Nice work on the gitagent port. If anyone runs this agent autonomously, K9 Audit drops straight into .claude/settings.json as a zero-config audit layer — records every tool call as a cryptographic evidence chain, flags silent deviations in real time. Works alongside gstack with no code changes. https://github.com/liuhaotian2024-prog/K9Audit
The idea is to ensure that all filesystem agents follow this format. As long as they respect it, I don’t see any problem—unless the env itself doesn’t allow customization.
Hey check registry.gitagent.sh that would give you an idea. In simple words the idea is to make a defined agent portable to any agent. Like you can share agent personality, skills and other stuff with a single cmd.
Maintainer here. Quick clarification on what we're actually solving — GitAgent is about portability. Build your agent once, run it on Claude Code, LangChain, CrewAI, OpenAI — without rewriting it. The repo IS the agent.
You're raising a different problem: runtime discovery, agents finding the right tool mid-task. That's valid and it's a harder problem. We have registry.gitagent.sh for human-time discovery — browse, find, clone. But agent-time discovery is a layer we haven't fully cracked yet.
Where they connect: your search service needs consistent, structured descriptions to index well. That's exactly what SKILL.md is — a standard way for every agent to describe what it can do. Without that consistency you're parsing free-form text and hoping.
You're running 110+ agents on this — you probably have sharper opinions on what good discovery looks like than most. What would you build on top of a consistent spec like this?
Fair criticism, and I want to address it directly rather than dodge it.
The `.env` pattern is intentionally scoped to local development — a developer running their own agent with their own keys on their own machine. For that use case, the threat model is 'don't accidentally commit secrets,' which `.gitignore` does solve.
_pdp_ is right that this breaks down the moment you're handling credentials that belong to someone else — OAuth tokens, multi-tenant keys, anything production-adjacent. That's a real gap in the current spec.
What we're planning: a `secrets:` block in `agent.yaml` supporting pluggable backends — OS keychain, 1Password CLI, Vault, AWS SSM — so the spec has a first-class path for production secret management instead of implicitly blessing `.env` for all contexts.
But I'd genuinely love more input from this thread — if you were designing secret management for a git-native agent spec, what would you want it to look like? What patterns have worked well in your setups? This is an open spec and the best ideas should win.
https://registry.gitagent.sh/agent/shreyas-lyzr/gstack-agent
.