Open-source agent runtime — Go, local-first

Hire a workforce
for your coding agent.

Jeju turns agents into installable workers — pinned manifest, policy-gated workspace, evidence for every run. Your agent plans; cheap bounded specialists execute; you audit.

Dogfooded, not demoed — the four launch workers run the author's own writing pipeline.

run replayjeju-writing

› Review ~/drafts/launch-post.md for publish readiness.

jeju-writing · routed → writing/article-editor@0.1.0

$ jeju run p:writing/article-editor@0.1.0

run 20260708-a41f · deepseek-v4-pro · workspace ~/drafts · readOnly

tool read  launch-post.md → allow

tool read  ../notes/ideas.md → deny · outside workspace

model deepseek-v4-pro · review pass

{ "verdict": "needs_revision", "findings": 3 }

evidence filed — trajectory.jsonl · report.html

$ jeju view 20260708-a41f

01 — What Jeju is

An agent is a file.
A run is a record.

Jeju compiles a YAML manifest into a running worker. Everything the worker is allowed to be — and everything it did — exists as something you can read, diff, and version.

kind: Agent
metadata:
  name: article-editor
models:
  providers:
    primary:
      preset: deepseek
      model: deepseek-v4-pro
      temperature: 0.1
instructions:
  system: prompts/article-editor.md
tools: [read, search]
permissions:
  access: readOnly
runtime:
  limits: { maxSteps: 24, maxToolCalls: 40 }
output:
  name: editorial_review
  schema: # verdict, findings[]…

An agent is a manifest

Model, prompt, tools, permissions, limits, output schema — one YAML file, fully inspectable. No behavior hidden in code.

Every run is bounded

Each tool call passes a policy gate. File access stays inside the declared workspace. Step and cost limits are enforced, not suggested.

Every run leaves evidence

trajectory.jsonl records model calls, tool calls, policy decisions, and artifacts. jeju view renders it as a report.

Agents ship as packages

Versioned, digest-verified, installed by reference from a static registry. The same worker, reproducible on any machine.

02 — From manifest to report

One YAML in,
one report out

Everything in between is enforced, not suggested: the manifest compiles into a bounded worker, every tool call passes the policy gate, and the whole run lands in one JSONL file that jeju view renders as a report.

  1. agent.yamldeclare the worker
  2. compilevalidate & pin
  3. runevery call policy-gated
  4. trajectory.jsonlthe canonical record
  5. jeju viewrender the report
report · run 20260708-a41fwriting/article-editor@0.1.0
verdict needs_revisionmodel deepseek-v4-proaccess readOnlycost $0.004
model.callplan review pass
tool.callread launch-post.mdallow
tool.callread ../notes/ideas.mddeny
model.callcompose findings
final.answereditorial_reviewschema ok
12 events · 8.4k tokens · trajectory.jsonl saved

Not a transcript — a record. jeju view renders the run's JSONL into this report: every model call, every gated tool call, every artifact, with cost attached. Failed runs exit non-zero, and the report says why.

03 — Why a runtime

Delegation without a runtime is hoping

a. Frontier models doing grunt work

Your orchestrator rewrites and translates at frontier prices. Jeju splits the bill: your model plans and reviews; cheap specialists execute.

b. Prompted behavior drifts

A prompt is advice — it behaves differently across sessions and models. A manifest is pinned: model, temperature, tools, limits. Identical next month.

c. Chat logs are not evidence

When delegated work goes wrong, a conversation tells you nothing. A run files trajectory.jsonl — every tool call gated, every decision recorded.

04 — Quickstart · 60 seconds

One install, one sentence,
one audited run

All you need: a coding agent (Claude Code, Codex, Cursor — 20+ work), a DEEPSEEK_API_KEY, and macOS or Linux. The skill bootstraps the Jeju runtime the first time your agent uses it; there is nothing else to set up.

  1. Install the skill

    A skill is just instructions. This one teaches your agent how to hire Jeju workers: which one fits a request, how to install it, how to run it, and what evidence to hand back to you.

    npx skills add cosmtrek/jeju --skill jeju-writing -g

    → registers jeju-writing with your coding agent

  2. Say what you need

    No new syntax — ask the way you already talk to your agent. It picks the cheapest capable worker, installs the package pinned by commit and sha256, and runs it read-only against your workspace. Simple asks skip review entirely.

     Review ~/drafts/launch-post.md for publish readiness.

