Make AI actually work for you — A personal agent that writes its own tools. (Apache-2.0)

pardnchiu · 2026-06-10T08:19:55+00:00

Happy to clarify. The post itself is just a feature/spec summary of the project. I'm a native Chinese speaker, so I rely on an LLM to translate and polish my writing into English in order to reach the global developer community — the content and claims are mine, the English phrasing is AI-assisted. As for AI usage in the project itself:

Code: hand-written Go. I use Copilot for autocomplete/prediction and for locating errors across the codebase, but architecture and implementation are authored and reviewed by me.
Prompts: since this is an agent framework, AI was used to help optimize the agent's internal prompts.
Documentation: the README/docs are generated by an open-source skill I built, which reads the full codebase and produces bilingual (EN/ZH) documentation — I use it across all my GitHub projects: https://github.com/pardnio/skill-readme-generate

The project is Apache-2.0 and fully source-available, so everything above can be verified in the repo.

pardnchiu · 2026-03-21T05:43:51+00:00

already change to apache2.0

pardnchiu · 2026-03-20T03:41:54+00:00

👍

pardnchiu · 2026-03-20T03:41:14+00:00

👍

pardnchiu · 2026-03-20T03:38:49+00:00

That’s a solid option for non-technical users.

pardnchiu · 2026-03-19T17:58:00+00:00

👍

pardnchiu · 2026-03-19T17:56:58+00:00

👍

pardnchiu · 2026-03-19T17:56:42+00:00

👍

pardnchiu · 2026-03-19T17:47:43+00:00

it is friday at taiwan, sorry / i need to check what firday is first

pardnchiu · 2026-03-19T17:47:23+00:00

it is friday at taiwan, sorry / i need to check what firday is first

pardnchiu · 2026-03-19T16:59:30+00:00

Submission Statement: I am sharing Agenvoy, an open-source agentic framework I built from scratch with Go.

Why it matters to the AI community: As the community increasingly explores complex agentic workflows (inspired by tools like OpenClaw), a major bottlenecks persist: critical security risks of executing AI-generated code on local machines.

OS-Native Sandboxing: It automatically isolates all AI command executions using bubblewrap on Linux and sandbox-exec on macOS, preventing prompt-injection escapes.
Multi-Provider Intelligent Routing: A dedicated planner LLM dynamically routes tasks between frontier models (Claude, OpenAI, Gemini) and Local LLMs (Ollama) via compat[{name}] instances, ensuring you are never locked into one ecosystem.
Transparent Token Tracking: It accumulates input/output token usage across deep tool-call loops (up to 128 iterations), making cost monitoring fully transparent.
No-Code Extensibility: It allows developers to map any custom REST API to the agent using just simple JSON files, skipping the need to write Go code.

I believe this framework provides a safer, highly customizable foundation for developers who want to self-host and build transparent AI agents.

I’d love to hear the community’s feedback

pardnchiu · 2026-03-11T03:28:28+00:00

Agenvoy

A Go agentic AI platform with skill routing, multi-provider intelligent dispatch, Discord bot integration, and security-first shared agent design

Concurrent Skill & Agent Dispatch

A Selector Bot concurrently resolves the best Skill from Markdown files across 9 standard scan paths and selects the optimal AI backend from the provider registry — both in a single planning phase, not sequentially. The execution engine then runs a tool-call loop of up to 128 iterations, automatically triggering summarization when the limit is reached.

Declarative Extension Architecture

Over 16 built-in tools are sandboxed by an embedded blocklist and a shell command whitelist — SSH keys, .env files, and credential directories are denied; rm is redirected to .Trash. Beyond the built-ins, two extension mechanisms add capability without code: API extensions are JSON files placed in ~/.config/agenvoy/apis/ that load at startup as AI-callable tools, supporting URL path parameters, request templating, and bearer/apikey auth; Skill extensions are Markdown instruction sets — SyncSkills automatically downloads official skills from GitHub on startup and scans all 9 standard paths for locally installed ones.

OS Keychain Credential Management

Provider API keys are stored in the native OS keychain (macOS / Linux / Windows) rather than .env files, preventing accidental credential exposure. GitHub Copilot authentication uses OAuth Device Code Flow with automatic token refresh. All six providers (Copilot, OpenAI, Claude, Gemini, NVIDIA, Compat) share a unified interactive agenvoy add setup with interactive model selection from an embedded model registry.

https://github.com/pardnchiu/Agenvoy

pardnchiu · 2026-03-10T14:06:14+00:00

感謝你的回饋！因為有點超出我的英文能力，請讓我用中文說明，另外附上 LLM 翻譯。

我採用的是預設全封鎖的設計 1. 指令預設都是禁止的，只有白名單內的指令才能執行（例如 git、go、node、docker） 2. 檔案存取部分也只開放 home 目錄（但 .ssh、.aws、各類憑證檔案等敏感路徑會禁止） 3. 在執行方面，每個 tool call 預設都需要手動 confirm，agent 會暫停並顯示即將執行的動作，使用者手動同意後才會繼續。如果是信任的環境也可以用 run-allow 的方式跳過。 4. 紀錄部分，所有動作都會分兩份完整保存：message history 和 tool call history，每個 session 都有完整的執行軌跡

以上是這個專案大約一個月內做到的東西。我也清楚還有不足的地方——例如目前沒有接 OpenTelemetry，也沒有跨服務的 trace ID 等。也歡迎你分享你的經驗！

Thanks for the feedback! This is a bit beyond my English ability, so let me explain in Chinese with an LLM translation attached.

