MCPcopy Index your code
hub / github.com/ColeMurray/background-agents

github.com/ColeMurray/background-agents @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
4,518 symbols 14,819 edges 758 files 974 documented · 22%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Background Agents: Open-Inspect

An open-source background agents coding system inspired by Ramp's Inspect.

Overview

Open-Inspect provides a hosted background coding agent that can:

  • Work on tasks in the background while you focus on other things
  • Access full development environments (Node.js, Python, git, browser automation, VS Code)
  • Connect from anywhere — web UI, Slack, GitHub PRs, Linear issues, or webhooks
  • Enable multiplayer sessions where multiple people can collaborate in real time
  • Create PRs with proper commit attribution to the prompting user
  • Run on a schedule — cron jobs, Sentry alerts, and webhook-triggered automations
  • Spawn parallel sub-tasks that work in separate sandboxes simultaneously
  • Use your choice of AI model — Anthropic Claude, OpenAI Codex (via ChatGPT subscription), or OpenCode Zen

Security Model (Single-Tenant Only)

Important: This system is designed for single-tenant deployment only, where all users are trusted members of the same organization with access to the same repositories.

How It Works

The system uses a shared GitHub App installation for git operations (clone, fetch, push). The control plane mints short-lived installation tokens server-side and brokers them to sandboxes through the git credential helper on demand. This means:

  • All users share the same GitHub App credentials - The GitHub App must be installed on your organization's repositories, and any user of the system can access any repo the App has access to
  • No per-user repository access validation - The system does not verify that a user has permission to access a specific repository before creating a session
  • GitHub users' OAuth tokens are used for PR creation - For GitHub logins, PRs are created using the user's GitHub OAuth token, ensuring proper attribution and that they can only create PRs on repos they have write access to. Users who sign in another way (e.g. Google) carry no SCM token, so their PRs fall back to the shared GitHub App bot

Token Architecture

Token Type Purpose Scope
GitHub App Token Brokered git clone/fetch/push auth All repos where App is installed
User OAuth Token Create PRs, user info Repos user has access to
Sandbox Auth Token Sandbox-to-control-plane session calls Single session
WebSocket Token Real-time session auth Single session

Why Single-Tenant Only

This architecture follows Ramp's Inspect design, which was built for internal use where all employees are trusted and have access to company repositories.

For multi-tenant deployment, you would need:

  • Per-tenant GitHub App installations
  • Access validation at session creation
  • Tenant isolation in the data model

Deployment Recommendations

  1. Deploy behind your organization's SSO/VPN - Ensure only authorized employees can access the web interface
  2. Install GitHub App only on intended repositories - The App's installation scope defines what the system can access
  3. Restrict sign-in - Configure allowed GitHub users, email domains, or active GitHub organization membership (ALLOWED_GITHUB_ORGS)
  4. Use GitHub's repository selection - When installing the App, select specific repositories rather than "All repositories"

Architecture

                                    ┌──────────────────┐
                                    │     Clients      │
                                    │ ┌──────────────┐ │
                                    │ │  Web / Slack │ │
                                    │ │ GitHub / Lin.│ │
                                    │ │   Webhooks   │ │
                                    │ └──────────────┘ │
                                    └────────┬─────────┘
                                             │
                                             ▼
┌────────────────────────────────────────────────────────────────────┐
│                     Control Plane (Cloudflare)                     │
│  ┌──────────────────────────────────────────────────────────────┐  │
│  │                   Durable Objects (per session)              │  │
│  │  ┌─────────┐  ┌─────────┐  ┌─────────┐  ┌───────────────┐    │  │
│  │  │ SQLite  │  │WebSocket│  │  Event  │  │   GitHub      │    │  │
│  │  │   DB    │  │   Hub   │  │ Stream  │  │ Integration   │    │  │
│  │  └─────────┘  └─────────┘  └─────────┘  └───────────────┘    │  │
│  └──────────────────────────────────────────────────────────────┘  │
│  ┌──────────────────────────────────────────────────────────────┐  │
│  │              D1 Database (repo-scoped secrets)               │  │
│  └──────────────────────────────────────────────────────────────┘  │
└────────────────────────────────┬───────────────────────────────────┘
                                 │
                                 ▼
┌────────────────────────────────────────────────────────────────────┐
│                 Data Plane (Sandbox Backend)                       │
│  ┌──────────────────────────────────────────────────────────────┐  │
│  │                     Session Sandbox                          │  │
│  │  ┌───────────┐  ┌───────────┐  ┌───────────┐                 │  │
│  │  │ Supervisor│──│  OpenCode │──│   Bridge  │─────────────────┼──┼──▶ Control Plane
│  │  └───────────┘  └───────────┘  └───────────┘                 │  │
│  │                      │                                       │  │
│  │              Full Dev Environment                            │  │
│  │      (Node.js, Python, git, agent-browser)                   │  │
│  └──────────────────────────────────────────────────────────────┘  │
└────────────────────────────────────────────────────────────────────┘

