← Back to Skills Marketplace
Deep Coding
by
extraterrest
· GitHub ↗
· v0.0.3
· MIT-0
175
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install deep-coding
Description
Deep coding multi-agent development system. Use when the user wants to build software projects using the Orchestrator to Builder to Reviewer workflow, mentio...
README (SKILL.md)
System Dependencies
This skill requires the following system capabilities:
| Dependency | Purpose | Required? | Check |
|---|---|---|---|
python3 |
Dashboard server (port 8765) | Yes | python3 --version |
node / npm |
Project builds, Playwright | For web projects | node -v, npm -v |
playwright |
E2E browser testing (Reviewers) | Optional, for E2E | npx playwright --version |
| ACP runtime | Builder/Reviewer agent execution | Optional, see below | Platform-specific |
No specific coding agent is required. The default configuration uses ACP + qoder, but you can use any available agent runtime. See First-Time Setup for configuration options.
Security Notes
⚠️ Dashboard server (server.py):
- Binds to
127.0.0.1:8765only — never expose to public network - Serves files from the project directory — verify no secrets (API keys, tokens) are present
- Includes path traversal protection via
safe_path()check
⚠️ Code execution:
- Builders and Reviewers will execute and run arbitrary project code
- For web projects: HTTP server serves project files locally
- E2E tests use Playwright to open and interact with pages in a real browser
- Only run on machines where executing generated code is acceptable
- Use containers/VMs for untrusted projects
First-Time Setup
When a user installs this skill for the first time, guide them through the following steps:
Step 1: Create Project Workspace
mkdir -p my-projects/{requests/done,logs}
cp \x3Cskill-dir>/assets/server.py my-projects/
cp \x3Cskill-dir>/assets/dashboard.html my-projects/
cd my-projects
This creates the project root with all required directories and the Dashboard assets.
Step 2: Configure Orchestrator Agent
Create an Orchestrator agent in your openclaw.json (or equivalent config):
{
"id": "orchestrator",
"name": "Orchestrator",
"workspace": "\x3Cyour-path>/my-projects"
}
Give the Orchestrator a heartbeat prompt that references references/orchestrator-rules.md.
Step 3: Configure Builder Agent(s)
Choose your preferred coding agent(s). Options:
| Option | Configuration | Notes |
|---|---|---|
| ACP + qoder | runtime: "acp", agentId: "qoder" |
Default, requires acpx plugin |
| ACP + claude | runtime: "acp", agentId: "claude" |
Alternative ACP agent |
| ACP + codex | runtime: "acp", agentId: "codex" |
OpenAI Codex |
| Subagent runtime | runtime: "subagent" |
Built-in, no extra setup |
| PTY coding agents | exec with PTY |
Claude Code, Codex CLI, etc. |
The Orchestrator rules (references/orchestrator-rules.md) default to ACP + qoder, but you should update the agent ID to match your setup.
Recommended: Set up a 3-tier fallback chain
- Primary: Your preferred coding agent (e.g., qoder, claude)
- Fallback 1: Alternative ACP agent (e.g., claude if qoder is 429'd)
- Fallback 2: Built-in subagent runtime
Step 4: Allow Tool Access
Ensure your Orchestrator and Builder agents have access to:
read,write,edit— for file operationsexec— for running builds, tests, serverssessions_spawn,sessions_send,sessions_list— for agent communicationsubagents— for managing spawned agents
In openclaw.json:
{
"tools": {
"sessions": {
"visibility": "all"
},
"agentToAgent": {
"enabled": true,
"allow": ["main", "orchestrator", "qoder-dev", "claude-dev"]
}
},
"acp": {
"enabled": true,
"backend": "acpx",
"defaultAgent": "qoder",
"allowedAgents": ["qoder", "claude", "codex"]
}
}
Step 5: Choose Your LLM
Set the default model for the Orchestrator and agents:
{
"agents": {
"defaults": {
"model": {
"primary": "your-provider/your-model"
}
}
}
}
For coding agents (qoder, claude, codex), they use their own model — no LLM config needed.
