Decapod is a repo-native helper for humans that makes an agent:
- Build what the human intends
- Follow the rules the human intends
- Produce the quality the human intends
The human interfaces ONLY with the agent as the UX. The agent calls Decapod.
Decapod is called on demand inside agent loops to turn intent into context, then context into explicit specifications before inference.
- Not an agent framework.
- Not a prompt-pack.
- Not a daemonized control plane with hidden always-on state.
- Intent MUST be explicit before mutation. If a change alters "what must be true," update intent/spec first.
- Boundaries MUST be explicit. Authority boundary (
specs/andinterfaces/), interface boundary (decapodCLI/RPC), and store boundary (repo vs user) are mandatory. - Completion MUST be provable. Promotion-relevant outcomes require executable proof surfaces (
decapod validate+ required tests/gates), not narrative claims. - Decapod MUST remain daemonless and repo-native. Promotion-relevant state must be auditable from repo artifacts and control-plane receipts.
- Validation liveness is mandatory. Validation must terminate boundedly with typed failure under contention, never hang indefinitely.
- Operational agent guidance MUST live in entrypoint and constitution surfaces, not README. README is human-facing product documentation.
You MUST call decapod rpc --op agent.init before operating.
This produces a session receipt and tells you what's allowed next.
- Local-first: Everything is on disk, auditable, versioned
- No workflow replacement: Keep using your existing agent flow; Decapod is called inside it
- Deterministic: Same inputs produce same outputs
- Agent-native: Designed for programmatic access via
decapod rpc - Daemonless: No required long-lived control-plane process
- Workspace-enforced: You cannot work on main/master - Decapod refuses
- Liveness-aware: Requires invocation heartbeat for continuous presence tracking
# Agent initialization (required first step)
decapod rpc --op agent.init
# Workspace management
decapod workspace status
decapod workspace ensure
decapod workspace publish
# Interview for spec generation
decapod rpc --op scaffold.next_question
decapod rpc --op scaffold.generate_artifacts
# Validation (must pass before claiming done)
decapod validate
# Capabilities discovery
decapod capabilities --format json- Agents MUST NOT work on main/master - Decapod validates and refuses
- Use
decapod workspace ensureto create an isolated worktree under.decapod/workspaces/* - Use on-demand containers for build/test execution (clean env)
- Validate before claiming done -
decapod validateis the gate - Do not use non-canonical worktree roots
Decapod enforces a two-tier isolation model:
-
Git Worktree (Default):
- All file modifications happen here.
- Provides concurrency (multiple agents on different branches).
- Prevents pollution of the main checkout.
-
On-Demand Sandbox (Container):
- Call
decapod workspace ensure --containerto instantiate. - Maps the current worktree into a clean Docker/OCI env.
- REQUIRED for:
cargo build,npm install,pytest, etc. - Ensures build reproducibility and environment hygiene.
- Call
Every RPC response includes:
receipt: What happened, hashes, touched pathscontext_capsule: Relevant spec/arch/security slicesallowed_next_ops: What you can do nextblocked_by: What's preventing progress
Decapod resolves standards from:
- Industry Engineering Excellence (built-in Oracle: see
ENGINEERING_EXCELLENCE.md) - Industry defaults (built-in)
.decapod/OVERRIDE.md(project-specific)
Query with: decapod rpc --op standards.resolve
- todo: Task tracking with event sourcing
- workspace: Branch protection and isolation
- interview: Spec/architecture generation
- federation: Knowledge graph with provenance
- validate: Authoritative completion gates
If Decapod is blocking legitimate work:
- Check
decapod workspace status - Ensure you're not on main/master
- Run
decapod validateto see specific failures - Review blockers in RPC response envelope