Table of Contents generated with DocToc

What is Apache Magpie?

Apache Magpie is an AI assistant for open-source project maintainers. It handles the repetitive parts of running a project β€” triaging issues, reviewing PRs, onboarding contributors, managing security reports, cutting releases β€” so maintainers can spend their time on design, relationships, and the work that actually requires a human.

The agent proposes. The human decides. Magpie never merges, never pushes, never sends mail, never flips a label without a maintainer confirming first.


How it works

Magpie provides skills β€” step-by-step workflows an AI agent follows. You pick which skills your project uses. The agent reads your issues, PRs, or security reports, does the analysis, and drafts a response. You review it and hit “go” (or don't).

Five modes describe what the agent can do, from low-risk to high:

ModeWhat it doesStatus
Agentic TriageClassify issues/PRs, spot duplicates, propose labelsStable
Agentic MentoringHelp contributors with conventions, point to examplesExperimental
Agentic DraftingWrite a code fix or a PR for you to reviewStable (security)
Agentic PairingSelf-review your own code before submittingExperimental
Agentic AutonomousMerge trivial changes without human reviewOff (deliberately)

Each project picks the modes that fit. You can run just Agentic Triage and nothing else.


Need help with one of these? Adopt a family of skills

Magpie‘s skills ship in families. You don’t adopt all of them β€” you pick the ones that match a problem you actually have today. Each family page explains what it does, which skills it includes, and how to turn it on.

Most families work on any project, inside or outside the Apache Software Foundation. The ones marked πŸͺΆ ASF-specific encode Foundation processes β€” the release lifecycle and the contributor-to-committer path β€” and assume an ASF adopter profile by default; a non-ASF project can still adopt them through the adapter/config layer, but they carry ASF assumptions the generic families do not.

If you're dealing with…Adopt the familyScope
Setting up agents safely β€” sandbox, clean environment, privacy routingsetupAny project
Security reports that need careful, audited handlingsecurityAny project
A pull-request queue that's out of controlpr-managementAny project
An issue backlog full of duplicates and stale reportsissue-managementAny project
Repo hygiene slipping β€” CI runners, dependencies, licenses, flaky testsrepo-healthAny project
Releases that are a manual, error-prone slogrelease-managementπŸͺΆ ASF-specific
New contributors getting stuck and drifting awaymentoringAny project
Growing contributors into committerscontributor-growthπŸͺΆ ASF-specific
Building or maintaining your own skillsutilitiesAny project

Start with setup regardless β€” it is the prerequisite every adopter installs first β€” then add the families above as you need them.


Who is this for?

Maintainers wanting to adopt Magpie in their project

You have an open-source project with an issue tracker and/or PR queue, and you want agent assistance with the mechanical parts.

β†’ Start with the README (adoption steps) and install recipes.

Security team members

You handle CVE reports and want agent help with the 16-step lifecycle β€” import, triage, fix, allocate, publish.

β†’ Start with security workflow overview, then new member onboarding.

Contributors to the Magpie framework itself

You want to improve the skills, add tools, or fix bugs in the framework.

β†’ Start with CONTRIBUTING.md and the spec-driven development loop.

People evaluating whether to adopt

You want to understand the trust model, cost, and governance commitments before deciding.

β†’ Read MISSION.md (the why), PRINCIPLES.md (the rules), and mode economics (what it costs in tokens).

People who are concerned for security and privacy when using their agents

You would like to use agentic AI but you are concerned about security and privacy - when LLMs / Agent might get access to your credentials and poison your workstation, or have access to private information from mailing lists, slack etc.

β†’ When you setup Magpie, it will setup your workstation with security guardrail layers that will run your agents in containerized sandbox, and it will setup privacy gateways for the tools your agentic setup will use. Read more details in Secure agent setup RFC and Privacy-aware LLM routing for foundation private information.


Key concepts in 60 seconds

  • Skill β€” A markdown file describing one workflow (e.g., “triage a PR”). The agent reads it and follows the steps.
  • Mode β€” A risk level (Agentic Triage β†’ Agentic Mentoring β†’ Agentic Drafting β†’ Agentic Pairing β†’ Agentic Autonomous). Projects opt in per-mode.
  • Adopter config β€” Your project-specific settings (mailing lists, label schemes, canned responses) in a <project-config>/ directory.
  • Sandbox β€” The agent runs in a locked-down environment. It can‘t read your credentials, can’t access the network freely, and can't push code.
  • Human-in-the-loop β€” Every action visible to others requires explicit maintainer confirmation. No exceptions until Agentic Autonomous (which is off).

Where to go next

I want to…Read…
Understand the full visionMISSION.md
Understand how it stays vendor-neutralvendor-neutrality.md
Find or author a backend adapteradapters/registry.md
Pull a skill/family from a trusted external sourceskill-sources/README.md
Extend Magpie (project / org / individual)extending.md
See what skills exist todaymodes.md
Adopt in my projectREADME β†’ Adopting
Set up the secure agent sandboxsetup/
Understand the security workflowsecurity/
Know what it costs to runmode-economics.md
Understand the privacy modelrfcs/RFC-AI-0003.md
Contribute to the frameworkCONTRIBUTING.md
Learn to build and extend skillseducation/