Why Harbinger?

The repository IS the agent — Every action your agent takes is a git commit. You can see exactly what it did, when, and why. If it screws up, revert it. Want to clone your agent? Fork the repo — code, personality, scheduled jobs, full history, all of it goes with your fork.

Free compute, built in — Every GitHub account comes with free cloud computing time. Harbinger uses that to run your agent. One task or a hundred in parallel — the compute is already included.

Self-evolving — The agent modifies its own code through pull requests. Every change is auditable, every change is reversible. You stay in control.

How It Works

┌──────────────────────────────────────────────────────────────────────┐
│                                                                      │
│  ┌─────────────────┐         ┌─────────────────┐                     │
│  │  Event Handler  │ ──1──►  │     GitHub      │                     │
│  │  (creates job)  │         │ (job/* branch)  │                     │
│  └────────▲────────┘         └────────┬────────┘                     │
│           │                           │                              │
│           │                           2 (triggers run-job.yml)       │
│           │                           │                              │
│           │                           ▼                              │
│           │                  ┌─────────────────┐                     │
│           │                  │  Docker Agent   │                     │
│           │                  │  (runs Pi, PRs) │                     │
│           │                  └────────┬────────┘                     │
│           │                           │                              │
│           │                           3 (creates PR)                 │
│           │                           │                              │
│           │                           ▼                              │
│           │                  ┌─────────────────┐                     │
│           │                  │     GitHub      │                     │
│           │                  │   (PR opened)   │                     │
│           │                  └────────┬────────┘                     │
│           │                           │                              │
│           │                           4a (auto-merge.yml)            │
│           │                           4b (rebuild-event-handler.yml) │
│           │                           │                              │
│           5 (notify-pr-complete.yml / │                              │
│           │  notify-job-failed.yml)   │                              │
│           └───────────────────────────┘                              │
│                                                                      │
└──────────────────────────────────────────────────────────────────────┘

You interact with your bot via the web chat interface or Telegram (optional). The Event Handler creates a job branch. GitHub Actions spins up a Docker container with the Pi coding agent. The agent does the work, commits the results, and opens a PR. Auto-merge handles the rest. You get a notification when it's done.

Star History

Get Started

Prerequisites

| Requirement | Install | |-------------|---------| | Node.js 18+ | nodejs.org | | npm | Included with Node.js | | Git | git-scm.com | | GitHub CLI | cli.github.com | | Docker + Docker Compose | docker.com (installer requires admin password) | | ngrok* | ngrok.com (free account + authtoken required) |

*ngrok is only required for local installs without port forwarding. VPS/cloud deployments don't need it. Sign up for a free ngrok account, then run ngrok config add-authtoken <YOUR_TOKEN> before starting setup.

Two steps

Step 1 — Scaffold a new project:

mkdir my-agent && cd my-agent
npx harbinger@latest init

This creates a Next.js project with configuration files, GitHub Actions workflows, and agent templates. You don't need to create a GitHub repo first — the setup wizard handles that.

Step 2 — Run the setup wizard:

npm run setup

The wizard walks you through everything:

• Checks prerequisites (Node.js, Git, GitHub CLI)
• Creates a GitHub repository and pushes your initial commit
• Creates a GitHub Personal Access Token (scoped to your repo)
• Collects API keys (Anthropic required; OpenAI, Brave optional)
• Sets GitHub repository secrets and variables
• Generates .env
• Builds the project and starts Docker for you

That's it. Visit your APP_URL when the wizard finishes.

• Web Chat: Visit your APP_URL to chat with your agent, create jobs, upload files
• Telegram (optional): Run npm run setup-telegram to connect a Telegram bot
• Webhook: Send a POST to /api/create-job with your API key to create jobs programmatically
• Cron: Edit config/CRONS.json to schedule recurring jobs

Chat vs Agent LLM

Your bot has two sides — a chat side and an agent side.

