Build your agent team in pi with one command.

You don't need to hire a dev team. You need to define one. Tamandua gives you a team of specialized AI agents β€” planner, developer, verifier, tester, reviewer β€” that work together in reliable, repeatable workflows. One install. Zero infrastructure.

curl -fsSL https://raw.githubusercontent.com/igorhvr/tamandua/main/scripts/install.sh | bash

Or just tell your pi agent: β€œClone github.com/igorhvr/tamandua to my home dir, install it and learn the skill included inside it.”

Get Started

Features

Deterministic Workflows

Same workflow, same steps, same order. Not "hopefully the agent remembers to test."

Agents Verify Each Other

The developer doesn't mark their own homework. A separate verifier checks every story against acceptance criteria.

Fresh Context, Every Step

Each agent gets a clean session. No context window bloat. No hallucinated state from 50 messages ago.

Retry and Escalate

Failed steps retry automatically. If retries exhaust, it escalates to you. Nothing fails silently.

Bundled Workflows

Tamandua ships with 21 bundled workflows organized into five families. Use tamandua workflow list to see available workflows, and tamandua workflow install <id> to install one.

Worktree variants (*-worktree, *-merge-worktree) run in a detached git worktree created from your origin repository. Your main working copy stays untouched until the workflow completes. This gives you full isolation β€” continue working while agents iterate β€” and a clean abort path: delete the worktree and nothing in your origin repo has changed.

Rugpull Handling

When a merge workflow (-merge, -merge-worktree) fails at the finalize_merge step and the base branch tip has moved since the run started, Tamandua automatically launches a fresh replacement run with the same parameters. This "rugpull" detection runs after the final merge failure — if the base branch stayed put, no replacement is triggered. Pass --no-relaunch-upon-rugpull to workflow run to suppress the automatic replacement.

Feature Development

Story-based feature development. The planner decomposes your task into ordered user stories. Each story goes through implement β†’ verify β†’ test before the next one starts.

Feature Development variants
Variant Workflow ID Agents Pipeline
Local-only feature-dev 5 plan β†’ setup β†’ implement β†’ verify β†’ test
+ Merge feature-dev-merge 6 plan β†’ setup β†’ implement β†’ verify β†’ test β†’ finalize_merge
Worktree feature-dev-worktree 5 plan β†’ setup β†’ implement β†’ verify β†’ test
Worktree + Merge feature-dev-merge-worktree 6 plan β†’ setup β†’ implement β†’ verify β†’ test β†’ finalize_merge
GitHub PR feature-dev-github-pr 6 plan β†’ setup β†’ implement β†’ verify β†’ test β†’ pr β†’ review

Bug Fix

Bug triage and fix. The triager reproduces the bug, the investigator finds the root cause, the fixer patches it, and the verifier confirms the fix against acceptance criteria.

Bug Fix variants
Variant Workflow ID Agents Pipeline
Local-only bug-fix 5 triage β†’ investigate β†’ setup β†’ fix β†’ verify
+ Merge bug-fix-merge 6 triage β†’ investigate β†’ setup β†’ fix β†’ verify β†’ finalize_merge
Worktree bug-fix-worktree 5 triage β†’ investigate β†’ setup β†’ fix β†’ verify
Worktree + Merge bug-fix-merge-worktree 6 triage β†’ investigate β†’ setup β†’ fix β†’ verify β†’ finalize_merge
GitHub PR bug-fix-github-pr 6 triage β†’ investigate β†’ setup β†’ fix β†’ verify β†’ pr

Security Audit

Vulnerability scanning and patching. Scans for vulnerabilities, ranks by severity, patches each one, re-audits after all fixes are applied, and runs regression tests.

Security Audit variants
Variant Workflow ID Agents Pipeline
Local-only security-audit 6 scan β†’ prioritize β†’ setup β†’ fix β†’ verify β†’ test
+ Merge security-audit-merge 7 scan β†’ prioritize β†’ setup β†’ fix β†’ verify β†’ test β†’ finalize_merge
Worktree security-audit-worktree 6 scan β†’ prioritize β†’ setup β†’ fix β†’ verify β†’ test
Worktree + Merge security-audit-merge-worktree 7 scan β†’ prioritize β†’ setup β†’ fix β†’ verify β†’ test β†’ finalize_merge
GitHub PR security-audit-github-pr 7 scan β†’ prioritize β†’ setup β†’ fix β†’ verify β†’ test β†’ pr

Quarantine Broken Tests

Detect failing tests, disable them minimally, and iterate until the full test suite passes. Useful for establishing a clean baseline on a branch with known test failures.

Quarantine Broken Tests variants
Variant Workflow ID Agents Pipeline
Local-only quarantine-broken-tests 3 setup β†’ quarantine β†’ verify
+ Merge quarantine-broken-tests-merge 4 setup β†’ quarantine β†’ verify β†’ finalize_merge
Worktree + Merge quarantine-broken-tests-merge-worktree 4 setup β†’ quarantine β†’ verify β†’ finalize_merge

Quick Tasks

Single-agent workflows for quick one-off tasks and workflow auto-selection.

