"The cookbook explains the why. This package gives you the kitchen."
The operating system your agent runs itself
Brigade is the workspace your agent operates on its own. It pulls work from its own inbox, dispatches the line, reviews, verifies, and hands off memory, a loop the agent drives by calling Brigade. Explicit and local, on the cadence you set.
You set up the kitchen. The brigade works service.
Everything in its place
Mise en place means "everything in its place before the work starts."
In a kitchen, that is chopped mirepoix, clean pans, labels, and a station that does not make you hunt for salt mid-service. Brigade is that station for your agent: rules, memory, tools, handoff inboxes, publish guards, and boring verification laid out once, so the agent works the line on its own instead of burning a session hunting for context. You set up the kitchen. The brigade runs service.
The pass
Your agent invokes this itself, you do not babysit it. One orchestrator plans the work, the workers cook through their own CLIs, the chef synthesizes the final answer. Bounded by design: two orchestrator calls plus the worker calls in the plan.
The agent works the line
Brigade is the operator system; your agent drives it. It calls
brigade work run to open a session, pull the next ready
task from its own inbox, run it, verify, close out, and write a memory handoff, then queues the next step and goes
again. Scanners and sweeps keep filling that inbox in the background.
What should I do next?
brigade daily is the agent's brain for that question.
daily plan returns an ordered, deduplicated next-actions
list across every subsystem, each with a safe summary, a suggested command, and the evidence behind it.
daily review previews the selected action, and
daily closeout records what was reviewed.
Approval-required actions wait in daily approvals for an
operator to review before a later run consumes them, and
daily resume,
daily repair, and
daily unblock recover blocked or stale runs.
daily history lists recent receipts with their status.
Boundary
Explicit and local. The daily driver reads evidence and ranks safe actions; it never runs the suggested commands. Brigade does not install cron, start a daemon, or run a scheduler. Your agent, or a timer you wire up, sets the cadence. Every run is foreground and receipted, and the session writes a handoff and a recap.
See the line before working it
Before the agent acts, it reads its own state. These stations are read-only views over existing local files: no models, no remotes, no mutation. They tell the agent what is pending, what passed, and what is worth learning.
brigade center status A read-only local dashboard, rendered as CLI text or JSON, that summarizes the whole work system at a glance: active session and latest run, pending inbox imports by source and kind, latest scanner sweep and code review state, verification and closeout readiness, handoff drafts, memory-care refresh counts, and backup health.
read-only. Only reads existing local files. Never invokes scanners, tools, reviewers, handoff ingestion, release publishing, state-mutating git, or remote APIs.
docs/operator-center.md →brigade context build A local, redacted snapshot of what matters right now: recent work signals, pending import counts, latest sweep, open review findings, verification and closeout state, memory-care counts, and handoff queue, gathered into one reviewable bundle the agent reads before planning.
read-only. Read-only over local state, redacted with the same content-safety rules used across Brigade. A snapshot, not a sync. No models, no remotes, no mutation.
docs/context-packs.md →brigade projects audit · brigade learn plan Audit a fleet of local projects for safe setup metadata (bootstrap files, handoff inboxes, gitignore coverage, content-guard wiring), and scan work history, closeouts, and handoffs for repeated lessons. Both route candidates into the work inbox for review.
read-only. Local and read-only over existing files. Records presence, counts, and fingerprints, not contents or private paths. Learnings become durable memory only after explicit operator review and promotion.
docs/project-learning.md →What you get
Sanitized rules, memory, tools, identity, and safety laid down as a clean starting point.
One canonical owner holds durable knowledge; writers drop handoffs into per-harness inboxes.
Safe card handoffs become cards, targeted updates append, ambiguous material is kicked out for review.
Your agent calls brigade work run to resolve the next task, run it, verify, close out, and write a handoff, then queue the next step.
A safe, local, gitignored target for automations that discover useful work, with explicit promotion.
Built-in workspace scan for secrets, permissions, hooks, MCP configs, and instruction risks.
content-guard pre-push gates so private infrastructure does not leak into public docs.
Repo-shareable rule templates under rules/ for issue-backed and acceptance-driven work loops, generic and public-safe so they travel with the repository.
OpenClaw (tested), Hermes (experimental), plus generic harness fragments. Brigade shells out, keeps no keys.
Flagship: the tool station
brigade tools is a logical catalog of the things your agents can call,
portable across source families and projected into each harness. Inspection, call planning, approval review,
run history, and checkpoint review never execute anything. Execution is always explicit and receipted.
Source families
The line, plan to plate
schema-backed contracts: permissions, effects, approval mode, env labels
validate args against the schema, return a redacted plan, run nothing
planned calls held in calls.jsonl; approval changes status only
approved script and approved mcp calls only, with local receipts
script-requested pauses; resume needs explicit approval
brigade tools runtime starts and stops explicit local runtimes with PID files and logs. doctor and work run never auto-start them.
brigade tools policy sets host-local allowed effects, timeout caps, runtime allow-lists, approval modes, and env label bindings.
brigade tools plan and apply write managed projections into your harness configs, explicitly and never auto-synced.
Boundary. MCP execution uses a configured local stdio command only. Brigade does not connect to remote MCP servers, fetch OpenAPI or GraphQL schemas, store auth, install schedulers, or send approval notifications. Replay never recovers secret values or bypasses approval, runtime, or policy gates, and environment values are never stored in calls, receipts, logs, or imports.
