Agentry: A Declarative AI Agent Workflow Orchestration Tool for Seamless Migration Between Local and CI Environments

Agentry is an open-source CLI tool for AI agent workflow orchestration, allowing developers to define workflows via YAML and run them consistently in local and CI environments. Its core advantages include a security-first design (sandbox isolation, output validation, least privilege execution) and the ability to generate GitHub Actions pipelines from the same workflow definition.

With LLM capabilities growing, teams build AI agent-based workflows, but often face issues: workflows running well locally need re-implementation in CI/CD, leading to doubled maintenance costs and inconsistent behavior. Agentry addresses this problem.

Agentry's workflow uses seven modules:

1. Identity: Name, version, description for version control.
2. Inputs: Supports git-diff, repository-ref, auto-parsing references like diff=HEAD~1.
3. Tools: Explicit tool manifest for least privilege (agents only access listed tools).
4. Agent Config: Specifies runtime (Claude Code currently), model version, system prompt path (config-execution separation).
5. Safety: Timeout, trust level (sandbox via Docker or privileged mode).
6. Output: JSON Schema validation for reliable downstream consumption.
7. Composition: DAG pipelines with concurrent nodes, failure strategies (abort/skip/retry).

Agentry's security has five layers:

1. Definition layer: YAML parsed via Pydantic for structural validity.
2. Security layer: SecurityEnvelope enforces trust levels, pre-checks, signature validation.
3. Parsing layer: EnvironmentBinder maps abstract inputs/tools to local/GitHub Actions implementations.
4. Execution layer: RunnerProtocol provides isolation (DockerRunner/InProcessRunner).
5. Agent layer: AgentProtocol delegates to runtime like ClaudeCodeAgent. Also, Ed25519 signature for safety/output modules to prevent tampering; agentry validate --security-audit audits changes.

Agentry has built-in examples:

• Code review: Analyze PR diffs for vulnerabilities, performance issues, style violations, comment results on PR.
• Issue classification: Smartly categorize and route new issues.
• Bug fix: Diagnose issues, generate fixes, auto-create branches/PRs (needs manual review).
• Task decomposition: Split complex requirements into executable tasks for project planning.

Requirements: Python3.10+, Claude Code installed (authenticated), Docker optional (for sandbox). Installation: pip install agentry. Key commands:

• agentry validate <workflow>: Validate definition.
• agentry run <workflow>: Local execution.
• agentry ci generate --target github <workflow>: Generate GitHub Actions config.
• agentry keygen: Generate signature keys.
• agentry sign <workflow>: Sign workflow.

Extensibility: Binder system uses Python entry points for plugins (add new CI targets via EnvironmentBinder protocol; new agent runtimes via AgentProtocol). Conclusion: Agentry elevates AI workflows from ad-hoc scripts to maintainable, auditable, portable infrastructure. It's a practical choice for teams wanting AI integration with flexibility and security, representing an important direction in AI engineering.