devduck

DevDuck is a Python-based, “one-file” self-healing AI agent runtime that can hot-reload code, run many built-in tools (including shell/git/browser/messaging), and connect across multiple interfaces (CLI/TUI/WebSocket/TCP) and networks (Zenoh P2P + a unified mesh/relay). It can also expose itself as an MCP server and deploy to AWS AgentCore.

Evaluated Mar 30, 2026 (21d ago)
Homepage ↗ Repo ↗ Ai Ml ai-ml autonomous-agents mcp mcp-server tool-calling python mesh p2p websocket reliability self-healing
⚙ Agent Friendliness
50
/ 100
Can an agent use this?
🔒 Security
48
/ 100
Is it safe for agents?
⚡ Reliability
32
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
55
Documentation
60
Error Messages
0
Auth Simplicity
80
Rate Limits
10

🔒 Security

TLS Enforcement
70
Auth Strength
55
Scope Granularity
20
Dep. Hygiene
45
Secret Handling
50

Based on provided documentation only: communications include WebSocket (ports 10000) and cloud/HTTPS integrations, but explicit TLS-only guarantees are not stated. Authentication is primarily via environment variables/API keys for model providers and messaging bots; no fine-grained OAuth scopes or permission scoping are described. The project depends on many third-party packages (including tool, MCP, model-provider integrations), which can increase supply-chain risk; the provided data does not include dependency health/CVE status. Because it supports shell/browser/remote command execution and hot-reloading, the main risk is operational: secrets leakage, inadvertent data exfiltration, and executing untrusted code/tools without sandboxing/allowlists.

⚡ Reliability

Uptime/SLA
0
Version Stability
30
Breaking Changes
30
Error Recovery
70
AF Security Reliability

Best When

You want a local-first (or self-hosted) agent that can rapidly add/reload tools and orchestrate workflows across multiple interfaces and peers, and you can manage the security risk of granting powerful tool access.

Avoid When

You cannot control secrets, network exposure, or tool permissions (especially shell/browser/remote execution), or you require enterprise-grade governance/auditability and predictable reliability guarantees.

Use Cases

  • Interactive developer assistant in terminal (CLI/TUI/REPL)
  • Automating multi-step tasks with tool execution (shell/editor/browser/GitHub integrations)
  • Building chat-like agents with concurrency via the TUI shared-messages model
  • Cross-process/multi-machine agent collaboration via Zenoh/mesh relay
  • Exposing agent capabilities to MCP clients (e.g., Claude Desktop)
  • Integrating arbitrary OpenAPI/Swagger endpoints via an “openapi” tool

Not For

  • Production systems requiring strong, audited security boundaries for autonomous tool execution
  • Environments where allowing agents to run shell/remote commands is unacceptable
  • Use cases needing a stable, officially versioned public REST/SDK contract
  • Teams needing clear, standardized error codes/pagination semantics from a documented API surface

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: API keys and environment variables for multiple model providers (Anthropic/OpenAI/Gemini/AWS Bedrock/Ollama/etc.) AWS credentials or Bedrock bearer token (per README example) Telegram/Slack bot tokens (for messaging listeners) OpenAPI-tool authentication (described as supporting auth methods; specific mechanisms not fully shown in provided text)
OAuth: No Scopes: No

README indicates model-provider selection via environment variables (e.g., ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, AWS_BEARER_TOKEN_BEDROCK). It also documents Telegram/Slack bot tokens. The provided content does not show a clear, standardized scope model for agent permissions.

Pricing

Free tier: No
Requires CC: No

No pricing info is provided in the supplied repository data. Costs likely depend on the selected model provider(s) and any cloud deployment (e.g., AWS AgentCore).

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Powerful tools (e.g., shell/web/computer) can be risky if used without explicit guardrails/permissions.
  • Mesh/peer networking introduces additional security considerations (peer discovery/relay exposure, trust boundaries).
  • “Self-healing” and hot-reload imply dynamic behavior that may complicate deterministic operation and debugging.
  • No evidence in provided text of standardized structured errors, idempotency, or pagination semantics for agent/tool calls.

Alternatives

LangGraph/LangChain (agent orchestration with more conventional interfaces) OpenAI/Anthropic tool calling frameworks with custom workers CrewAI/Autogen (multi-agent orchestration) MCP servers from specialized vendors (for safer, narrower tool exposure) Self-hosted action runners (e.g., GitHub Actions/Argo) with human-in-the-loop

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for devduck.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered