Thanks for your interest in contributing. This guide covers how to report bugs, submit PRs, and build new plugins.
Open an issue at github.com/ComposioHQ/agent-orchestrator/issues.
Include:
ao --versionoutput- OS and Node.js version (
node --version) - Steps to reproduce
- What you expected vs. what happened
- Relevant output from
ao doctor
Prerequisites: Node.js 20+, pnpm 9.15+, Git 2.25+, gh CLI
- Unix (macOS/Linux): also install
tmux— it is the default runtime. - Windows: tmux is not required. The default runtime on Windows is
process(ConPTY vianode-pty), and PowerShell is the default shell. See docs/CROSS_PLATFORM.md for what's different on Windows when contributing.
git clone https://github.com/ComposioHQ/agent-orchestrator.git
cd agent-orchestrator
pnpm install
pnpm buildBuild order matters — @aoagents/ao-core must be built before the CLI, web, or plugins can run. pnpm build at the root handles this automatically.
pnpm test # all packages
pnpm --filter @aoagents/ao-core test # core only
pnpm --filter @aoagents/ao-core test -- --watch # watch mode
pnpm test:integration # integration testscp agent-orchestrator.yaml.example agent-orchestrator.yaml
# edit agent-orchestrator.yaml for your setup
pnpm --filter @aoagents/ao-web devIf your local ao launcher or built packages seem stale, refresh the install from a clean main checkout:
git switch main
git status --short --branch # confirm the install repo is clean
ao updateao update fast-forwards the local install repo, reinstalls dependencies, clean-rebuilds @aoagents/ao-core, @aoagents/ao-cli, and @aoagents/ao-web, refreshes the global launcher with npm link, and finishes with CLI smoke tests. Use ao update --skip-smoke when you only need the rebuild step, or ao update --smoke-only when validating an existing install.
AO uses a two-stage release pipeline. This public repo handles version bumps, git tags, and GitHub releases. npm publishing runs on a private server (AO cron job) that polls GitHub releases and publishes when a new tag is ahead of the current npm version. Org compliance forbids npm publish credentials in public repositories, so NPM_TOKEN never enters this repo.
| Stage | Where | Responsibility |
|---|---|---|
| Versioning + GitHub release | This repo (public, CI) | Changesets version bumps, git tags, gh release create |
| npm publish | Private server (AO cron) | Detects new GitHub releases → builds → pnpm changeset publish |
The flow on every release:
This repo (public CI) Private server (AO cron)
────────────────────── ─────────────────────────
release.yml: Polls gh release list
changeset version Detects new vX.Y.Z tag
push vX.Y.Z tag Compare to npm @latest/@nightly
gh release create vX.Y.Z If behind → checkout tag → build → publish
canary.yml: Same cron, detects prereleases
changeset version --snapshot Publishes with --tag nightly
commit snapshot bump + tag
gh release create --prerelease
Each release pushes a single umbrella vX.Y.Z git tag pointing at the version-bump commit. We deliberately do not run pnpm changeset tag, which would emit one tag per publishable package (~27) every release — fine for stable's monthly cadence, noisy on the nightly cadence (~7 000 tags/year). The npm publisher only consumes the umbrella tag, so the per-package tags add no value.
This repo requires no additional secrets beyond the automatic GITHUB_TOKEN. NPM_TOKEN lives only on the private server.
- Stable: merge the "chore: version packages" PR opened by
changesets/action.release.ymltags the bumped packages and creates avX.Y.ZGitHub release. The AO cron detects the new release and publishes to npm@latest. - Nightly:
canary.ymlruns on cron (23:30 IST Fri–Tue) or viaworkflow_dispatch. It snapshots versions toX.Y.Z-nightly-<sha>format (e.g.,0.6.1-nightly-7c46dc92), tags, and creates a prerelease GitHub release. The AO cron detects the new prerelease and publishes to npm@nightly.
There is no path from this repo that calls npm publish directly.
release.yml is idempotent: each step (tag push, GitHub release creation) is gated on whether that piece of state already exists, so a re-run after a partial failure picks up only the missing steps.
The AO cron is also idempotent — pnpm changeset publish skips packages whose current version is already on the registry, so re-running after a partial publish is safe.
If release.yml fails after the GitHub release was created, re-run the failed workflow: the state-detection step will see that the tag and release already exist and skip those steps.
If the AO cron fails to publish, it will retry on the next poll cycle (every 15 minutes). No manual intervention needed for transient failures. For persistent issues, check the cron logs on the private server.
npm install -g @aoagents/ao@nightlyThe nightly cron publishes from main daily at 23:30 IST (Fri–Tue). The bake window (Wed–Thu) pauses scheduled nightlies; release captains can re-cut a nightly via workflow_dispatch if a fix lands during bake.
The plugin system is the primary extension point. You can add support for new agents, runtimes, issue trackers, and notification channels without modifying core code.