Chat is the conversational part. When you talk to your bot in the web UI or Telegram, it uses the chat LLM. This runs on your server and responds in real time.

Agent is the worker. When your bot needs to write code, modify files, or do a bigger task, it spins up a separate job that runs in a Docker container on GitHub. That job uses the agent LLM.

By default, both use the same model. But during setup, you can choose different models for each — for example, a faster model for chat and a more capable one for agent jobs. The wizard asks "Would you like agent jobs to use different LLM settings?" and lets you pick.

Using a Claude Subscription (OAuth Token)

If you have a Claude Pro ($20/mo) or Max ($100+/mo) subscription, you can use it to power your agent jobs instead of paying per API call. During setup, choose Anthropic as your agent provider and say yes when asked about a subscription.

You'll need to generate a token:

# Install Claude Code CLI (if you don't have it)
npm install -g @anthropic-ai/claude-code

# Generate your token (opens browser to log in)
claude setup-token

Paste the token (starts with sk-ant-oat01-) into the setup wizard. Your agent jobs will now run through your subscription. Note that usage counts toward your Claude.ai limits, and you still need an API key for the chat side.

See Claude Code vs Pi for more details on the two agent backends.

Local installs: Your server needs to be reachable from the internet for GitHub webhooks and Telegram. On a VPS/cloud server, your APP_URL is just your domain. For local development, use ngrok (ngrok http 80) or port forwarding to expose your machine.

If your ngrok URL changes (it changes every time you restart ngrok on the free plan), you must update APP_URL everywhere:

# Update .env and GitHub variable in one command:
npx harbinger set-var APP_URL https://your-new-url.ngrok.io
# If Telegram is configured, re-register the webhook:
npm run setup-telegram

Manual Updating

1. Update the package

npm install @harbinger-ai/harbinger@latest

2. Scaffold and update templates

npx harbinger init

For most people, that's it — init handles everything. It updates your project files, runs npm install, and updates HARBINGER_VERSION in your local .env. See Understanding init below for details on what this updates and how to handle custom changes.

3. Rebuild for local dev

npm run build

4. Commit and push

git add -A && git commit -m "upgrade harbinger to vX.X.X"
git push

Pushing to main triggers the rebuild-event-handler.yml workflow on your server. It detects the version change, runs harbinger init, updates HARBINGER_VERSION in the server's .env, pulls the new Docker image, restarts the container, rebuilds .next, and reloads PM2 — no manual docker compose needed.

Upgrade failed? See Recovering from a Failed Upgrade.

Understanding init

How your project is structured

When you ran harbinger init the first time, it scaffolded a project folder with two kinds of files:

Your files — These are yours to customize. init will never overwrite them:

| Files | What they do | |-------|-------------| | config/SOUL.md, EVENT_HANDLER.md, AGENT.md, etc. | Your agent's personality, behavior, and prompts | | config/CRONS.json, TRIGGERS.json | Your scheduled jobs and webhook triggers | | app/ | Next.js pages and UI components | | docker/job-pi-coding-agent/ | The Dockerfile for the Pi coding agent job container |

Managed files — These are infrastructure files that need to stay in sync with the package version. init auto-updates them for you:

| Files | What they do | |-------|-------------| | .github/workflows/ | GitHub Actions that run jobs, auto-merge PRs, rebuild on deploy | | docker-compose.yml | Defines how your containers run together (Traefik, event handler, runner) | | docker/event-handler/ | The Dockerfile for the event handler container | | .dockerignore | Keeps unnecessary files out of Docker builds | | CLAUDE.md | AI assistant context for your project |

What happens when you run init

1. Managed files are updated automatically to match the new package version
2. Your files are left alone — but if the package ships new defaults (e.g., a new field in CRONS.json), init lets you know:

Updated templates available:
These files differ from the current package templates.

  config/CRONS.json

To view differences:  npx harbinger diff <file>
To reset to default:  npx harbinger reset <file>

