{"id":"cagataycali-devduck","name":"devduck","homepage":"https://dev.duck.nyc","repo_url":"https://github.com/cagataycali/devduck","category":"ai-ml","subcategories":[],"tags":["ai-ml","autonomous-agents","mcp","mcp-server","tool-calling","python","mesh","p2p","websocket","reliability","self-healing"],"what_it_does":"DevDuck is a Python-based, “one-file” self-healing AI agent runtime that can hot-reload code, run many built-in tools (including shell/git/browser/messaging), and connect across multiple interfaces (CLI/TUI/WebSocket/TCP) and networks (Zenoh P2P + a unified mesh/relay). It can also expose itself as an MCP server and deploy to AWS AgentCore.","use_cases":["Interactive developer assistant in terminal (CLI/TUI/REPL)","Automating multi-step tasks with tool execution (shell/editor/browser/GitHub integrations)","Building chat-like agents with concurrency via the TUI shared-messages model","Cross-process/multi-machine agent collaboration via Zenoh/mesh relay","Exposing agent capabilities to MCP clients (e.g., Claude Desktop)","Integrating arbitrary OpenAPI/Swagger endpoints via an “openapi” tool"],"not_for":["Production systems requiring strong, audited security boundaries for autonomous tool execution","Environments where allowing agents to run shell/remote commands is unacceptable","Use cases needing a stable, officially versioned public REST/SDK contract","Teams needing clear, standardized error codes/pagination semantics from a documented API surface"],"best_when":"You want a local-first (or self-hosted) agent that can rapidly add/reload tools and orchestrate workflows across multiple interfaces and peers, and you can manage the security risk of granting powerful tool access.","avoid_when":"You cannot control secrets, network exposure, or tool permissions (especially shell/browser/remote execution), or you require enterprise-grade governance/auditability and predictable reliability guarantees.","alternatives":["LangGraph/LangChain (agent orchestration with more conventional interfaces)","OpenAI/Anthropic tool calling frameworks with custom workers","CrewAI/Autogen (multi-agent orchestration)","MCP servers from specialized vendors (for safer, narrower tool exposure)","Self-hosted action runners (e.g., GitHub Actions/Argo) with human-in-the-loop"],"af_score":49.8,"security_score":48.5,"reliability_score":32.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:26:52.947307+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":["python"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["API keys and environment variables for multiple model providers (Anthropic/OpenAI/Gemini/AWS Bedrock/Ollama/etc.)","AWS credentials or Bedrock bearer token (per README example)","Telegram/Slack bot tokens (for messaging listeners)","OpenAPI-tool authentication (described as supporting auth methods; specific mechanisms not fully shown in provided text)"],"oauth":false,"scopes":false,"notes":"README indicates model-provider selection via environment variables (e.g., ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, AWS_BEARER_TOKEN_BEDROCK). It also documents Telegram/Slack bot tokens. The provided content does not show a clear, standardized scope model for agent permissions."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing info is provided in the supplied repository data. Costs likely depend on the selected model provider(s) and any cloud deployment (e.g., AWS AgentCore)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":49.8,"security_score":48.5,"reliability_score":32.5,"mcp_server_quality":55.0,"documentation_accuracy":60.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":80.0,"rate_limit_clarity":10.0,"tls_enforcement":70.0,"auth_strength":55.0,"scope_granularity":20.0,"dependency_hygiene":45.0,"secret_handling":50.0,"security_notes":"Based on provided documentation only: communications include WebSocket (ports 10000) and cloud/HTTPS integrations, but explicit TLS-only guarantees are not stated. Authentication is primarily via environment variables/API keys for model providers and messaging bots; no fine-grained OAuth scopes or permission scoping are described. The project depends on many third-party packages (including tool, MCP, model-provider integrations), which can increase supply-chain risk; the provided data does not include dependency health/CVE status. Because it supports shell/browser/remote command execution and hot-reloading, the main risk is operational: secrets leakage, inadvertent data exfiltration, and executing untrusted code/tools without sandboxing/allowlists.","uptime_documented":0.0,"version_stability":30.0,"breaking_changes_history":30.0,"error_recovery":70.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Powerful tools (e.g., shell/web/computer) can be risky if used without explicit guardrails/permissions.","Mesh/peer networking introduces additional security considerations (peer discovery/relay exposure, trust boundaries).","“Self-healing” and hot-reload imply dynamic behavior that may complicate deterministic operation and debugging.","No evidence in provided text of standardized structured errors, idempotency, or pagination semantics for agent/tool calls."]}}