Step 6: Verify Setup
cd my-projects
python3 server.py
# Open http://localhost:8765 — should show empty dashboard
Harness Deep Coding System
Multi-agent development: Orchestrator decomposes → Builders code → Reviewers verify → E2E test → deliver.
Roles
User-Facing Agent (you)
- Gather requirements through conversation
- Create request JSON at
projects/requests/TIMESTAMP.json(use actual timestamp) - Notify Orchestrator via
sessions_sendtoagent:orchestrator:main - Report progress every heartbeat when project is active
Orchestrator
- Decomposes project into 2-4 modules + mandatory integration-test
- Creates
project-state.jsonwith module states - Spawns Builders and Reviewers via
sessions_spawn - Monitors progress via heartbeat, handles failures
- Runs E2E smoke test after bugfix/feature accepted
Builder
- Codes independently per module
- Uses configured agent runtime (ACP subagent, or fallback)
- Writes to
logs/builder-MODULE.log(APPEND, UTC+8)
Reviewer
- MUST actually test the application, not just read code
- For web projects: serve via HTTP, verify in browser
- Writes detailed review results to
review_history - Writes to
logs/reviewer-MODULE.log(APPEND, UTC+8)
User-Facing Workflow
1. Gather Requirements
- What to build, key features, constraints, tech stack
- Break into 2-4 logical modules (data → core → render → UI)
- Auto-add final
integration-testmodule depending on ALL others
2. Create Request
{
"name": "Project Name",
"description": "What it does",
"owner": "user name",
"tags": ["web", "game"]
}
Path: \x3Cproject-root>/requests/TIMESTAMP.json (use actual timestamp)
3. Notify Orchestrator
Send to agent:orchestrator:main:
- Request file path
- Instructions to decompose into modules
- Create project-state.json
- Spawn Builder for first module
- Use per-agent logs, APPEND mode, UTC+8
- Run E2E smoke test after acceptance
4. Progress Reporting
Read project-state.json every heartbeat:
- Report completion % and module states
- Announce 100% completion
Project Structure
All paths are relative to your project root directory:
\x3Cproject-root>/
├── projects-registry.json ← All projects overview
├── server.py ← Dashboard server (port 8765)
├── dashboard.html ← Dashboard UI
├── requests/
│ └── done/ ← Processed requests
├── logs/ ← Agent activity logs
├── PROJECT-SLUG/
│ ├── project-state.json ← Module states, review history
│ ├── logs/
│ │ ├── orchestrator.log ← Orchestrator decisions
│ │ ├── builder-MODULE.log ← Each Builder writes own file
│ │ └── reviewer-MODULE.log ← Each Reviewer writes own file
│ └── SOURCE CODE (generated files)
See references/architecture.md for full project structure, module lifecycle, and dashboard details.
Module Lifecycle
pending → in_progress → ready_for_review → in_review → accepted
↑ |
└── needs_revision ──┘
Critical Rules
| Rule | Description |
|---|---|
| One action per heartbeat | Never do multiple spawns in one cycle |
| Spawn Reviewer immediately | Never leave ready_for_review more than one cycle |
| Reviewer writes results | Must write to review_history array, never just change state |
| E2E smoke test | Mandatory for bugfixes and new features before delivery |
| No archive copies | DO NOT copy project-state.json to archive/ |
Common Issues
| Issue | Fix |
|---|---|
| 429 rate limit | Wait, then re-spawn. Do NOT self-accept |
| Missing E2E | Bugfix/feature accepted → must spawn E2E Reviewer |
| Reviewer not spawned | Check sessions_list, spawn if missing |
| Builder timeout | Check if files exist, accept if complete |
| Archive duplicates | Orchestrator should NOT copy to archive/ |
Dashboard
Dashboard is included in assets/server.py and assets/dashboard.html.
Usage:
- Copy
assets/server.pyandassets/dashboard.htmlto your project root directory - Run:
python3 server.py - Open:
http://localhost:8765
Security: The server binds to 127.0.0.1 only and includes path traversal protection.
