alinaqi/polyphony
skills/polyphony/SKILL.md
Multi-agent orchestration with container-isolated workspaces — each agent session runs in its own Docker container with independent git branches
$ install --global
skillsauthnpx skillsauth add alinaqi/claude-bootstrap polyphonyInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 11, 2026, 3:57 AM123.6s1 file scanned
SKILL.md
- name:
- polyphony
- description:
- Multi-agent orchestration with container-isolated workspaces — each agent session runs in its own Docker container with independent git branches
- when-to-use:
- Always loaded when container isolation is available (Docker/OrbStack installed). Default for /spawn-team.
- user-invocable:
- false
- effort:
- high
Polyphony — Multi-Agent Orchestration
Container-isolated workspaces for parallel agent execution. Each agent gets its own Docker container with a full git clone on its own branch. No conflicts, independent tests, clean PRs.
Architecture (6 Layers)
- Work Source — Tasks from GitHub Issues (
gh api) or local SQLite queue - Orchestrator — Supervisor loop: discover -> claim -> route -> provision -> run -> verify -> land
- Router — Pure function: Task x Policy -> RunSpec (5-dimension complexity scoring)
- Identity Broker — Resolves named credentials to volume mounts + env overlays
- Workspace Manager — Per-task
git clone --reference, branch checkout, cleanup - Worker Runtime — Docker container create/start/stop/logs lifecycle
Task Lifecycle
DISCOVERED -> CLAIMED -> ROUTED -> PROVISIONED -> RUNNING -> VERIFYING -> LANDED
| |
v v
FAILED --> BLOCKED
|
v
CLAIMED (retry)
Prerequisites
- Docker or OrbStack installed and running
- At least one agent CLI available (Claude, Codex, or Kimi)
- CLI subscriptions configured (not API keys)
Check:
command -v docker &>/dev/null || command -v orbctl &>/dev/null
Configuration
All config lives in ~/.polyphony/:
| File | Purpose |
|------|---------|
| config.yaml | Workspace root, poll interval, max concurrency |
| identities.yaml | Named credential bundles with volume paths |
| agents.yaml | Agent profiles (CLI commands, strengths) |
| routing.yaml | Routing rules and fallback chains |
Initialize with: polyphony init
Routing Rules
Rules are evaluated top-down; first match wins. Each rule has a match predicate and an agent target.
rules:
- match: { task_type: docs, risk: low }
agent: kimi
- match: { task_type: bugfix }
agent: codex
- match: { risk: high }
agent: claude
default:
agent: claude
fallback: [codex, kimi]
Complexity Scoring (5 Dimensions)
Each dimension scores 0-2. Total 0-10.
| Dimension | Source | |-----------|--------| | Cyclomatic depth | LOC + scope size | | Fan-out | Number of callers | | Security boundary | Auth/PII keywords | | Concurrency | Lock/transaction keywords | | Domain invariants | Risk level + task type |
Routing thresholds:
- 0-3: Delegate to Kimi solo
- 4-6: Kimi + Codex review
- 7-10: Claude direct
Container Isolation
Each task gets:
- Its own Docker container from
polyphony-worker:latest - A full git clone at
/workspace(not a worktree) - Auth volumes mounted read-only (e.g.,
~/.claude:/home/worker/.claude:ro) - Independent test execution
- Its own branch for PRs
CLI Commands
polyphony init # Create ~/.polyphony/ with config templates
polyphony spawn "Fix auth bug" # Create and route a task
polyphony status # Show task states
polyphony cleanup # Remove completed workspaces
Integration with Existing Skills
- cross-agent-delegation: Uses Polyphony's complexity scoring for routing decisions
- agent-teams: Uses Polyphony's workspace isolation instead of shared directories
- spawn-team: Uses Polyphony's container provisioning for feature agents
Related Skills
alinaqi/council-review
testing
VerifiedTrustedCommunity
Multi-model validation council — auto-validate plans, architecture changes, and PRs via validate-plan/review before executing
686SKILL.mdUpdated Jun 5, 2026
alinaqi/code-review
development
VerifiedTrustedCommunity
Mandatory code reviews via /code-review before commits and deploys
641SKILL.mdUpdated Mar 20, 2026
alinaqi/skills/visual-validation
development
VerifiedTrustedCommunity
# Visual Validation — Autonomous Screenshot Verification ## Philosophy Every UI change should be visually verified before it ships. Peekaboo captures pixel-accurate screenshots. The system compares before/after and flags visual regressions. No manual "looks good to me" — the machine verifies what the machine built. ## Autonomous Flow ``` static/* files modified (detected by auto-review-hook or E2E testkit) ↓ peekaboo image --mode screen → ~/.maggy/visual-verify/after-{ts}.png ↓ Compa
635SKILL.mdUpdated May 19, 2026
alinaqi/skills/model-routing
tools
VerifiedTrustedCommunity
# Model Routing System ## How Routing Decisions Are Made Every user prompt goes through a 9-tier classification pipeline before any AI model processes it. The system answers three questions: 1. **Which model should handle this?** — 9-tier cost/complexity classification 2. **Is the classifier itself working?** — Cascading fallback (qwen3 → kimi → deepseek → cache) 3. **Can we verify the result?** — Tool-level fallback + auto-evaluation ### The Pipeline ``` User types prompt ↓ UserPromptS
631SKILL.mdUpdated May 17, 2026