An agent is a manifest
Model, prompt, tools, permissions, limits, output schema — one YAML file, fully inspectable. No behavior hidden in code.
Open-source agent runtime — Go, local-first
Jeju turns agents into installable workers — pinned manifest, policy-gated workspace, evidence for every run. Your agent plans; cheap bounded specialists execute; you audit.
Dogfooded, not demoed — the four launch workers run the author's own writing pipeline.
› Review ~/drafts/launch-post.md for publish readiness.
jeju-writing · routed → writing/article-editor@0.1.0
$ jeju run p:writing/article-editor@0.1.0
run 20260708-a41f · deepseek-v4-pro · workspace ~/drafts · readOnly
tool read launch-post.md → allow
tool read ../notes/ideas.md → deny · outside workspace
model deepseek-v4-pro · review pass
{ "verdict": "needs_revision", "findings": 3 }
✓ evidence filed — trajectory.jsonl · report.html
$ jeju view 20260708-a41f
01 — What Jeju is
Jeju compiles a YAML manifest into a running worker. Everything the worker is allowed to be — and everything it did — exists as something you can read, diff, and version.
kind: Agent
metadata:
name: article-editor
models:
providers:
primary:
preset: deepseek
model: deepseek-v4-pro
temperature: 0.1
instructions:
system: prompts/article-editor.md
tools: [read, search]
permissions:
access: readOnly
runtime:
limits: { maxSteps: 24, maxToolCalls: 40 }
output:
name: editorial_review
schema: # verdict, findings[]…Model, prompt, tools, permissions, limits, output schema — one YAML file, fully inspectable. No behavior hidden in code.
Each tool call passes a policy gate. File access stays inside the declared workspace. Step and cost limits are enforced, not suggested.
trajectory.jsonl records model calls, tool calls, policy decisions, and artifacts. jeju view renders it as a report.
Versioned, digest-verified, installed by reference from a static registry. The same worker, reproducible on any machine.
02 — From manifest to report
Everything in between is enforced, not suggested: the manifest compiles into a bounded worker, every tool call passes the policy gate, and the whole run lands in one JSONL file that jeju view renders as a report.
Not a transcript — a record. jeju view renders the run's JSONL into this report: every model call, every gated tool call, every artifact, with cost attached. Failed runs exit non-zero, and the report says why.
03 — Why a runtime
Your orchestrator rewrites and translates at frontier prices. Jeju splits the bill: your model plans and reviews; cheap specialists execute.
A prompt is advice — it behaves differently across sessions and models. A manifest is pinned: model, temperature, tools, limits. Identical next month.
When delegated work goes wrong, a conversation tells you nothing. A run files trajectory.jsonl — every tool call gated, every decision recorded.
04 — Quickstart · 60 seconds
All you need: a coding agent (Claude Code, Codex, Cursor — 20+ work), a DEEPSEEK_API_KEY, and macOS or Linux. The skill bootstraps the Jeju runtime the first time your agent uses it; there is nothing else to set up.
A skill is just instructions. This one teaches your agent how to hire Jeju workers: which one fits a request, how to install it, how to run it, and what evidence to hand back to you.
npx skills add cosmtrek/jeju --skill jeju-writing -g→ registers jeju-writing with your coding agent
No new syntax — ask the way you already talk to your agent. It picks the cheapest capable worker, installs the package pinned by commit and sha256, and runs it read-only against your workspace. Simple asks skip review entirely.
› Review ~/drafts/launch-post.md for publish readiness.→ routes to writing/article-editor@0.1.0 · digest verified
Every delegated step prints its run id. The report shows each model call, what was read, what was denied, and what it cost — the same trajectory.jsonl you saw above. Failed runs exit non-zero, so your agent notices too.
$ jeju view 20260708-a41f→ opens the run report in your browser
05 — Build your own
Ready-made workers are the fast path. The base skill is jeju-agent-builder: describe a repeated workflow, and your agent turns it into a new bounded worker — or tells you a plain script would do.
› Turn my changelog drafting into a jeju agent.jeju validate, one real run, and the report to prove the worker behaves before you rely on it.npx skills add cosmtrek/jeju --skill jeju-agent-builder -gchangelog-drafter/
├── agents/
│ └── changelog-drafter.agent.yaml
├── prompts/
│ └── changelog-drafter.md
├── workspace/
├── eval/ # smoke evaluator
└── README.md
$ jeju validate agents/changelog-drafter.agent.yaml
✓ manifest ok · readOnly · maxSteps 16
$ jeju run … "Draft the changelog for last week."
✓ run 20260708-c7e2 · $0.00206 — First recipe
The first thing shipped on Jeju — and the builder loop's first product: four catalog workers behind one skill. jeju-writing turns your agent into a dispatcher — plain language in, the cheapest capable worker out. A review step is added only when stakes call for one; simple requests never pay for it.
You pick the findings worth fixing. The skill dispatches the rewriter or polisher with exactly those.
No rewriting on autopilot. Review findings go to the author; only the accepted subset becomes the next worker's task.
Workers run read-only inside a policy-gated workspace. They return text — they never touch your files.
Every step prints a run id. jeju view opens the report: what was read, what was denied, what it cost. Failed runs exit non-zero.
what the skill runs for you
jeju run --workspace ~/drafts --from ~/drafts/draft.md \
p:writing/article-editor@0.1.0 \
"Review this draft for publish readiness. Return only the configured JSON."final answer — schema-validated
{
"verdict": "needs_revision",
"summary": "Clear thesis, but the argument is asserted rather than built.",
"findings": [
{
"severity": "high",
"location": "opening paragraph",
"issue": "The central claim is stated as absolute but never defended.",
"suggestion": "Soften the claim or add a concrete comparison."
}
]
}07 — The open registry
The workers are packages resolved from a static registry — no accounts, no API. Each version pins a commit and a sha256 digest, checked on install. Published versions never change; content changes require a version bump. The catalog starts with four writing workers — the shelf is open.
packages:
writing/article-editor:
versions:
0.1.0:
source: github:cosmtrek/jeju//catalog/writing/article-editor?ref=<commit>
digest: sha256:966d…6affThe skill points JEJU_REGISTRY_INDEX at jeju.rickoyu.com/registry and installs what it needs. Prefer reading the source? Every package is a directory of YAML and prompts in the open catalog.
| package | model | boundary | version |
|---|---|---|---|
| writing/article-editorReview drafts for publish readiness, logic, structure, and prose flow. | deepseek-v4-pro | readOnly · read, search | 0.1.0 |
| writing/article-rewriterRewrite a draft according to concrete editorial suggestions. | deepseek-v4-pro | readOnly · read, search | 0.1.0 |
| writing/chinese-expression-polisherPolish Chinese expression into more idiomatic, natural, and fluent prose. | deepseek-v4-flash | readOnly · read, search | 0.1.0 |
| writing/translatorTranslate short text between languages with idiomatic Simplified Chinese output. | deepseek-v4-pro | readOnly · no tools | 0.1.0 |