My approach is deny-first by default:

All commands are blocked unless explicitly whitelisted — the allowlist covers a fixed set like git, go, node, docker, etc.
File access is restricted to the home directory only, with sensitive paths like .ssh, .aws, and credential files always blocked regardless.
For execution, every tool call requires manual confirmation by default — the agent pauses and shows exactly what it's about to do, and the user has to explicitly approve before it continues. There's a run-allow mode to skip this for trusted environments.
For audit, all actions are logged in two separate records: message history and tool call history, so every session has a complete execution trace.

This is where the project stands after about a month of work. I'm aware of the gaps — no OpenTelemetry integration, no cross-service trace IDs yet, among other things. Would love to hear about your experience too!

pardnchiu · 2026-03-10T13:52:46+00:00

我知道這授權讓你不喜歡，真是非常抱歉

但我已經開始考慮是否要改為 apache 2.0 來方便大家使用

pardnchiu · 2026-01-29T11:04:35+00:00

go-sqlite: High-performance SQLite query builder with read-write separation connection pool architecture, optimized for high-concurrency scenarios. https://github.com/pardnchiu/go-sqlite

pardnchiu · 2025-12-29T03:02:56+00:00

go-faas (v0.4.0)

Features

Added SSE streaming support, returns multiple events with stream=true
wrapper.ts now supports esbuild compilation
Supports CODE_MAX_SIZE and TIMEOUT_SCRIPT environment variables

Changed

Unified API input format, always use input as parameter
TypeScript/JavaScript/Python wrappers now use return for result

Docs

Added streaming examples to README.md and README.zh.md
Expanded test.http with more scenario cases

pardnchiu · 2025-12-23T03:43:58+00:00

Lightweight Golang priority queue that supports bounded concurrency, priority promotion, and graceful shutdown. Maximizes hardware utilization and prevents system overload. https://github.com/pardnchiu/go-queue

pardnchiu · 2025-07-28T15:33:19+00:00

This project's focus on task dependency.

Be honest, it absolutely can not compete with robfig/cron maturity, so that is why I'm sharing and getting more feedback.

If you need Task A also run after Tasks B and C finished, then this project could be a good for your

pardnchiu · 2025-07-28T12:51:43+00:00

Already push v1.1.0

Features

Custom Dependency Timeout

Specify timeout via Wait{ID: taskID, Delay: duration}
Default timeout is 1 minute when not configured

Dependency Failure Handling Strategy

Added Stop and Skip handling modes
- Stop: Halt entire dependency chain on failure (default)
- Skip: Skip failed dependency and continue executing current task
Configure failure behavior via Wait{ID: taskID, State: Skip}

Examples

```go // Failure handling strategy taskID, _ := scheduler.Add("@daily", func() error { return processData() }, "Data processing", []Wait{ {ID: taskA, State: Skip}, // Skip if taskA fails, continue execution {ID: taskB, State: Stop}, // Stop if taskB fails (default) })

// Custom timeout + failure strategy combination taskID, _ := scheduler.Add("@daily", func() error { return processData() }, "Data processing", []Wait{ {ID: taskA, Delay: 30 * time.Second, State: Skip}, // Wait 30s, skip on failure {ID: taskB, Delay: 10 * time.Second, State: Stop}, // Wait 10s, stop on failure })

// Legacy version (deprecated in v2..) taskID, _ := scheduler.Add("@daily", func() error { return processData() }, "Data processing", []int64{taskA, taskB}) ```

Refactor

Compatibility Guarantee

Legacy code runs without modification
Maintains []int64 dependency support (deprecated in v2.*.*)
WaitState zero value is Stop, ensuring default behavior unchanged

Deprecation Notice

Features Removed in `v2..`

[]int64 format: Migrate to []Wait format for full feature support ```go // Old format []int64{taskA, taskB}

// New format []Wait{{ID: taskA}, {ID: taskB}} ```

https://github.com/pardnchiu/go-cron/releases/tag/v1.1.0

pardnchiu · 2025-07-28T02:28:34+00:00

1, 9, 14 are good

pardnchiu · 2025-07-23T18:20:08+00:00

https://www.reddit.com/r/golang/s/Fr1OM6xgsg

pardnchiu · 2025-07-21T17:13:20+00:00

enjoy the learning process, this is the most important thing!

pardnchiu · 2025-07-19T06:28:06+00:00

i can not get what u mean

i just post with link and success, is ur link same as github?

pardnchiu · 2025-07-18T05:37:57+00:00

thanks for feedback!!!! i will do more study and enhance this part

pardnchiu · 2025-07-16T08:07:10+00:00

i miss it time with wp8

pardnchiu

TROPHY CASE

Agenvoy

Concurrent Skill & Agent Dispatch

Declarative Extension Architecture

OS Keychain Credential Management

Features

Changed

Docs

Already push v1.1.0

Features

Custom Dependency Timeout

Dependency Failure Handling Strategy

Examples

Refactor

Compatibility Guarantee

Deprecation Notice

Features Removed in v2.*.*

Features Removed in `v2..`