    → routes to writing/article-editor@0.1.0 · digest verified

  3. Audit the evidence

    Every delegated step prints its run id. The report shows each model call, what was read, what was denied, and what it cost — the same trajectory.jsonl you saw above. Failed runs exit non-zero, so your agent notices too.

    $ jeju view 20260708-a41f

    → opens the run report in your browser

05 — Build your own

Your agent builds
the next worker

Ready-made workers are the fast path. The base skill is jeju-agent-builder: describe a repeated workflow, and your agent turns it into a new bounded worker — or tells you a plain script would do.

 Turn my changelog drafting into a jeju agent.
  1. Decide fit. Not everything deserves an agent. If a deterministic script is enough, the skill says so and stops.
  2. Scaffold the bundle. Manifest, prompt, workspace, README — with a model tier, tools, and step limits sized to the task.
  3. Default to read-only. Writes, shell, or network are declared only when the workflow demands them, and gated by policy either way.
  4. Validate and smoke-run. jeju validate, one real run, and the report to prove the worker behaves before you rely on it.
npx skills add cosmtrek/jeju --skill jeju-agent-builder -g
changelog-drafter/
├── agents/
│   └── changelog-drafter.agent.yaml
├── prompts/
│   └── changelog-drafter.md
├── workspace/
├── eval/                # smoke evaluator
└── README.md

$ jeju validate agents/changelog-drafter.agent.yaml
✓ manifest ok · readOnly · maxSteps 16
$ jeju run … "Draft the changelog for last week."
✓ run 20260708-c7e2 · $0.002

06 — First recipe

The writing team

The first thing shipped on Jeju — and the builder loop's first product: four catalog workers behind one skill. jeju-writing turns your agent into a dispatcher — plain language in, the cheapest capable worker out. A review step is added only when stakes call for one; simple requests never pay for it.

“Translate this abstract.”writing/translatortranslated text
“这段中文帮我改自然一点。”writing/chinese-expression-polisherpolished draft
“Rewrite this for a technical audience.”writing/article-rewriterrevised draft
“Is this ready to publish?”writing/article-editorverdict + findings, JSON

You pick the findings worth fixing. The skill dispatches the rewriter or polisher with exactly those.

Humans pick the findings

No rewriting on autopilot. Review findings go to the author; only the accepted subset becomes the next worker's task.

The boundary stays explicit

Workers run read-only inside a policy-gated workspace. They return text — they never touch your files.

Verify the run, not the vibe

Every step prints a run id. jeju view opens the report: what was read, what was denied, what it cost. Failed runs exit non-zero.

what the skill runs for you

jeju run --workspace ~/drafts --from ~/drafts/draft.md \
  p:writing/article-editor@0.1.0 \
  "Review this draft for publish readiness. Return only the configured JSON."

final answer — schema-validated

{
  "verdict": "needs_revision",
  "summary": "Clear thesis, but the argument is asserted rather than built.",
  "findings": [
    {
      "severity": "high",
      "location": "opening paragraph",
      "issue": "The central claim is stated as absolute but never defended.",
      "suggestion": "Soften the claim or add a concrete comparison."
    }
  ]
}

07 — The open registry

Pinned, verified, immutable

The workers are packages resolved from a static registry — no accounts, no API. Each version pins a commit and a sha256 digest, checked on install. Published versions never change; content changes require a version bump. The catalog starts with four writing workers — the shelf is open.

packages:
  writing/article-editor:
    versions:
      0.1.0:
        source: github:cosmtrek/jeju//catalog/writing/article-editor?ref=<commit>
        digest: sha256:966d…6aff

The skill points JEJU_REGISTRY_INDEX at jeju.rickoyu.com/registry and installs what it needs. Prefer reading the source? Every package is a directory of YAML and prompts in the open catalog.

packagemodelboundaryversion
writing/article-editorReview drafts for publish readiness, logic, structure, and prose flow.deepseek-v4-proreadOnly · read, search0.1.0
writing/article-rewriterRewrite a draft according to concrete editorial suggestions.deepseek-v4-proreadOnly · read, search0.1.0
writing/chinese-expression-polisherPolish Chinese expression into more idiomatic, natural, and fluent prose.deepseek-v4-flashreadOnly · read, search0.1.0
writing/translatorTranslate short text between languages with idiomatic Simplified Chinese output.deepseek-v4-proreadOnly · no tools0.1.0