Quick Tasks variants
Workflow ID Agents Pipeline Description
do-now 1 execute Submit any task. Get back a success/failure report. No planning, no stories.
just-do-it 1 dispatch Describe what you want. Dispatches to the most appropriate workflow automatically. For coding tasks (feature-dev*, bug-fix*, security-audit*) it defaults to merge-worktree variants unless the prompt gives a specific reason otherwise.
do-review-do-verify 3 do β†’ review β†’ do-again β†’ verify Two-pass execution: do the work, review it, revise, then verify the result.

Install all bundled workflows at once with:

$ tamandua workflow install --all

Installation

Install from GitHub

curl -fsSL https://raw.githubusercontent.com/igorhvr/tamandua/main/scripts/install.sh | bash

Or just tell your agent: "Clone github.com/igorhvr/tamandua to my home dir, install it and learn the skill included inside it."

Install from Local Checkout

git clone https://github.com/igorhvr/tamandua.git
cd tamandua
./build-and-install

Or step by step:

./build        # npm install + tsc
./install      # symlink into ~/.local/bin

The build script handles everything: checks Node.js >= 22, runs npm install, compiles TypeScript. The install script creates a symlink at ~/.local/bin/tamandua pointed at your checkout β€” so you can keep the source wherever you like and tamandua stays in sync.

Prerequisites

  • Node.js >= 22
  • pi installed on the host β€” Tamandua uses pi for AI agent execution
  • gh CLI for PR creation steps

Not on npm. Tamandua is installed from source (or GitHub), not the npm registry.

Why It Works

  1. Deterministic workflows

    Same workflow, same steps, same order. Not "hopefully the agent remembers to test."

  2. Agents verify each other

    The developer doesn't mark their own homework. A separate verifier checks every story against acceptance criteria.

  3. Fresh context, every step

    Each agent gets a clean session. No context window bloat. No hallucinated state from 50 messages ago.

  4. Retry and escalate

    Failed steps retry automatically. If retries exhaust, it escalates to you. Nothing fails silently.

How It Works

1 Define

Agents and steps in YAML. Each agent gets a persona, workspace, and strict acceptance criteria. No ambiguity about who does what.

2 Install

One command provisions everything: agent workspaces, polling, subagent permissions. No Docker, no queues, no external services.

3 Run

Agents poll for work independently. Claim a step, do the work, pass context to the next agent. SQLite tracks state. The scheduler keeps it moving.

Minimal by Design

YAML + SQLite + polling. That's it. No Redis, no Kafka, no container orchestrator. Tamandua is a TypeScript CLI with zero external dependencies. It runs wherever pi runs.

Quick Example

$ tamandua workflow install feature-dev

# Or install all bundled workflows at once
$ tamandua workflow install --all
βœ“ Installed workflow: feature-dev

$ tamandua workflow run feature-dev "Add user authentication with OAuth"
Run: a1fdf573
Workflow: feature-dev
Status: running

$ tamandua workflow status "OAuth"
Run: a1fdf573
Workflow: feature-dev
Steps:
  [done   ] plan (planner)
  [done   ] setup (setup)
  [running] implement (developer)  Stories: 3/7 done
  [pending] verify (verifier)
  [pending] test (tester)

Dashboard & Kanban

When you start the management dashboard (tamandua dashboard), Tamandua automatically starts the remote MCP server too.

Use tamandua dashboard status to verify both endpoints are up.

Tamandua dashboard showing workflow runs, step progress, and token usage statistics
The Tamandua dashboard at http://localhost:3334 β€” real-time view of workflow runs, step status, and agent activity.

Each run also has a swim-lane Kanban view at http://localhost:3334/runs/<run-id>/kanban. Lanes are derived dynamically from the workflow's steps. Single steps render one card per lane; loop steps render one card per story. Cards are colour-coded by status (todo / running / done / failed).

Tamandua kanban board showing swim-lane workflow step cards colour-coded by status
Kanban swim-lane view β€” one card per step or story, colour-coded by status: todo, running, done, failed.

Build Your Own

The bundled workflows are starting points. Define your own agents, steps, retry logic, and verification gates in plain YAML and Markdown. If you can write a prompt, you can build a workflow.

Full guide.

Skill included. The tamandua-agents skill is bundled and is excellent at allowing your agents to build-and-forget with tamandua. The CLI itself is also designed in a way that is easy for agents in general to grasp. Remote MCP tools are exposed so agents can query runs, start workflows, and check status autonomously.

Remote MCP Tools

The remote MCP endpoint exposes 9 tools at http://localhost:3338/mcp:

Run Management

Run Management MCP tools
Tool Description
tamandua.runs.list List recent Tamandua workflow runs. Accepts optional limit (integer, 1–200, default 50).
tamandua.run.status Fetch detailed status for a run. Requires query (run id, prefix, or task substring).
tamandua.run.start Start a workflow run. Requires workflowId and taskTitle.
tamandua.run.pause Pause a running workflow run. Requires runId. Optional drain (boolean) to wait for in-flight work before pausing.
tamandua.run.resume Resume a paused workflow run. Requires runId.

Events & Metadata

Events and Metadata MCP tools
Tool Description
tamandua.events.recent List recent global Tamandua events. Accepts optional limit (integer, 1–500, default 50).
tamandua.source.path Return the local Tamandua source checkout path. No parameters.
tamandua.skill.path Return the path to the bundled tamandua-agents agent skill. No parameters.
tamandua.update.command Return local CLI guidance for updating Tamandua safely. No parameters.

Security

You're installing agent teams that run code on your machine. We take that seriously.