by graniet
Orchestration engine for long-running, tool-using AI agents
# Add to your Claude Code skills
git clone https://github.com/graniet/kheishLast scanned: 5/30/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-30T16:11:43.389Z",
"npmAuditRan": true,
"pipAuditRan": true
}kheish is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by graniet. Orchestration engine for long-running, tool-using AI agents. It has 301 GitHub stars.
Yes. kheish passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/graniet/kheish" and add it to your Claude Code skills directory (see the Installation section above).
kheish is primarily written in Rust. It is open-source under graniet on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh kheish against similar tools.
No comments yet. Be the first to share your thoughts!
Kheish enforces one rule:
An agent's execution is durable, scoped, and accountable — independently of any caller, process, or human reachability.
Everything else in this README is a consequence of that single invariant. If a feature does not protect this rule, it does not belong in the daemon.
The rule has three properties, and they are not separable:
That is the product. The daemon, the connectors, the capture pipeline, the multi-provider routing, the skills, the schedules — they exist to keep that one rule true under real-world conditions.
LangChain, AutoGen, CrewAI and vanilla SDK loops are excellent at composing agents inside an application. Kheish addresses a different failure mode: what happens when the application, the human, or the credential boundary disappears while the run is still alive.
In the in-process model, the agent and the caller share a fate:
Kheish decouples them. The agent is a daemon-managed resource, like a database row or a workflow execution. Callers — a CLI, Slack, a webhook, your code — submit and observe; they do not host the run. Composition stays in your application; execution moves into the daemon.
The thing to read this against: Kubernetes is a control plane for containers. Temporal is a control plane for workflows. Kheish is a control plane for AI agents. Same shape, same reason it exists — to make the running thing outlive the caller, and to make the operator the source of truth instead of the script.
Build the daemon binary; it acts as the server and the CLI client.
cargo build -p kheish-daemon
Start the daemon. By default it binds 127.0.0.1:4000 and journals state under ./.kheish-daemon. To actually run an agent you need a provider key — set at least one of ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, or XAI_API_KEY in the daemon's environment before serve:
export ANTHROPIC_API_KEY=sk-ant-... # any one provider is enough
./target/debug/kheish-daemon serve
In another terminal, talk to it via the same binary as a client:
# 1. Confirm the daemon is alive (works without any provider key)
./target/debug/kheish-daemon status
# 2. Open a session
./target/debug/kheish-daemon sessions create demo
# 3. Submit input — returns a run id immediately; the run continues in the daemon
./target/debug/kheish-daemon sessions input demo "Inspect this repo and summarize it."
# 4. Observe runs attached to the session
./target/debug/kheish-daemon runs list --session-id demo
# 5. Wait until a run reaches a terminal state, or stream live events
./target/debug/kheish-daemon runs wait <run-id>
./target/debug/kheish-daemon runs stream <run-id>
Stop the daemon, restart serve, and the same runs list reflects journaled state — including any approval or user-question gates that paused mid-run. That round-trip is the invariant in action.
If you only want to confirm the control plane works without spending tokens, the no-provider path is
status→capabilities→sessions create demo→sessions get demo. Submitting input requires a configured provider.
Kheish is organized as a Rust workspace centered around a daemon control plane, a provider-agnostic runtime, an orchestration layer, and a shared session and journal model. The daemon is the operational entry point and the source of truth for sessions, runs, tasks, approvals, runtime configuration, and external integrations.
The runtime supports daemon-managed route inventories across Anthropic, OpenAI, Google, and xAI drivers, plus built-in coding and web tools, reusable skills, lifecycle hooks, MCP-backed tools, daemon-managed ingress connectors, and generic routed output delivery. Long-lived credentials stay in daemon-managed auth slots, while runs and child sidecars resolve brokered short-lived leases instead of receiving root secrets directly. Long-lived agent state is persisted through append-only session records and restored on restart.
Kheish models capture as durable observations, not provider-specific media input.
A screen snapshot, webcam frame, microphone segment, browser event, or external connector payload is ingested into daemon-owned observation sources, retained under policy, and later materialized into a normal session run. Sources carry retention, sensitivity, and materialization policy; ingest is gated by per-source upload tokens with leases, expiration, and one-command revocation.
This means agents can reason over external context without depending on where it came from — a host-local capture process, a browser extension, a webhook, a connector, or another system. From the agent's point of view, it is just an observation.
See docs/capture.md for supported source kinds and media types, capture-agent provisioning, capture-group correlation, transcription-derived canonical text, and the kheish-capture host-local reference runtime.
Before exposing the daemon beyond localhost, enable control-plane authentication and review the active permission, hook, connector, and output-routing configuration for your deployment. Kheish includes built-in bearer auth for the control plane, brokered runtime auth for credential-backed execution, and signed append-only audit records for external actions.
Sessions and sidechains can further narrow auth-backed resources through CredentialScope, so delegated work can keep route access without inheriting connector or MCP credentials by default.
See AGENTS.md for the operator guide used when working in this repository.
See LICENSE.