Packages

Package Description
control-plane Cloudflare Workers + Durable Objects
web Next.js web client
sandbox-runtime Shared in-sandbox agent runtime
modal-infra Modal sandbox infrastructure
daytona-infra Daytona snapshot infrastructure
opencomputer-infra OpenComputer template infrastructure
slack-bot Slack integration (sessions from messages)
github-bot GitHub integration (auto-review, @mention)
linear-bot Linear integration (issue → coding session)
shared Shared types and utilities

Getting Started

For a practical setup guide (local + contributor + deployment paths), start with docs/SETUP_GUIDE.md.

See docs/GETTING_STARTED.md for deployment instructions.

To understand the architecture and core concepts, read docs/HOW_IT_WORKS.md.

To set up recurring scheduled tasks, see docs/AUTOMATIONS.md.

Key Features

Fast Startup

Sessions start near-instantly through multiple layers of warming:

  • Filesystem snapshots — After each prompt, sandbox state is saved; follow-up sessions restore instead of re-cloning
  • Pre-built repo images — Toggle per-repo in Settings; rebuilt every 30 minutes with latest commits and dependencies
  • Proactive warming — Sandbox begins spinning up as soon as you start typing, before you hit Enter

Multiplayer Sessions

Multiple users can collaborate in the same session:

  • Presence indicators show who's active
  • Prompts are attributed to their authors in git commits
  • Real-time streaming to all connected clients

Commit Attribution

Commits are attributed to the user who sent the prompt:

// Configure git identity per prompt
await configureGitIdentity({
  name: author.scmName,
  email: author.scmEmail,
});

Multi-Provider Model Support

Choose the AI model that fits your task, with per-session reasoning effort controls:

Provider Models
Anthropic Claude Haiku 4.5, Sonnet 4.5/4.6, Opus 4.5/4.6/4.7/4.8, Fable 5
OpenAI GPT 5.2, GPT 5.4, GPT 5.5, GPT 5.2 Codex, 5.3 Codex, 5.3 Codex Spark
OpenCode Zen Kimi K2.5/K2.6, MiniMax M2.5, Qwen3.7 Max, GLM 5/5.1 (opt-in)
Z.AI Coding Plan GLM 5.2 (opt-in)

OpenAI models work with your existing ChatGPT subscription via OAuth — no separate API key needed. See docs/AVAILABLE_MODELS.md for the full model list and docs/OPENAI_MODELS.md for OpenAI setup instructions.

Client Integrations

Interact with agents from wherever your team already works:

  • Web UI — Full session management with real-time streaming, model/reasoning selectors, terminal panel, and multiplayer presence
  • Slack Bot — @mention or DM to start a session; replies thread back with results. Per-user model and branch preferences via App Home. See Slack integration
  • GitHub Bot — Auto-review on PR open or respond to @mentions in PR comments. Configurable per-repo. See GitHub integration
  • Linear Bot — Mention or assign the agent on an issue to start a coding session, post progress activities, and link the resulting PR. See Linear integration
  • Webhooks — Trigger sessions from any external system via authenticated HTTP POST

Automations

Schedule recurring tasks or react to external events — no human in the loop:

  • Cron schedules — Hourly, daily, weekly, monthly, or custom 5-field cron with timezone support
  • Sentry alerts — Auto-triage on new errors, regressions, or critical metric alerts
  • Inbound webhooks — JSONPath condition filters to gate which payloads spawn sessions
  • Multi-repo fan-out — One scheduled automation can run across up to 10 repositories, opening a separate session and pull request for each
  • Auto-pause after 3 consecutive failures, manual trigger button, full run history

See docs/AUTOMATIONS.md for setup instructions.

