Table of Contents generated with DocToc
Apache Magpie is an AI assistant for open-source project maintainers. It handles the repetitive parts of running a project β triaging issues, reviewing PRs, onboarding contributors, managing security reports, cutting releases β so maintainers can spend their time on design, relationships, and the work that actually requires a human.
The agent proposes. The human decides. Magpie never merges, never pushes, never sends mail, never flips a label without a maintainer confirming first.
Magpie provides skills β step-by-step workflows an AI agent follows. You pick which skills your project uses. The agent reads your issues, PRs, or security reports, does the analysis, and drafts a response. You review it and hit “go” (or don't).
Five modes describe what the agent can do, from low-risk to high:
| Mode | What it does | Status |
|---|---|---|
| Agentic Triage | Classify issues/PRs, spot duplicates, propose labels | Stable |
| Agentic Mentoring | Help contributors with conventions, point to examples | Experimental |
| Agentic Drafting | Write a code fix or a PR for you to review | Stable (security) |
| Agentic Pairing | Self-review your own code before submitting | Experimental |
| Agentic Autonomous | Merge trivial changes without human review | Off (deliberately) |
Each project picks the modes that fit. You can run just Agentic Triage and nothing else.
Magpie‘s skills ship in families. You don’t adopt all of them β you pick the ones that match a problem you actually have today. Each family page explains what it does, which skills it includes, and how to turn it on.
Most families work on any project, inside or outside the Apache Software Foundation. The ones marked πͺΆ ASF-specific encode Foundation processes β the release lifecycle and the contributor-to-committer path β and assume an ASF adopter profile by default; a non-ASF project can still adopt them through the adapter/config layer, but they carry ASF assumptions the generic families do not.
| If you're dealing with⦠| Adopt the family | Scope |
|---|---|---|
| Setting up agents safely β sandbox, clean environment, privacy routing | setup | Any project |
| Security reports that need careful, audited handling | security | Any project |
| A pull-request queue that's out of control | pr-management | Any project |
| An issue backlog full of duplicates and stale reports | issue-management | Any project |
| Repo hygiene slipping β CI runners, dependencies, licenses, flaky tests | repo-health | Any project |
| Releases that are a manual, error-prone slog | release-management | πͺΆ ASF-specific |
| New contributors getting stuck and drifting away | mentoring | Any project |
| Growing contributors into committers | contributor-growth | πͺΆ ASF-specific |
| Building or maintaining your own skills | utilities | Any project |
Start with setup regardless β it is the prerequisite every adopter installs first β then add the families above as you need them.
You have an open-source project with an issue tracker and/or PR queue, and you want agent assistance with the mechanical parts.
β Start with the README (adoption steps) and install recipes.
You handle CVE reports and want agent help with the 16-step lifecycle β import, triage, fix, allocate, publish.
β Start with security workflow overview, then new member onboarding.
You want to improve the skills, add tools, or fix bugs in the framework.
β Start with CONTRIBUTING.md and the spec-driven development loop.
You want to understand the trust model, cost, and governance commitments before deciding.
β Read MISSION.md (the why), PRINCIPLES.md (the rules), and mode economics (what it costs in tokens).
You would like to use agentic AI but you are concerned about security and privacy - when LLMs / Agent might get access to your credentials and poison your workstation, or have access to private information from mailing lists, slack etc.
β When you setup Magpie, it will setup your workstation with security guardrail layers that will run your agents in containerized sandbox, and it will setup privacy gateways for the tools your agentic setup will use. Read more details in Secure agent setup RFC and Privacy-aware LLM routing for foundation private information.
<project-config>/ directory.| I want to⦠| Read⦠|
|---|---|
| Understand the full vision | MISSION.md |
| Understand how it stays vendor-neutral | vendor-neutrality.md |
| Find or author a backend adapter | adapters/registry.md |
| Pull a skill/family from a trusted external source | skill-sources/README.md |
| Extend Magpie (project / org / individual) | extending.md |
| See what skills exist today | modes.md |
| Adopt in my project | README β Adopting |
| Set up the secure agent sandbox | setup/ |
| Understand the security workflow | security/ |
| Know what it costs to run | mode-economics.md |
| Understand the privacy model | rfcs/RFC-AI-0003.md |
| Contribute to the framework | CONTRIBUTING.md |
| Learn to build and extend skills | education/ |