bernstein

What you see while it runs:

$ bernstein -g "Add JWT auth"
[manager] decomposed into 4 tasks
[agent-1] claude-sonnet: src/auth/middleware.py  (done, 2m 14s)
[agent-2] codex:         tests/test_auth.py      (done, 1m 58s)
[verify]  all gates pass. merging to main.

Why it's different

Most agent orchestrators use an LLM to decide who does what. That's non-deterministic and burns tokens on scheduling instead of code. Bernstein does one LLM call to break down your goal, then the rest — running agents in parallel, isolating their git branches, running tests, routing retries — is plain Python. Every run is reproducible. Every step is logged and replayable.

No framework to learn. No vendor lock-in. Swap any agent, any model, any provider.

Other install options: pipx install bernstein, pip install bernstein, uv tool install bernstein, brew, dnf copr, npx bernstein-orchestrator. See install options.

Supported agents

Bernstein auto-discovers installed CLI agents. Mix them in the same run. Cheap local models for boilerplate, heavier cloud models for architecture.

31 CLI agent adapters: 30 third-party wrappers plus a generic wrapper for anything with --prompt.

| Agent | Models | Install | |-------|--------|---------| | Claude Code | Opus 4, Sonnet 4.6, Haiku 4.5 | npm install -g @anthropic-ai/claude-code | | Codex CLI | GPT-5, GPT-5 mini | npm install -g @openai/codex | | OpenAI Agents SDK v2 | GPT-5, GPT-5 mini, o4 | pip install 'bernstein[openai]' | | Gemini CLI | Gemini 2.5 Pro, Gemini Flash | npm install -g @google/gemini-cli | | Cursor | Sonnet 4.6, Opus 4, GPT-5 | Cursor app | | Aider | Any OpenAI/Anthropic-compatible | pip install aider-chat | | Amp | Amp-managed | npm install -g @sourcegraph/amp | | Cody | Sourcegraph-hosted | npm install -g @sourcegraph/cody | | Continue | Any OpenAI/Anthropic-compatible | npm install -g @continuedev/cli (binary: cn) | | Goose | Any provider Goose supports | See Goose docs | | IaC (Terraform/Pulumi) | Any provider the base agent uses | Built-in | | Kilo | Kilo-hosted | See Kilo docs | | Kiro | Kiro-hosted | See Kiro docs | | Ollama + Aider | Local models (offline) | brew install ollama | | OpenCode | Any provider OpenCode supports | See OpenCode docs | | Qwen | Qwen Code models | npm install -g @qwen-code/qwen-code | | Cloudflare Agents | Workers AI models | bernstein cloud login | | Generic | Any CLI with --prompt | Built-in |

Any adapter also works as the internal scheduler LLM. Run the entire stack without any specific provider:

internal_llm_provider: gemini            # or qwen, ollama, codex, goose, ...
internal_llm_model: gemini-2.5-pro

[!TIP] Run bernstein --headless for CI pipelines. No TUI, structured JSON output, non-zero exit on failure.

Quick start

cd your-project
bernstein init                    # creates .sdd/ workspace + bernstein.yaml
bernstein -g "Add rate limiting"  # agents spawn, work in parallel, verify, exit
bernstein live                    # watch progress in the TUI dashboard
bernstein stop                    # graceful shutdown with drain

For multi-stage projects, define a YAML plan:

bernstein run plan.yaml           # skips LLM planning, goes straight to execution
bernstein run --dry-run plan.yaml # preview tasks and estimated cost

How it works

1. Decompose. The manager breaks your goal into tasks with roles, owned files, and completion signals.
2. Spawn. Agents start in isolated git worktrees, one per task. Main branch stays clean.
3. Verify. The janitor checks concrete signals: tests pass, files exist, lint clean, types correct.
4. Merge. Verified work lands in main. Failed tasks get retried or routed to a different model.

The orchestrator is a Python scheduler, not an LLM. Scheduling decisions are deterministic, auditable, and reproducible.

Cloud execution (Cloudflare)

Bernstein can run agents on Cloudflare Workers instead of locally. The bernstein cloud CLI handles deployment and lifecycle.

• Workers. Agent execution on Cloudflare's edge, with Durable Workflows for multi-step tasks and automatic retry.
• V8 sandbox isolation. Each agent runs in its own isolate, no container overhead.
• R2 workspace sync. Local worktree state syncs to R2 object storage so cloud agents see the same files.
• Workers AI (experimental). Use Cloudflare-hosted models as the LLM provider, no external API keys required.
• D1 analytics. Task metrics and cost data stored in D1 for querying.
• Vectorize. Semantic cache backed by Cloudflare's vector database.
• Browser rendering. Headless Chrome on Workers for agents that need to inspect web output.
• MCP remote transport. Expose or consume MCP servers over Cloudflare's network.

bernstein cloud login      # authenticate with Bernstein Cloud
bernstein cloud deploy     # push agent workers
bernstein cloud run plan.yaml  # execute a plan on Cloudflare

A bernstein cloud init scaffold for wrangler.toml and bindings is planned.

Capabilities

Core orchestration. Parallel execution, git worktree isolation, janitor verification, quality gates (lint, types, PII scan), cross-model code review, circuit breaker for misbehaving agents, token growth monitoring with auto-intervention.

Intelligence. Contextual bandit router for model/effort selection. Knowledge graph for codebase impact analysis. Semantic caching saves tokens on repeated patterns. Cost anomaly detection (burn-rate alerts). Behavior anomaly detection with Z-score flagging.

Sandboxing. Pluggable SandboxBackend protocol — run agents in local git worktrees (default), Docker containers, E2B Firecracker microVMs, or Modal serverless containers (with optional GPU). Plugin authors can register custom backends through the bernstein.sandbox_backends entry-point group. Inspect installed backends with bernstein agents sandbox-backends.

Artifact storage. .sdd/ state can stream to pluggable ArtifactSink backends: local filesystem (default), S3, Google Cloud Storage, Azure Blob, or Cloudflare R2. BufferedSink keeps the WAL crash-safety contract by writing locally with fsync first and mirroring to the remote asynchronously.

Skill packs. Progressive-disclosure skills (OpenAI Agents SDK pattern): only a compact skill index ships in every spawn's system prompt, agents pull full bodies via the load_skill MCP tool on demand. 17 built-in role packs plus third-party bernstein.skill_sources entry-points.

Controls. HMAC-chained audit logs, policy engine, PII output gating, WAL-backed crash recovery (experimental multi-worker safety), OAuth 2.0 PKCE. SSO/SAML/OIDC support is in progress.

Observability. Prometheus /metrics, OTel exporter presets, Grafana dashboards. Per-model cost tracking (bernstein cost). Terminal TUI and web dashboard. Agent process visibility in ps.

Ecosystem. MCP server mode, A2A protocol support, GitHub App integration, pluggy-based plugin system, multi-repo workspaces, cluster mode for distributed executi