skelm

Appearance

skelmAgentic workflows you can actually ship to production

Author pipelines as typed TypeScript. Compose them with Skills (and MCP servers when you need them). Run under default-deny permissions on a gateway you own.

Quick Start
Browse Recipes
GitHub
skelm
🔒

Default-deny by design

Every agent step declares its tools, executables, MCP servers, network egress, and filesystem roots. Anything not listed is denied — and the gateway is the only thing that enforces it.

🧠

Code-first, not config-first

Pipelines are real `.mts` modules. Refactor with your editor, type-check with `tsc`, version with git, test with vitest. No YAML DSL to learn.

🛠️

Conversational workflow builder

`skelm builder` opens a terminal chat UI that authors `.workflow.mts` files from a spec, validates them with `skelm validate`, and runs under the same gateway permissions as any other workflow.

🧩

Backend-agnostic agents

Opencode, Codex, ACP (Copilot, Claude Code), OpenAI, Anthropic, Pi, Vercel AI — swap providers without rewriting a step. Bring your own via the backend SPI.

📚

Skills-first capability model

Package procedural knowledge — playbooks, API recipes, internal know-how — as Skills the agent loads on demand. MCP servers plug in as first-class registry citizens alongside them when you need live tools.

🌐

Gateway-hosted runtime

A long-running gateway hosts pipelines over HTTP + SSE, drives the scheduler, manages MCP-server lifecycles, and owns the trust boundary. Nothing privileged runs outside it.

💾

Self-hosted, local-first

SQLite + filesystem out of the box; Postgres and external vaults for production. No managed cloud, no telemetry phone-home, no vendor lock-in.

Why skelm?

Most "agent frameworks" make it easy to demo a chatbot and impossible to operate one. Tool calls leak credentials, prompts mutate at runtime, and the production story is "trust us." Skelm is the opposite: every privileged action — exec, network, filesystem, tool dispatch, MCP — flows through a gateway under permissions you declare in code, and every workflow is a typed module you can grep, refactor, and unit-test.

It sits in a deliberately narrow niche: between a one-off LangChain script and a managed agent platform. If you want to run agentic and deterministic workflows on your own infrastructure, with security primitives that don't disappear when the demo ends, that's what skelm is for.

Start with the Quickstart for the five-minute path, or skim the Recipes to see complete examples.

Released under the MIT License.

Copyright © 2026 Scott Glover