦ Artifact versioning β Per-node, per-iteration versioned outputs persisted to disk
- π Event sourcing β Append-only JSONL event log for full replay and debugging
- β―οΈ Resumable runs β Checkpoint-based resume from
failed_resumable/paused_waiting_human/cancelledstates β see docs/resume.md - π Observability stack β Prometheus
/metrics, OTLP traces, and a self-contained docker-compose stack with pre-built Grafana dashboards β see docs/observability/README.md
Run analytics β cost over time stacked by workflow, plus per-workflow run counts, fail rates, and P50/P95 durations.
- βοΈ Bot-as-a-Service platform β Multi-tenant Helm deployment (MongoDB + S3 + NATS JetStream, KEDA-scaled runners, per-run Kubernetes sandboxes) with the full platform layer: orgs + quotas + metering, inbound webhooks for GitLab / GitHub / Forgejo / generic JSON, bound credentials, audit log, PATs, SMTP onboarding, self-serve studio β see docs/baas-overview.md
- π§° TypeScript SDK β
@iterion/sdkwraps the CLI with typedrun/resume/eventsstreaming for Node, Deno, and Bun apps - π§ AI agent skill β Install as a skill in Claude Code, Codex, Cursor, Windsurf, GitHub Copilot, Cline, Aider, and other AI coding agents
The same engine, hosted: an external event fires β an autonomous bot runs with your org's bound credentials β the result lands back in your own system. Open a merge request, get Revi's review as inline comments β no human in the loop, no secret ever in a prompt.
From dev to imperator: the legion, as a service.
flowchart LR
FORGE["forge event"] -- "token/HMAC,<br/>rate, quota" --> HOOK["POST /api/webhooks/{provider}/{id}"]
HOOK --> NATS[("NATS queue")]
NATS --> RUNNER["runner pod<br/>(KEDA-scaled)"]
RUNNER -- "BYOK key +<br/>file secrets" --> BOT["bot executes with<br/>bound creds"]
BOT --> POST["review/fix/report<br/>posted back on the MR/PR"]
Five steps to a working loop:
helm install iterion oci://ghcr.io/socialgouv/charts/iterion -f values.yamlβ chart README- Activate the bootstrap super-admin (temp password in the boot logs), create an org
- In the studio: org β Webhooks β create (provider, bot scope) β copy the one-time token + URL
- Paste them into your forge's webhook settings; add a
forge_tokensecret + bot binding - Open an MR β watch the run in the studio, the review lands on the MR
Org quotas (runs / cost / concurrency / rate), audit log, personal access tokens, DLQ ops and Prometheus metrics make it operable as a real multi-tenant service. Start at docs/baas-overview.md.
Iterion ships a team of named, first-class bots β your legion. Each is a general-purpose .bot you point at any repo: run it directly (iterion run bots/<name>/main.bot), dispatch it per issue, or schedule it.
| Bot | Role | Bundle |
|---|---|---|
| π§ Nexie | Co-CTO orchestrator β surveys the repo, elicits priorities, proposes a roadmap, and emits kanban issues | whats-next |
| π οΈ Featurly | Ships a feature end-to-end β plan β implement β simplify β review-fix loop | feature_dev |
| πΏ Billy | Branch reviewer-fixer β alternating Claude/GPT review-fix on the branch diff, auto-commits on convergence | branch_improve_loop |
| π Willy | Whole-repo reviewer-fixer β the same loop across the entire codebase | whole_improve_loop |
| π Doki | Doc aligner β detects & fixes doc/code drift (the docs, never the code) | docs-refresh |
| π Revi | Code reviewer β read-only cross-family review, publishes findings to the board | review_pr |
| π‘οΈ Seki | Source security auditor β SAST + secret scan + LLM triage | sec-audit-source |
| π¦ Depsy | Supply-chain auditor β dependency malware / CVE scan | sec-audit-deps |
| β¬οΈ Renovacy | Security-aware dependency upgrader | secured-renovacy |
List them anytime with iterion bots list; see docs/examples.md for the full catalog (including the DSL demos under examples/).
Same engine, eight delivery modes β pick the one that fits your workflow:
| Mode | Best for | Install | Docs |
|---|---|---|---|
| π₯οΈ CLI | Scripted runs, CI/CD pipelines | curl -fsSL https://socialgouv.github.io/iterion/install.sh | sh |
install.md |
| π Studio (web app) | Visual workflow design (browser-based) | Bundled with the CLI: iterion studio |
visual-editor.md |
| πͺ Desktop app | Native window, multi-project, OS keychain, auto-update | Download iterion-desktop from Releases |
desktop.md |
| π³ Docker | Zero-install runs, reproducible CI | docker run --rm ghcr.io/socialgouv/iterion:latest |
install.md#docker |
| βοΈ Cloud / server | Multi-tenant deployment, shared run store, REST/WS API | helm install iterion oci://ghcr.io/socialgouv/charts/iterion |
cloud.md |
| πΌ Dispatcher | Autonomous loop β poll a tracker, dispatch a workflow per issue | Bundled: iterion dispatch iterion.dispatcher.yaml |
dispatcher.md |
| β° Scheduler | Cron recurring runs (weekly audits, nightly passes) β no resident daemon | Bundled: iterion schedule add β¦ && iterion schedule install |
scheduling.md |
| π¦ TypeScript SDK | Programmatic invocation from Node/Deno/Bun | npm install @iterion/sdk |
sdks/typescript/ |
All eight invoke the same Go core. The DSL, runtime, persistence and observability are identical β they only differ in how you reach them.
