LinkWork

Deploys AI agents as isolated, immutable container images following the 'One Role, One Image' paradigm, where skills, MCP configurations, and security policies are baked into the container during build-time rather than injected at runtime. This approach eliminates environment drift by treating the runtime filesystem as read-only and implements fail-fast validation during image construction to prevent broken capabilities from reaching production. The linkwork-server orchestrates role lifecycle management, scheduling, and approval workflows across Kubernetes clusters using the Volcano scheduler for workload distribution.

Implements a declarative skill marketplace where AI capabilities are defined as versioned, composable modules that can be pinned to specific versions and shared across teams. Skills are registered in a central marketplace accessible via the linkwork-web dashboard, with dependency resolution and compatibility checking performed during the build phase. The linkwork-agent-sdk (Python) provides the runtime interface for agents to discover and invoke registered skills, while the skill definitions themselves are stored as declarative YAML/JSON specifications that map natural language intents to executable code entities.

Provides a web-based dashboard (linkwork-web, TypeScript/Vue) for managing agent tasks, discovering available skills, monitoring execution, and configuring roles. The dashboard displays task queues, execution status, real-time logs, and metrics. The skill marketplace section enables browsing available skills with descriptions, versions, dependencies, and usage examples. Role management UI allows creating and editing agent roles, assigning skills and tools, and setting permissions. The dashboard integrates with the backend services through REST APIs and WebSocket connections for real-time updates.

Integrates with Kubernetes and the Volcano scheduler to manage agent workload scheduling across clusters. Agent tasks are submitted as Kubernetes Jobs or Pods with resource requests/limits, and Volcano handles scheduling based on resource availability, priority, and fairness. The system supports gang scheduling (ensuring all pods of a task are scheduled together), queue-based prioritization, and preemption policies. Agents run as containerized workloads in the Kubernetes cluster, with automatic scaling based on task queue depth and resource availability. The linkwork-server manages the Kubernetes API interactions and task-to-pod mapping.

Provides the linkwork-agent-sdk (Python) that agents use to invoke skills, call tools through the MCP gateway, and interact with LLMs. The SDK provides decorators for defining skills (@skill), context managers for workstation access, and utilities for structured output parsing. Agents use the SDK to discover available skills at runtime, invoke them with parameters, and handle results. The SDK handles LLM integration, including prompt construction, function calling, and response parsing. It also manages context passing between skill invocations and maintains execution state within a workstation.

Provides a Model Context Protocol (MCP) gateway (linkwork-mcp-gateway in Go) that acts as a proxy between AI agents and external tools, handling MCP discovery, authentication, and usage metering. The gateway implements a schema-based function registry that validates tool invocations against declared schemas before execution, supports multiple authentication methods (API keys, OAuth, mTLS), and tracks tool usage metrics for billing and audit purposes. Agents interact with tools through a unified interface regardless of the underlying tool implementation, with the gateway handling protocol translation and error handling.

Implements deep command analysis and policy enforcement through the linkwork-executor (Go service) that intercepts all command executions before they run, analyzing them against declarative security policies. High-risk operations (e.g., destructive commands, external network calls) trigger human-in-the-loop approval workflows where designated approvers review and authorize execution. The executor maintains an audit trail of all commands, approvals, and execution results, with policies defined declaratively in YAML and evaluated at runtime before command execution. Policies can enforce constraints on command patterns, resource usage, network access, and file operations.

Implements a build-time validation and solidification system (Harness Engineering) that checks skill injection, dependency resolution, and security policy compatibility during container image construction. If any skill, MCP configuration, or policy fails validation during the build phase, the image is not created, preventing broken capabilities from reaching production. This fail-fast mechanism catches configuration errors early in the CI/CD pipeline rather than at runtime, with detailed error reporting that guides developers to fix issues. The build process is declarative, driven by role definition files that specify skills, tools, and policies to be baked into the image.

Implements a workstation model that provides each AI agent with a persistent, isolated execution context including filesystem, environment variables, and state management. The workstation acts as a virtual workspace where agents can create files, clone repositories, and maintain state across multiple task executions without interference from other agents. Workstations are containerized and ephemeral by default (cleaned up after task completion) but can be configured for persistence. The model enables agents to perform multi-step workflows that require maintaining state, such as cloning a repo, making changes, running tests, and committing results.

Provides real-time monitoring of agent task execution through WebSocket-based streaming of logs, metrics, and status updates to the linkwork-web dashboard. As agents execute tasks, logs are streamed in real-time rather than being buffered and returned at completion, enabling operators to monitor progress and intervene if needed. The system tracks task status (queued, running, completed, failed), execution metrics (duration, resource usage), and provides drill-down capabilities to view detailed logs for specific steps. Streaming is implemented through a pub-sub architecture where the executor publishes events that are subscribed to by the web dashboard.

Enables AI agents to deliver results directly into production systems through Git commits or Object Storage Service (OSS) uploads rather than returning chat messages. Agents can clone repositories, make changes, run tests, and commit results back to Git with proper commit messages and metadata. For non-code artifacts, agents can upload results to OSS (S3, GCS, Aliyun OSS) with configurable paths and metadata. This approach treats agent outputs as first-class deliverables that integrate directly into CI/CD pipelines and production workflows, rather than as conversational responses that require manual integration.

Implements fine-grained role-based access control (RBAC) where each AI agent role has explicitly declared permissions for which skills and tools it can access. Permissions are defined declaratively in role definitions and enforced at the gateway and executor layers. The system supports role hierarchies, permission inheritance, and dynamic permission updates without requiring agent restart. Permissions are checked before skill invocation and tool access, with violations logged and potentially triggering alerts. The linkwork-web dashboard provides UI for managing roles, permissions, and auditing access patterns.

Provides LLM orchestration through the linkwork-agent-sdk that supports multiple LLM providers (OpenAI, Anthropic, local models via Ollama) with automatic fallback and retry logic. Agents can be configured to use a primary LLM provider with fallback to secondary providers if the primary fails or is rate-limited. The SDK abstracts provider-specific APIs (function calling, streaming, token counting) behind a unified interface, enabling agents to work with different LLM backends without code changes. Provider selection can be configured per-role or per-task, with metrics tracking which provider was used and performance characteristics.