You can review at your own pace:

npx harbinger diff config/CRONS.json    # see what changed
npx harbinger reset config/CRONS.json   # accept the new template

If you've modified managed files

If you've made custom changes to managed files (e.g., added extra steps to a GitHub Actions workflow), use --no-managed so init doesn't overwrite your changes:

npx harbinger init --no-managed

Template file conventions

The templates/ directory contains files scaffolded into user projects by harbinger init. Two naming conventions handle files that npm or AI tools would otherwise misinterpret:

.template suffix — Files ending in .template are scaffolded with the suffix stripped. This is used for files that npm mangles (.gitignore) or that AI tools would pick up as real project docs (CLAUDE.md).

| In templates/ | Scaffolded as | |-----------------|---------------| | .gitignore.template | .gitignore | | CLAUDE.md.template | CLAUDE.md | | api/CLAUDE.md.template | api/CLAUDE.md |

CLAUDE.md exclusion — The scaffolding walker skips any file named CLAUDE.md (without the .template suffix). This is a safety net so a bare CLAUDE.md accidentally added to templates/ never gets copied into user projects where AI tools would confuse it with real project instructions.

CLI Commands

All commands are run via npx harbinger <command> (or the npm run shortcuts where noted).

Project setup:

| Command | Description | |---------|-------------| | init | Scaffold a new project, or update templates in an existing one | | setup | Run the full interactive setup wizard (npm run setup) | | setup-telegram | Reconfigure the Telegram webhook (npm run setup-telegram) | | reset-auth | Regenerate AUTH_SECRET, invalidating all sessions |

Templates:

| Command | Description | |---------|-------------| | diff [file] | List files that differ from package templates, or diff a specific file | | reset [file] | List all template files, or restore a specific one to package default |

Secrets & variables:

These commands set individual GitHub repository secrets/variables using the gh CLI. They read GH_OWNER and GH_REPO from your .env. If VALUE is omitted, you'll be prompted with masked input (keeps secrets out of shell history).

| Command | Description | |---------|-------------| | set-agent-secret KEY [VALUE] | Set AGENT_<KEY> GitHub secret and update .env | | set-agent-llm-secret KEY [VALUE] | Set AGENT_LLM_<KEY> GitHub secret | | set-var KEY [VALUE] | Set a GitHub repository variable |

GitHub secrets use a prefix convention so the workflow can route them correctly:

• AGENT_ — Protected secrets passed to the Docker container (filtered from LLM). Example: AGENT_GH_TOKEN, AGENT_ANTHROPIC_API_KEY
• AGENT_LLM_ — LLM-accessible secrets (not filtered). Example: AGENT_LLM_BRAVE_API_KEY
• No prefix — Workflow-only secrets, never passed to container. Example: GH_WEBHOOK_SECRET

Security

Harbinger includes API key authentication, webhook secret validation (fail-closed), session encryption, secret filtering in the Docker agent, and auto-merge path restrictions. However, all software carries risk — Harbinger is provided as-is, and you are responsible for securing your own infrastructure. If you're running locally with a tunnel (ngrok, Cloudflare Tunnel, port forwarding), be aware that your dev server endpoints are publicly accessible with no rate limiting and no TLS on the local hop.

See Security for full details on what's exposed, the risks, and recommendations.

Harbinger Agent System

Harbinger includes 11 specialized agent profiles (the Harbinger swarm), each with a distinct personality, skills, and area of expertise. Route messages to specific agents using @mentions:

@PATHFINDER enumerate subdomains for example.com
@BREACH scan the login page for XSS
@SAM refactor the database module
@SPECTER run OSINT on target.com

Available agents: SPECTER (OSINT), SAM (Coding), SAGE (Learning), PATHFINDER (Recon), BREACH (Web Hacking), PHANTOM (Cloud), CIPHER (Binary), SCRIBE (Reports), LENS (Browser), MAINTAINER (Code Quality), BRIEF (Daily Briefs).