# Scaffold a new project
mkdir my-project && cd my-project
iterion init
# Authenticate Claude Code (the scaffolded workflow's backend)
claude login
# Optional: copy .env.example to .env to override PROJECT_DIR
cp .env.example .env
# Validate the workflow
iterion validate pr_refine_single_model_backend.bot
# Run it
iterion run pr_refine_single_model_backend.bot \
--var pr_title="Fix auth middleware" \
--var review_rules="No SQL injection, no hardcoded secrets" \
--var compliance_rules="Must satisfy the review rules and keep tests passing"iterion init creates a complete PR refinement workflow (review β plan β compliance check β act β verify) that you can run immediately.
iterion inspect # List all runs
iterion inspect --run-id <id> --events # View a specific run with events
iterion report --run-id <id> # Generate a detailed reportAll run data (events, artifacts, interactions) is stored in .iterion/runs/.
Iterion accepts plain workflow sources as .bot files. Any other extension is rejected at the CLI, server, dispatcher, and studio boundaries.
Bots can also be shipped as .botz β a tar.gz packaging the workflow with adjacent resources (Claude Code skills, reusable prompts, default attachments, manifest). Scaffold with iterion bundle init, build with iterion bundle pack, run with iterion run my.botz. See docs/bundles.md.
Here's the simplest possible workflow β an agent reviews code and decides pass/fail:
prompt review_system:
You are a code reviewer. Evaluate the submission
and decide if it meets quality standards.
prompt review_user:
Review this code:
{{input.code}}
schema review_input:
code: string
schema review_output:
approved: bool
summary: string
agent reviewer:
model: "${MODEL}"
input: review_input
output: review_output
system: review_system
user: review_user
workflow minimal:
entry: reviewer
reviewer -> done when approved
reviewer -> fail when not approved
That's it β 28 lines. The agent gets a code input, produces a structured {approved, summary} output, and the workflow routes to done or fail based on the verdict.
From here you can add judges for multi-pass review, routers for parallel fan-out, human gates for approval, bounded loops for retry, budget caps for cost control, and more β see docs/dsl.md for the full reference.
The full documentation lives under docs/ β start with the documentation index. Highlights:
Get going
- docs/install.md β every install method (CLI, desktop, Docker, Helm, SDK)
- docs/visual-editor.md β studio (browser-based workflow editor)
- docs/desktop.md β native desktop app
- docs/examples.md β workflows of increasing complexity (starter β advanced)
- docs/skill.md β install Iterion as an AI agent skill (Claude Code, Cursor, Copilotβ¦)
Author workflows
- docs/dsl.md β full
.botDSL reference - docs/routers.md β routing modes deep dive
- docs/human-in-the-loop.md β pause for human input; interaction modes (human / llm / llm_or_human / review)
- docs/recipes.md β preset-driven runs (benchmarking, prompt comparison)
- docs/delegation.md β
model:vsbackend:(claude_code, codex) - docs/cursors.md β prompt-engineering cursors (ambition / depth / rigor / autonomy dials)
- docs/attachments.md β file/image attachments in prompts
- docs/privacy_filter.md β built-in PII redaction tools
- docs/workflow_authoring_pitfalls.md β required reading before authoring workflows that commit code
Run & operate
- docs/cli-reference.md β every
iterionsubcommand and flag - docs/resume.md β resume / failure / cancellation matrix
- docs/sandbox.md β per-run container isolation
- docs/observability/README.md β Prometheus, OTLP, Grafana
- docs/persisted-formats.md β on-disk format spec
- docs/cloud.md + docs/cloud-deployment.md β cloud mode overview + operator runbook
Architecture & contributing
- docs/architecture.md β compiler pipeline, runtime engine, persistence
- docs/adr/ β architecture decision records
- docs/development.md β build, test, project structure for contributors
References
- docs/references/dsl-grammar.md β readable grammar
- docs/references/diagnostics.md β all C001βC086 codes (sparse)
- docs/references/patterns.md β 10 reusable workflow patterns
- docs/grammar/iterion_v1.ebnf β formal EBNF grammar
MIT. See LICENSE for the full text. Copyright Β© SocialGouv.