The rest of the kitchen
Every station is local, explicit, and receipted. Discovery routes work into the inbox; nothing runs a daemon, edits canonical memory, or touches a remote without you asking.
brigade work review Configure explicit local reviewers (Codex, Claude Opus, or custom commands), run them, then import normalized findings into the work inbox with source code-review and close them out against pending, dismissed, promoted, and completed work.
does not Runs only configured reviewer commands, never a shell. Does not auto-run from work run, apply fixes, post comments, mutate GitHub, store auth, or promote findings automatically.
docs/code-review.md →brigade chat Ingest local Discord, Slack, Telegram, ClickClack, and generic JSONL chat exports into the work inbox as public-safe imports with summaries, labels, message ranges, evidence paths, confidence, and fingerprints.
does not No live chat APIs, no OAuth, no webhooks, no daemon, no auto-promotion. Raw message bodies and transcript fields are rejected by default.
docs/chat-surfaces.md →brigade memory care Scan memory cards for stale, expired, undersourced, contradictory, missing-index-link, orphaned, oversized, and missing-frontmatter issues, then route a refresh queue into the work inbox.
does not Writes scan reports and work imports only. Never edits memory cards, runs a scheduler, mutates canonical memory, or uses LLM inference for contradictions.
docs/memory-care.md →brigade work backup Read local backup health summaries for latest snapshot, check, prune, and restore rehearsal status, and route stale or failed states into local backup-health work imports.
does not Read-only. Does not run restic, mount storage, prune, restore, send webhooks, or mutate remote backup state.
docs/backup-health.md →brigade work verify Run explicit local verification commands and write receipts, then write a session closeout record that collects task acceptance, verification, scanner sweep status, code review closeout, handoff draft status, and session evidence.
does not Local gates only. Does not mutate CI, GitHub, reviewers, scanner promotions, handoff ingestion, daemons, or schedulers. Verification runs only when explicitly requested.
docs/work-closeout.md →brigade release A local publish gate. It reviews latest work closeout, verification, code review closeout, scanner sweep state, security health, handoff draft health, content-guard results, git state, and docs, changelog, and roadmap touch warnings, and can build local release candidate bundles.
does not Never pushes, tags, creates releases, comments remotely, or mutates remotes.
docs/release-readiness.md →brigade repos Run the operator loop across many local repos at once: safe readiness sweeps, report bundles, reviewed fleet actions that dispatch work into a target repo inbox, and release trains that classify each repo and write a manual publish plan with waivers and evidence records.
does not Local and privacy-preserving. No cloning, no push, tag, release, or remote mutation, no auto-promotion. Records ids, safe labels, counts, and fingerprints, never private paths, raw logs, or exact private repo names.
docs/repo-fleet.md →brigade phase Track long multi-step roadmap work as resumable, evidence-backed phase sessions: a phase ledger of goals and acceptance, phase reports of completed and blocked work, and sessions with checkpoints, verification receipts, recovery notes, and a deterministic resume protocol for picking up where the agent left off.
does not Local and explicit. Brigade does not run phase sessions automatically, execute roadmap work, mutate remotes, or edit canonical memory. Phase work gates releases so unverified phase work is visible before publishing.
docs/phase-execution-ledger.md →brigade center readiness One local ready-or-blocked view that aggregates roadmap audit, docs inventory, center reviews, release readiness, repo fleet, security, memory care, backup, tool catalog, context, projects, and learning health, then writes a readiness receipt and a manual publish checklist.
does not Manual-only. Never runs the checklist commands, starts scanners, applies fixes, promotes imports, tags, pushes, creates releases, or mutates remotes. Explicit waivers are local and recorded.
docs/operator-center.md →brigade add memory | guard | tokens Install and wire external tools that are not on your PATH: memory (memory-doctor + bootstrap-doctor), guard (content-guard), and tokens (TokenJuice output compaction via host hooks, with wrapper notes and savings expectations).
does not Tools are never imported in process. Brigade shells out to each CLI, so the boundary stays model-neutral and mixed-language, and keeps no provider keys.
The design
Writer harnesses drop handoffs into their own inboxes. The ingester scans all of them, routes safe material into cards and the right files, and kicks ambiguous material out for review.
Canonical owner, picked automatically
One owner stays canonical, chosen by priority:
openclaw > hermes > claude > codex > this-repo
Override it with --owner.
Multiple agent homes? Use a hub.
Treat the owner workspace as the hub. Remote or secondary workspaces write handoffs into their own per-harness inboxes, and a trusted sync pulls those files into a staging inbox on the owner. Agents stay informed without ever creating a second canonical memory.
Two axes: depth + harnesses
| Harness | Role | Adds |
|---|---|---|
| claude | writer | CLAUDE.md + .claude/memory-handoffs/ inbox |
| codex | writer | .codex/memory-handoffs/ inbox (AGENTS.md is in the baseline) |
| openclaw | reader | .brigade/openclaw/ config fragments + cron stubs |
| hermes | reader | .brigade/hermes/ adapter fragments (experimental) |
| repo (default) | AGENTS.md, SAFETY_RULES.md, INSTALL_FOR_AGENTS.md, hooks/pre-push, public-repo policy |
| workspace | repo + MEMORY.md, TOOLS.md, USER.md, SOUL.md, IDENTITY.md, HEARTBEAT.md, memory/cards/ |
| publisher | public-content policy + content-safety memory card + scrub-cache |
Privacy
Brigade does not phone home, collect telemetry, or sync anything to a server. Everything happens on your local filesystem against the templates packaged with the install.
The only exceptions are tooling you configure
pre-push hook runs the local content-guard scanner before commits leave the machine.
brigade security enrich can call MISP only when you explicitly configure and run the opt-in misp provider.
What you do not get
Set it up once, then let it run
Lay out the kitchen and prove it is wired.
$ pipx install brigade-cli$ brigade init --target ~/agent-kitchen$ brigade doctor
Brigade calls these itself, run after run.
$ brigade work brief$ brigade work run$ brigade work run --queue-next$ brigade work review run --all
"The cookbook explains the why. This package gives you the kitchen."