Sandbox Environment

Every session runs in an isolated sandbox backend with a full development environment:

  • Pre-installed: Node.js 22, Python 3.12, Bun, git, GitHub CLI, build-essential
  • Browser automation: agent-browser CLI with headless Chromium for screenshots, visual diffs, and UI verification
  • Code-server: Optional browser-based VS Code connected to the session workspace
  • Web terminal: ttyd-powered terminal accessible from the session UI
  • Port tunneling: Expose up to 10 dev server ports via encrypted tunnels. URLs are available in-sandbox at /workspace/.tunnels.env before .openinspect/start.sh runs (details)
  • Repo secrets: AES-256-GCM encrypted, scoped per-repo or globally, injected as env vars at spawn time. Supports bulk .env paste import

Sub-Task Spawning

Agents can decompose work into parallel child sessions:

  • spawn-task creates a child session in its own sandbox and returns immediately
  • Parent continues working while children run in parallel on separate branches
  • get-task-status and cancel-task for coordination
  • Depth limits and per-repo guardrails enforced

Repository Lifecycle Scripts

Repositories can define two optional startup scripts under .openinspect/:

# .openinspect/setup.sh (provisioning)
#!/bin/bash
npm install
pip install -r requirements.txt
# .openinspect/start.sh (runtime startup)
#!/bin/bash
docker compose up -d postgres redis
  • setup.sh runs for image builds and fresh sessions
  • setup.sh is skipped for repo-image and snapshot-restore starts
  • setup.sh failures are non-fatal for fresh sessions, but fatal in image build mode
  • start.sh runs for every non-build session startup (fresh, repo-image, snapshot-restore)
  • start.sh failures are strict: if present and it fails, session startup fails
  • Default timeouts:
  • SETUP_TIMEOUT_SECONDS (default 300)
  • START_TIMEOUT_SECONDS (default 120)
  • Both hooks receive OPENINSPECT_BOOT_MODE (build, fresh, repo_image, snapshot_restore)
  • Git operations in hooks can authenticate to other private repos on the configured SCM host when the shared installation has access

License

MIT

Credits

Inspired by Ramp's Inspect and built with:

Extension points exported contracts — how you extend this code

MultipartFieldsLike (Interface)
(no doc) [7 implementers]
packages/control-plane/src/media.ts
ServiceBinding (Interface)
* A minimal interface for a Cloudflare service binding's fetch method. [4 implementers]
packages/web/src/lib/control-plane.ts
ControlPlaneFetcher (Interface)
(no doc) [4 implementers]
packages/shared/src/completion/extractor.ts
IncomingMessageParams (Interface)
* Parameters for the shared incoming message handler.
packages/slack-bot/src/index.ts
LogSource (Interface)
Application-level fields emitted by our logger via console.log(JSON.stringify(...)).
scripts/cf-logs.ts
LinearAuthFailure (Interface)
(no doc) [1 implementers]
packages/linear-bot/src/utils/linear-client.ts
BuildOptions (Interface)
(no doc)
packages/opencomputer-infra/src/build-template.ts
GitHubAppConfig (Interface)
(no doc)
packages/github-bot/src/github-auth.ts

Core symbols most depended-on inside this repo

fetch
called by 428
packages/control-plane/src/session/runtime-client.ts
get
called by 418
packages/shared/src/cache-store.ts
error
called by 404
packages/shared/src/types/index.ts
error
called by 300
packages/control-plane/src/routes/shared.ts
info
called by 273
packages/shared/src/types/index.ts
warn
called by 249
packages/shared/src/types/index.ts
get
called by 193
packages/control-plane/src/storage/object-storage.ts
create
called by 190
packages/control-plane/src/repo-images/provider-factory.ts

Shape

Function 2,128
Method 1,470
Interface 554
Class 365
Route 1

Languages

TypeScript77%
Python23%

Modules by API surface

packages/control-plane/src/session/repository.ts92 symbols
packages/sandbox-runtime/tests/test_bridge_sse.py87 symbols
packages/control-plane/src/sandbox/lifecycle/manager.ts72 symbols
packages/control-plane/src/session/durable-object.ts70 symbols
packages/shared/src/types/index.ts61 symbols
packages/modal-infra/tests/test_tunnel_ports.py55 symbols
packages/control-plane/src/db/automation-store.ts54 symbols
packages/sandbox-runtime/tests/test_entrypoint_build_mode.py53 symbols
packages/sandbox-runtime/src/sandbox_runtime/entrypoint.py51 symbols
packages/sandbox-runtime/tests/test_git_credential_helper.py49 symbols
packages/web/src/components/ui/icons.tsx47 symbols
packages/sandbox-runtime/src/sandbox_runtime/bridge.py44 symbols

Datastores touched

appDatabase · 1 repos
dbDatabase · 1 repos

For agents

$ claude mcp add background-agents \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact