Rust framework for building agentic AI agents with native Node.js and Python bindings

A3S Code

Intent-driven AI coding agent framework — A3S Code gives an LLM a workspace, tools, and memory, then uses intent detection and context perception to inject the right context at the right time. Embed agents that read, write, and execute code into any application. Native Node.js and Python bindings.

Extension Points: 20 trait-based | Built-in Tools: 15 | Built-in Skills: 7 | AHP Harness Points: 18

Why A3S Code?

🎯 Intent-Driven

Every prompt is analyzed for intent (locate, understand, retrieve, explore, reason, validate, compare, track). Context is injected based on what the user actually needs.

🛡️ Safe by Default

Permission system, HITL confirmation, skill-based tool restrictions, AHP harness supervision, and error recovery (circuit breaker, auto-compact).

🔌 Extensible

20 trait-based extension points. Replace any component — LLM client, tools, memory, hooks, security, context providers.

📈 Scalable

Lane-based priority queue with multi-machine task distribution. Subagent teams with role-based task assignment.

Quick Start

Installation

npm install @a3s-lab/code

pip install a3s-code

Configuration

Create ~/.a3s/config.hcl (or ./agent.hcl for per-project config):

default_model = "anthropic/claude-sonnet-4-20250514"

providers {
  name    = "anthropic"
  api_key = env("ANTHROPIC_API_KEY")

  models {
    id        = "claude-sonnet-4-20250514"
    name      = "Claude Sonnet 4"
    tool_call = true
  }
}

# Works with DeepSeek, Kimi, Together AI, Groq, Ollama, vLLM, etc.
default_model = "openai/gpt-4o"

providers {
  name     = "openai"
  api_key  = env("OPENAI_API_KEY")
  base_url = "https://api.openai.com/v1"   # change to your provider's URL

  models {
    id        = "gpt-4o"
    name      = "GPT-4o"
    tool_call = true
  }
}

Then export your API key (export ANTHROPIC_API_KEY="sk-ant-..." on macOS/Linux, $env:ANTHROPIC_API_KEY on PowerShell).

Any service implementing the OpenAI Chat Completions API works as a provider — just set base_url. See Providers for Ollama, GPUStack, A3S Power, OneAPI, and full config reference.

Basic Usage

import { Agent } from '@a3s-lab/code';

const agent = await Agent.create('agent.hcl');
const session = agent.session('.', {
  builtinSkills: true,
  planning: true,
});

const result = await session.send('Refactor auth + update tests');
console.log(result.text);

from a3s_code import Agent

agent = Agent.create("agent.hcl")
session = agent.session(".", builtin_skills=True, planning=True)

result = session.send("Refactor auth + update tests")
print(result.text)

Architecture

5 core components (stable, not replaceable) + 20 extension points (replaceable via traits):

Agent (config-driven)
  └── AgentSession (workspace-bound)
        └── AgentLoop (core execution engine)
              ├── IntentDetector → ContextPerception (AHP 2.2)
              ├── ToolExecutor (15 built-in tools)
              ├── SkillRegistry (skill injection + tool permissions)
              ├── PluginManager (custom opt-in tools + skills)
              ├── Planning (task decomposition + wave execution)
              ├── SessionLaneQueue (a3s-lane backed)
              │     ├── Control (P0) → Query (P1) → Execute (P2) → Generate (P3)
              │     └── External Task Distribution
              ├── HookEngine (11 lifecycle events)
              ├── AHP Executor (18 harness points)
              ├── Security (permissions, taint, HITL, PII redaction)
              ├── Context (RAG providers)
              └── Memory (episodic, semantic, procedural, working)

See Architecture for detailed documentation.

Documentation

Core

Sessions — Lifecycle, send/stream, slash commands, scheduled tasks, vision
Tools — 16 built-in tools reference
Tasks — Planning and wave-based execution
Skills — Skill system and tool restrictions

Harness Engineering

Security — Permission policies, HITL, built-in PII redaction and injection detection
Hooks — 11 lifecycle hooks with automatic propagation to sub-agents
Orchestrator — Sub-agent pause, resume, cancel, and prompt injection
Runtime Limits — Tool round cap, timeouts, circuit breaker, auto-compaction
Isolation — Workspace boundary, file history, Git worktrees, MicroVM sandbox

Infrastructure

Architecture — System design overview
Lane Queue — Priority routing and queue features
Multi-Machine — Horizontal scaling guide

Extensions

Providers — LLM providers and full config reference
Plugins — Custom opt-in tools + skills beyond the built-in core
MCP — External tool integration
Subagents — Delegate to specialized agents
Context — RAG providers
Memory — Long-term memory
Hooks — Lifecycle events
Persistence — Session storage
Telemetry — Cost tracking and metrics

Testing

cargo test          # All tests
cargo test --lib    # Unit tests only

Test Coverage: 1501 tests, 100% pass rate

License

MIT License

A3S Lane — Priority-based task queue with DLQ
A3S Search — Multi-engine web search aggregator
A3S Box — Secure sandbox runtime with TEE support
A3S Event — Event-driven architecture primitives