Route tasks to specialized coding agents and compose them into higher-order workflows like parallel fan-out, structured discussions, and manager synthesis. Dependency-light and local-first.
"The design should separate authentication state, revocation, and audit events before implementation."
"Good. Also call out which parts are runtime policy and which parts belong in storage contracts."
"The storage contract stays small. The executor can route revocation checks through a configured backend."
"That gives us a clean implementation plan and a concrete list of follow-up tests."
Single-agent tasks have limits. Swarm coordinates diverse coding models through explicit roles, session records, and manager synthesis.
Sends the same task to independent workers, then gives their outputs to a manager for synthesis. Useful for architecture, implementation, and review perspectives.
Configures multiple roles to reason through a problem over one or more rounds. The session produces inspectable transcripts and digest artifacts.
Uses a manager agent to compare worker outputs, separate accepted facts from risky claims, and return a compact decision packet.
Wired directly in configuration, not in source code. Any local shell command or HTTP client can be declared as an agent backend using simple TOML.
Includes `swarm-manager`, providing an embedded agent loop, API provider registry, and credential vault for running models natively without heavy processes.
Provider keys can be encrypted at rest through the OS keyring, with environment-variable fallback for systems without keyring support.
Exposes reports, manifests, sessions, events, transcripts, and dispatch surfaces through the MCP crate.
Swarm keeps wire contracts, storage, routing, execution, transport, and native agent concerns in separate crates.
Events, jobs, telemetry (serde only)
Pure repo-trait substrate
Resolvers, classifiers, backend ABI
Orchestration, sessions, executor
CLI command dispatch
MCP server layer & registry
Providers, credentials, agent loop
Swarm splits operations into 9 distinct workspace crates. The default build is dependency-light: no async runtime, no HTTP, and no TLS by default. Select any crate node in the diagram to inspect its exact role in the system.
Get your swarm up and running in minutes. Install the CLI, configure your agent descriptors, and launch your first run.
Clone the repository and build the engine using Cargo. The default build avoids async, HTTP, and TLS dependencies.
cargo build --release
cargo testDeclare your agent execution endpoints by copying the example configuration into your local config file:
mkdir -p ~/.swarm
cp examples/config.example.toml ~/.swarm/config.tomlOpen ~/.swarm/config.toml and specify how your local CLIs should run. No Rust coding required to add custom agents:
# ~/.swarm/config.toml
[backend.claude]
kind = "cli"
command = "claude"
args = ["--print", "--model", "{model}"]
prompt = "stdin"
ready_check = { binary = "claude" }
[settings]
default_agent = "claude"Orchestrate runs from the command line. Launch a multi-round discussion with explicit participants:
cargo run -p swarm-cli -- discuss \
--participant architecture=claude:sonnet \
--participant review=codex \
"Analyze auth.rs for timing vulnerabilities"| Feature | Crate | Description |
|---|---|---|
openai |
swarm-exec |
Adds OpenAI-compatible HTTP backend using ureq + rustls. |
native |
swarm-exec |
Enables in-process agent execution loops via swarm-manager. |
runtime / http |
swarm-manager |
Equips the agent manager with HTTP API clients (reqwest + rustls). |
registry |
swarm-mcp |
Allows service self-registration with JSON registries. |
rmcp |
swarm-mcp |
Enables the rmcp-based MCP transport. |
The cli backend descriptor runs arbitrary commands exactly as declared. It inherits the host environment and executes with your user's exact privileges. Treat your config.toml with the same security classification as your shell profile.
When using network-based API endpoints, tasks, prompts, file contents, and workspace context may leave your local system and go to the configured provider.
Swarm provides no internal sandbox or permission broker in v1. Backend subprocesses run with their own local filesystem and network permissions.
swarm-manager can encrypt credentials at rest, but subprocess backends can still read whatever their process permissions allow. Vet external CLI wrappers.
Clone swarm, review the safety model, and start composing reliable multi-agent workflows.