All plugin interfaces are in packages/core/src/types.ts. Pick the slot that matches what you want to build:
| Slot | Interface | Example use case |
|---|---|---|
runtime |
Runtime |
Run agents in Docker, SSH, cloud VMs |
agent |
Agent |
Adapt a new AI coding tool |
workspace |
Workspace |
Different code isolation strategies |
tracker |
Tracker |
Jira, Asana, or custom issue systems |
scm |
SCM |
GitLab, Bitbucket support |
notifier |
Notifier |
Email, Discord, custom webhooks |
terminal |
Terminal |
Different terminal UI integrations |
mkdir -p packages/plugins/runtime-myplugin/src
cd packages/plugins/runtime-mypluginpackage.json:
{
"name": "@aoagents/ao-runtime-myplugin",
"version": "0.1.0",
"type": "module",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"scripts": {
"build": "tsc",
"typecheck": "tsc --noEmit",
"test": "vitest"
},
"dependencies": {
"@aoagents/ao-core": "workspace:*"
}
}tsconfig.json — copy from an existing plugin like packages/plugins/runtime-tmux/.
// src/index.ts
import type { PluginModule, Runtime } from "@aoagents/ao-core";
export const manifest = {
name: "myplugin",
slot: "runtime" as const,
description: "My custom runtime",
version: "0.1.0",
};
export function create(): Runtime {
return {
name: "myplugin",
async create(config) {
/* start session */
},
async destroy(sessionName) {
/* tear down */
},
async send(sessionName, text) {
/* send input */
},
async isRunning(sessionName) {
return false;
},
};
}
export default { manifest, create } satisfies PluginModule<Runtime>;Add it to the CLI's dependencies in packages/cli/package.json:
"@aoagents/ao-runtime-myplugin": "workspace:*"Then register it in packages/core/src/plugin-registry.ts inside loadBuiltins().
// src/index.test.ts
import { describe, it, expect } from "vitest";
import { create } from "./index.js";
describe("myplugin runtime", () => {
it("reports not running for unknown session", async () => {
const runtime = create();
expect(await runtime.isRunning("unknown-session")).toBe(false);
});
});pnpm --filter @aoagents/ao-runtime-myplugin build
pnpm --filter @aoagents/ao-runtime-myplugin testTo list your plugin in the AO marketplace so others can install it with ao plugin install, submit a PR that adds an entry to packages/cli/src/assets/plugin-registry.json.
Each entry requires:
id— short kebab-case name (e.g.tracker-jira)package— npm package nameslot— one of:runtime,agent,workspace,tracker,scm,notifier,terminaldescription— one-line summarysource— always"registry"latestVersion— semver string
Optionally include setupAction if post-install configuration is needed (e.g. "openclaw-setup").
Your plugin package must satisfy the contract in docs/PLUGIN_SPEC.md — export a PluginModule with a valid manifest and create() function. The package must be published to npm before your registry PR is merged so ao plugin install can fetch it.
See docs/DEVELOPMENT.md for the full reference. The short version:
Beyond syntax and style, follow these principles:
- State assumptions explicitly - if a task is ambiguous, present interpretations rather than guessing.
- Minimum viable change - no speculative features, no unused abstractions, no formatting changes outside your diff.
- Every changed line traces to the task - if you can't explain why a line changed, revert it.
- Write a failing test first - for bug fixes, reproduce the bug in a test before implementing the fix.
- Don't refactor unrelated code - mention dead code you spot, don't delete it.
These match the "Working Principles" section in CLAUDE.md. AI agents working on this repo are instructed to follow these same rules.
TypeScript
- ESM modules,
.jsextensions on local imports node:prefix for builtins- No
any— useunknown+ type guards - Strict mode, semicolons, double quotes, 2-space indent
Shell commands
- Always
execFile, neverexec - Always pass args as an array, never interpolate into strings
- Always add timeouts
Tests
- Unit tests alongside source in
src/__tests__/ - Mock plugins in tests — don't call real tmux, GitHub, or external services
- Test the interface contract, not internal implementation details
-
Fork and branch from
main:git checkout -b feat/your-feature
-
Make your changes — keep PRs focused on one thing.
-
Build, test, lint:
pnpm build pnpm test pnpm lint pnpm typecheck -
Commit with Conventional Commits:
feat: add kubernetes runtime plugin fix: handle missing LINEAR_API_KEY gracefully docs: add plugin development guide chore: update vitest to v2 -
Push and open a PR. In the PR description:
- What changed and why
- How to test it
- Link to the issue it closes (e.g.,
Closes #123)
-
Address review comments — update the branch and push. Reply to comments when done.
- Does the change work as described?
- Are there tests?
- Does it follow the TypeScript and shell conventions in docs/DEVELOPMENT.md?
- For new features: is it documented?
All PRs must pass:
pnpm build— no TypeScript errorspnpm test— all tests greenpnpm lint— no lint errors- Secret scanning — no leaked credentials
By contributing, you agree that your contributions will be licensed under the MIT License.