code()
Deterministic logic
Pure TypeScript steps for fetches, transforms, branches, loops, parallel work, waits, and nested pipeline calls. Type-check, refactor, test, and version them like ordinary code.
Open source · MIT · TypeScript · v0.4.7
skelm — agentic workflows you can actually ship to production
Build typed TypeScript pipelines that mix deterministic code, single-shot inference, and full agent loops behind default-deny permissions and a gateway you own. Run quick automations, cron jobs, webhooks, durable approvals, and persistent chat workflows with the same module shape.
$ npm install -g skelm
$ skelm init my-bot && cd my-bot && npm install
$ skelm run workflows/hello.workflow.mts --input '{"name":"world"}'One authoring model from scripts to durable agents.
A workflow is a typed TypeScript module. Use deterministic code, model inference, and agent loops directly, then host the same workflow through the gateway when it needs schedules, webhooks, queues, or durable state.
infer()
Single-shot inference
One model call with typed input and structured output. `infer()` is for LLM judgment without a tool loop, backed by providers such as OpenAI-compatible endpoints, Anthropic, Pi, Vercel AI, or custom backends.
agent()
Multi-turn agent loops
Full agent steps with tools, MCP servers, skills, workspaces, and default-deny permissions. Backends include @skelm/agent, Opencode, Pi, Codex, Vercel AI, ACP agents, and custom providers.
Gateway-owned trust boundary
Permissions are part of the API, not an afterthought
Every privileged action flows through the gateway under permissions declared in code. A backend that cannot enforce a declared permission fails at step start instead of silently bypassing it.
- Default-deny dimensions cover tools, executables, MCP servers, skills, network egress, filesystem roots, delegation, and agentmemory operations.
- The gateway hosts workflows over HTTP + SSE, drives scheduler, queue, file-watch, poll, webhook, and event-source triggers, and owns the execution surface.
- Runs can pause for human approval, resume from durable state, and preserve session-keyed persistent chat conversations across restarts.
- Audit, secrets, workspace isolation, MCP lifecycle, and agent supervision stay inside the same gateway trust boundary.
A real workflow, end to end
Incident response from the current examples: parallel deterministic triage, then an agent step with explicit tools, MCP, filesystem, and network permissions.
import { agent, code, parallel, pipeline } from 'skelm'
import { z } from 'zod'
export default pipeline({
id: 'incident-response',
input: z.object({
incidentId: z.string(),
service: z.string(),
description: z.string(),
}),
output: z.object({
rootCause: z.string(),
immediateActions: z.array(z.string()),
}),
triggers: [{ kind: 'webhook', path: '/webhooks/incident' }],
steps: [
parallel({
id: 'triage',
steps: [
code({ id: 'search-issues', run: () => ({ issues: [] }) }),
code({ id: 'open-channel', run: () => ({ channel: 'inc-001' }) }),
],
}),
agent({
id: 'root-cause',
backend: 'opencode',
prompt: (ctx) => `Analyze this incident:\n${ctx.input.description}`,
permissions: {
allowedTools: ['gh.search_issues', 'slack.post_message'],
allowedMcpServers: ['github'],
allowedExecutables: [],
fsRead: [],
fsWrite: [],
networkEgress: { allowHosts: ['api.github.com', 'slack.com'] },
},
output: z.object({
rootCause: z.string(),
immediateActions: z.array(z.string()),
}),
maxTurns: 4,
}),
],
})Packages
skelm ships as focused packages. Install the meta-package `skelm` for the runtime and CLI, then add backend, integration, memory, metrics, or tracing packages as needed.
skelm
Meta-package — install this. Re-exports @skelm/core, ships the skelm CLI binary, and depends on the CLI, scheduler, and integration SDK pieces needed for local execution.
@skelm/core
Runtime, types, builders, schemas, events, permissions, registries, backend interface, system prompt composition, and pipeline execution primitives.
@skelm/cli
Command-line interface and programmatic primitives. Non-exempt commands dispatch to the local gateway; `init`, `validate`, and `gateway *` can run without a live gateway.
@skelm/gateway
Long-running orchestrator that owns config, registries, permissions, audit, agent lifecycle, triggers, HTTP/SSE, dashboard API, and the execution trust boundary.
@skelm/scheduler
Trigger management for cron, interval, and webhook schedules with deduplication and overlap policies; used by the gateway for scheduled work.
@skelm/integrations
Typed integration package for third-party services such as GitHub, Slack, Jira, Telegram, Matrix, and chat UI trigger sources.
@skelm/integration-sdk
Authoring SDK for custom skelm integrations and trigger sources. Use it to build connectors that plug into the gateway.
@skelm/agent
First-party native agent backend. Runs infer() and agent() against OpenAI-compatible chat endpoints with in-process TrustEnforcer permission checks.
@skelm/agentmemory
Typed REST client and gateway-wired AgentmemoryHandle for cross-session recall. Operations are default-deny and routed through gateway enforcement.
@skelm/opencode
Opencode.ai coding-agent backend with native permission mapping, granular enforcement, and gateway-supervised lifecycle support.
@skelm/pi
Pi coding-agent SDK backend with native tool allowlist enforcement, infer() support, sandbox defaults, and queueing controls.
@skelm/codex
OpenAI Codex backend via @openai/codex-sdk with boundary permission mapping, MCP injection, skill loading, session lifecycle, and streaming.
@skelm/vercel-ai
Vercel AI SDK backend that powers infer() and agent() with tool filtering and call-time permission checks under skelm policy.
@skelm/metrics
Prometheus-format metrics for skelm event streams: run counters, step timings, permission denials, approvals, and trigger fires.
@skelm/otel
OpenTelemetry tracing for skelm event streams, emitting run and step spans without configuring exporters for you.
Ready to ship a workflow?
Install the CLI, scaffold a project, or use `skelm builder` to draft a workflow from a plain-language spec.