https://github.com/bounded-systems/prx
The agent-run work-unit CLI: capability-scoped agents whose every privileged effect is verified against its signed owner, driving a work unit through one signed pipeline to a merged PR.
https://github.com/bounded-systems/prx
agent-infra agents ai-agent ai-agents anthropic capability-security claude claude-code cli llm mcp security
Last synced: 2 days ago
JSON representation
The agent-run work-unit CLI: capability-scoped agents whose every privileged effect is verified against its signed owner, driving a work unit through one signed pipeline to a merged PR.
- Host: GitHub
- URL: https://github.com/bounded-systems/prx
- Owner: bounded-systems
- License: other
- Created: 2026-05-30T21:59:08.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-06-28T22:21:21.000Z (7 days ago)
- Last Synced: 2026-06-28T22:21:36.033Z (7 days ago)
- Topics: agent-infra, agents, ai-agent, ai-agents, anthropic, capability-security, claude, claude-code, cli, llm, mcp, security
- Language: TypeScript
- Size: 8.16 MB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 64
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
- Roadmap: docs/roadmap/prx.md
Awesome Lists containing this project
README
# prx
> The agent-run work-unit CLI: capability-scoped agents driving each work unit through one signed, content-addressed pipeline to a merged PR — git-writes signed by a capability-gated actor.
`prx` — the agent-run PR contract / work-unit CLI, plus the `@bounded-systems/*`
libraries it builds on. A Bun + TypeScript monorepo.
## Layout
- `packages/prx/` — The agent-run PR contract / work-unit CLI
- `packages/*` — the `@bounded-systems/*` libraries it builds on, workspace-internal
via `workspace:*`:
- `prx-config` — TUI configuration schema parser/emitter for L1 Claude and L2 Warp tools
- `spec/` — the prx effect/contract spec (`schema.cue`)
## Build & test
```bash
bun install
bun test
bun run typecheck
bun run prx:build # → dist/prx (self-contained binary)
```
## Install
prx ships as a **released binary** (per platform) attached to each GitHub
release, plus a container image at `ghcr.io/bounded-systems/prx`. Distribution
is the binary — nix is one install path among several.
### Homebrew
This repo doubles as a tap (it has a `Formula/`), so:
```bash
brew tap bounded-systems/prx https://github.com/bounded-systems/prx
brew install prx
```
(The explicit tap URL is needed because the repo is `prx`, not `homebrew-prx`.)
### Nix flake (hermetic)
The flake's packages are the released binaries fetched via `fetchurl`, so they
build under `sandbox = true` with no `nix.conf` changes:
```bash
nix run github:bounded-systems/prx -- --version
nix build github:bounded-systems/prx#prx # → result/bin/prx
```
### home-manager (portable module)
Any home-manager config can install prx via the exported module:
```nix
{
inputs.prx.url = "github:bounded-systems/prx";
# in your home-manager configuration's modules list:
modules = [ prx.homeManagerModules.default ];
}
```
```nix
# then, in a home-manager module:
programs.prx = {
enable = true;
# optional consumer wiring the released binary does not bake:
aiHomeRoot = "${config.home.homeDirectory}/.config/ai-home"; # PRX_AI_HOME_ROOT
claudePath = "${config.home.homeDirectory}/.local/bin/claude"; # BAKED_CLAUDE_CODE_PATH
installWt = true; # also install the `wt` worktree wrapper
};
```
This installs `prx` (and optionally `wt`) into
`~/.local/bin`. The per-release sha256s live in `release-hashes.json`, updated
automatically by the `release-binary` workflow on each tag.
## Publishing
Public `@bounded-systems/*` leaves (e.g. `cas`) are published to npm via
changesets + `.github/workflows/release.yml` (SLSA provenance). See
`docs/companion-repos.md`.
## Community & governance
- [`LICENSE`](LICENSE) — see below
- [`CONTRIBUTING.md`](CONTRIBUTING.md) — how to build, test, and propose changes
- [`CODE_OF_CONDUCT.md`](CODE_OF_CONDUCT.md) — Contributor Covenant 2.1
- [`SECURITY.md`](SECURITY.md) — report vulnerabilities privately
These files, the `.github/` issue + pull-request templates, and their shared
facts (project, copyright, security contact, supported versions) are
**generated** from `packages/prx/community/` — edit `community.json` (validated
against a JSON Schema with ajv) or the pinned templates, then
`bun run community:render`. `bun run community:check` (and the test suite) fail
on drift, so the governance docs can't fall out of sync.
This README is generated the same way: `community.json` and each package's
`description` are first projected into [`prx.jsonld`](prx.jsonld) — a hostable
schema.org JSON-LD `@graph` of the project, its packages, and its governance
facts (`packages/prx/src/graph/`). `bun run readme:render` then reads the
README's tokens out of that graph and renders this template;
`bun run jsonld:render` / `bun run readme:render` (and their `:check` variants,
run in CI) keep the graph, the README, and the sources in lockstep.
## License
`prx` is **source-available**, not OSI open-source. It is licensed under the
[PolyForm Noncommercial License 1.0.0](https://polyformproject.org/licenses/noncommercial/1.0.0)
(`PolyForm-Noncommercial-1.0.0`): free for any **noncommercial** use, with all
commercial rights reserved to the copyright holder. For a commercial license,
contact the maintainer at . See [`LICENSE`](LICENSE).