Create custom agents by copying agents/_template/ and editing the profile files. Agents are auto-discovered at startup.

See agents/README.md for the full guide.

Bug Bounty Automation

Harbinger includes a full bug bounty hunting automation suite — manage programs, targets, findings, and security tools from the web UI.

Features

• Targets Dashboard (/targets) — Manage bug bounty programs and their in-scope targets. Sync targets directly from HackerOne, Bugcrowd, Intigriti, YesWeHack, and Federacy using live data from bounty-targets-data.
• Findings Feed (/findings) — Track discovered vulnerabilities with severity ratings, status workflow (new → triaging → confirmed → reported → bounty_paid), and bounty amounts.
• Toolbox (/toolbox) — Browse and install from a catalog of 68+ real security tools (subfinder, nuclei, httpx, ffuf, sqlmap, etc.). Install tools from any GitHub repo. Manage Docker containers for agent terminal access.

Quick Start

After setup, visit your app URL and navigate to Targets in the sidebar to start:

1. Click Sync from Bounty Platforms to import programs from HackerOne/Bugcrowd/etc.
2. Or add programs manually with the Add button
3. Add targets to your programs (domains, IPs, wildcards, APIs)
4. Visit Toolbox to install scanning tools from the catalog
5. Findings appear automatically as agents discover vulnerabilities, or add them manually

See Bug Bounty for the full guide.

MCP (Model Context Protocol)

Harbinger exposes an MCP server at /api/mcp and can consume tools from external MCP servers — connecting your agents to Claude Desktop, Cursor, and any MCP-compatible client.

Server (expose your agent's tools)

External AI clients connect to https://your-app-url/api/mcp with your API key. Exposed capabilities:

| Type | Items | |------|-------| | Tools | create_job, get_job_status, chat, list_agents, get_agent_profile | | Resources | agent://agents, agent://{id}/soul, config://soul, config://crons, config://triggers | | Prompts | agent-prompt (parameterized by agent ID) |

Client (consume external MCP tools)

Add external MCP servers to config/MCP_SERVERS.json:

[
  {
    "name": "my-tool-server",
    "transport": "http",
    "url": "http://localhost:3001/mcp",
    "headers": {},
    "enabled": true
  }
]

External tools are automatically available to your agents. Manage and test them from Settings → MCP in the web UI.

See MCP Integration for the full guide.

Running Different Models

The Event Handler (chat, Telegram, webhooks) and Jobs (Docker agent) are two independent layers — each can run a different LLM. Use Claude for interactive chat and a cheaper or local model for long-running jobs, mix providers per cron entry, or run everything on a single model.

See Running Different Models for the full guide: Event Handler config, job defaults, per-job overrides, provider table, and custom provider setup.

Docs

| Document | Description | |----------|-------------| | Architecture | Two-layer design, file structure, API endpoints, GitHub Actions, Docker agent | | Configuration | Environment variables, GitHub secrets, repo variables, ngrok, Telegram setup | | Customization | Personality, skills, operating system files, using your bot, security details | | Chat Integrations | Web chat, Telegram, adding new channels | | Running Different Models | Event Handler vs job model config, per-job overrides, providers, custom provider | | Auto-Merge | Auto-merge controls, ALLOWED_PATHS configuration | | Deployment | VPS setup, Docker Compose, HTTPS with Let's Encrypt | | Claude Code vs Pi | Comparing the two agent backends (subscription vs API credits) | | How to Build Skills | Guide to building and activating agent skills | | Pre-Release | Installing beta/alpha builds | | Security | Security disclaimer, local development risks | | Upgrading | Automated upgrades, recovering from failed upgrades | | Bug Bounty | Targets, findings, tool registry, platform sync | | MCP Integration | MCP server/client setup, external tool consumption |

Maintainer

| Document | Description | |----------|-------------| | NPM | Updating skills, versioning, and publishing releases |