freshcrate
Skin:/
Language:English/įŽ€äŊ“中文
Home > AI Agents > tokenman

tokenman

A self-evolving scaffold for autonomous web projects. 9 workflows, hourly self-evolution, self-healing pipeline, feedback learning loop. The repo is the system.

agent-harnessai-agentastroautonomousclaudeclaude-codegithub-actionsharness-engineeringshell
Why this rank:Release freshnessHealthy release cadenceStrong adoption

Description

A self-evolving scaffold for autonomous web projects. 9 workflows, hourly self-evolution, self-healing pipeline, feedback learning loop. The repo is the system.

README

Tokenman

Tokenman is a thin control layer for Claude inside GitHub Actions.

The MVP is intentionally narrow:

  • one job: docs_maintainer
  • one runtime: GitHub Actions
  • one trust boundary: explicit read_paths and write_paths
  • three outcomes: pull request, issue, or no-op

Claude does the reasoning and editing. Tokenman supplies the fixed job, prompt shaping, scope enforcement, output routing, run artifacts, and append-only history.

MVP contract

The public surface is the GitHub Action at action.yml. It accepts:

  • github_token
  • read_paths
  • write_paths
  • job_type default docs_maintainer
  • on_high_confidence default pull_request
  • on_low_confidence default issue

Tokenman runs Claude against the checked-out repo, validates the diff, and then:

  • opens a PR when the edit is in-scope
  • opens an issue when the run is blocked or confidence is low
  • records a no-op when nothing useful changed

Example

name: Tokenman Docs Maintainer

on:
  push:
    branches:
      - main
    paths:
      - "services/payments/**"
      - "openapi/payments.yaml"
  workflow_dispatch:

jobs:
  docs-maintainer:
    runs-on: ubuntu-latest

    permissions:
      contents: write
      pull-requests: write
      issues: write

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Run Tokenman
        uses: your-org/tokenman@v1
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          read_paths: |
            services/payments/**
            openapi/payments.yaml
          write_paths: |
            docs/payments/**
          on_high_confidence: pull_request
          on_low_confidence: issue

ANTHROPIC_API_KEY is shown above because Tokenman wraps the official Claude Code Action, which needs model authentication for automation runs. You can also provide CLAUDE_CODE_OAUTH_TOKEN instead.

Repo shape

The MVP user-facing files are:

  • action.yml
  • entrypoint.sh
  • prompt.md
  • README.md

The harness/ package remains as internal implementation code for the action runtime, ledger, and validation flow.

License

See LICENSE.

Release History

VersionChangesUrgencyDate
v0.5.1Two fixes identified, implemented, and merged entirely by the autonomous pipeline — zero human intervention required. ### Fixes - **Node.js 20 migration** (#163): Upgraded all 14 workflow files (23 action refs) from v4 to v5/v6 ahead of GitHub's June 2026 Node.js 20 deprecation deadline. Pipeline Watch detected the deprecation notice, created the issue, Coder fixed it, Reviewer approved, auto-merged. - **Evolve operational tuning** (#161): Reduced evolve max-turns from 55→45 and added 0-yieldHigh4/13/2026
v0.5.0## What's New The scaffold now tests its own scripts, lints its own shell code, manages its own dependencies, and optimizes its own operating costs. ### Self-Testing Infrastructure - **ShellCheck linting** for all `scripts/` shell code (#130) - **BATS-Core tests** for script validation (#140) - Scripts are now linted and tested on every PR, catching issues before merge ### Self-Optimization - **Autonomous cost reduction**: The system detected that its evolve workflow had 0 pattern yield over High4/7/2026
v0.4.0## What's new ### Security scanning - **New `security-scan.yml` workflow** — Runs [runner-guard](https://github.com/Vigilant-LLC/runner-guard) on every PR that touches workflow YAML. Detects fork checkout exploits, expression injection, AI config injection (CLAUDE.md hijacking), and supply chain attacks. SARIF output uploaded to GitHub Security tab. ### Pipeline hardening - **Triage skips closed issues** — `triage.yml` now checks issue state before running, preventing wasted compute on alreadyMedium4/1/2026
v0.3.0The scaffold now runs at **69% lower cost** while being more resilient than ever. 10 PRs merged in 48 hours — all operational improvements driven by the autonomous pipeline itself. ## Highlights ### Cost Optimization - **69% cost reduction**: Evolve frequency reduced from every 15 min → every 3 hours, watcher from hourly → every 2 hours. Weekly API costs dropped from ~$514 to ~$294. (#111, #109) ### Pipeline Self-Healing - **Coder push-rejected loop**: Fixed 4-consecutive-failure cascade causMedium3/26/2026
v0.2.020 PRs merged in 48 hours. The scaffold now directs its own research, recovers from failures automatically, and optimizes its own token budget. ## Highlights **Self-Directing Research** — The evolve agent now operates in 4 research postures (PATTERN_HUNT, PIPELINE_WATCH, HORIZON_SCAN, SYNTHESIS), choosing its focus based on what the project needs most. It monitors 22 external sources and synthesizes cross-source signals into actionable issues. **Self-Healing Pipeline** — Circuit breaker hook Medium3/24/2026
v0.1.0## Agentfolio v0.1.0 — Fully Autonomous Pipeline The scaffold's first stable release. Ten GitHub Actions workflows form a complete autonomous development loop — no server, no daemon, no database. GitHub IS the infrastructure. ### What's in this release **10 autonomous workflows** - `evolve.yml` — Hourly self-evolution: researches 10 external repos across rotating tiers, creates improvement issues - `triage.yml` — Classifies and elaborates issues into structured specs with acceptance criteria Low3/22/2026

Dependencies & License Audit

Loading dependencies...

Similar Packages

hermes-agentThe agent that grows with youv2026.6.5
iterateA self-evolving coding agent written in Go. Reads its own source, decides what to improve, writes code, runs tests, and commits — autonomously.main@2026-06-04
ai-git-hooksAutomate git workflows with AI-powered hooks that review code, generate and validate commit messages, and scan for bugs and security issues.main@2026-06-04
claude-code-skillforgeBuild, upgrade, and validate Claude Code and Antigravity SKILL.md files with live best practices and multi-marketplace discovery tools.main@2026-06-04
clensCapture and analyze Claude Code sessions locally to track every tool call, decision, and reasoning step without external dependencies.main@2026-06-02

More in AI Agents

hermes-agentThe agent that grows with you
awesome-copilotCommunity-contributed instructions, agents, skills, and configurations to help you make the most of GitHub Copilot.
CopilotKitThe Frontend Stack for Agents & Generative UI. React + Angular. Makers of the AG-UI Protocol
e2bE2B SDK that give agents cloud environments