Features: project list, completion status, module states, agent activity timeline.
Usage Guidance
This skill appears to be what it says: a local multi-agent development harness. Key risks to consider before installing: 1) The included server.py will serve files from the project directory — verify there are no API keys or secrets in your project before running the server, and run it bound to localhost only as instructed. 2) Builders/Reviewers are required to execute generated project code and run tests (including Playwright); for untrusted projects, run the system inside isolated VMs or containers. 3) The dashboard HTML pulls JS from public CDNs (Tailwind, Vue, markdown-it); if your environment restricts outbound network calls or you need a hardened supply chain, consider hosting those assets locally. 4) Only grant the platform the minimal agent/tool permissions needed and limit allowed agent IDs to trusted ones. If you want a firmer assessment, provide the full, untruncated server.py content to verify the safe_path() implementation and confirm there are no hidden network callbacks or backdoors in the code.
Capability Analysis
Type: OpenClaw Skill
Name: deep-coding
Version: 0.0.3
The 'deep-coding' skill bundle is a multi-agent orchestration system designed for complex software development tasks. It utilizes an Orchestrator agent to manage Builders and Reviewers, providing a local Python-based dashboard (server.py and dashboard.html) for progress monitoring. While the system requires high-risk capabilities such as arbitrary code execution (exec) and broad file access to function, these are clearly aligned with its stated purpose and are accompanied by explicit security warnings in SKILL.md. The dashboard server implements path traversal protection and binds only to the local interface (127.0.0.1). No evidence of malicious intent, data exfiltration, or harmful prompt injection was found.
Capability Assessment
Purpose & Capability
Name/description (multi-agent deep-coding harness) matches what the skill asks for: orchestration rules, spawn builders/reviewers, file layout, and a local dashboard server. Declared runtime needs (python3, node, Playwright, agent runtimes like ACP/qoder) are appropriate for building, serving, and E2E testing code.
Instruction Scope
SKILL.md instructs the agent to create a project workspace, copy and run server.py (serves project files), spawn builders/reviewers, and require those agents have read/write/exec and sessions permissions. It explicitly requires builders/reviewers to execute generated project code and run E2E tests. This is expected for the tool's purpose but increases risk: running untrusted project code and serving project directories can expose secrets if present — the skill does warn about this.
Install Mechanism
Instruction-only skill with no install spec and only a small Python server script and HTML dashboard. No downloads from unknown URLs, no archives to extract. Low install risk.
Credentials
The skill does not declare required environment variables or credentials. It does recommend configuring runtime choices (BUILDER_RUNTIME, BUILDER_AGENT) and platform tool permissions; those are relevant to the orchestrator's operation and proportional to the stated capabilities.
Persistence & Privilege
Skill is not forced-always, does not request system-wide configuration changes in the manifest, and does not declare persistent elevated privileges. It does require the platform to grant agent tool permissions (read/write/exec/sessions/subagents) to function, which is appropriate for multi-agent orchestration but should be limited to trusted agents.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install deep-coding - After installation, invoke the skill by name or use
/deep-coding - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.3
Security fixes, relative paths, flexible Builder config, first-time setup guide
v0.0.2
Removed absolute paths, added Dashboard assets
v0.0.1
Initial release: Orchestrator → Builder → Reviewer multi-agent development system with Dashboard
v1.0.0
Initial release: Orchestrator → Builder → Reviewer multi-agent development system with Dashboard
Metadata
Frequently Asked Questions
What is Deep Coding?
Deep coding multi-agent development system. Use when the user wants to build software projects using the Orchestrator to Builder to Reviewer workflow, mentio... It is an AI Agent Skill for Claude Code / OpenClaw, with 175 downloads so far.
How do I install Deep Coding?
Run "/install deep-coding" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Deep Coding free?
Yes, Deep Coding is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Deep Coding support?
Deep Coding is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Deep Coding?
It is built and maintained by extraterrest (@extraterrest); the current version is v0.0.3.
More Skills