Open source · Developer tools · 2026

Donovan Agent

A terminal-native agentic assistant for developers.

Created by Tudor IustinPython 3.11+Apache 2.0
Donovan Agent illustration showing a connected human profile

Overview

An AI collaborator that lives in your terminal.

Donovan Agent can chat with an LLM provider, inspect and edit files, run shell commands, execute local Python, search the web, use browser automation, connect MCP servers, remember project context, manage checkpoints, and work through real coding tasks from the command line.

Explore on GitHub ↗

Capabilities

Built for real work

Developer tooling, persistent context, and explicit control in one terminal-first interface.

01

Terminal first

An interactive Rich and prompt_toolkit experience designed to stay close to the code.

02

Tool capable

Read, write, patch, search, run shell commands, execute Python, automate browsers, and connect MCP tools.

03

Persistent context

SQLite-backed sessions, memories, learned skills, tool records, schedules, and project context.

04

Provider flexible

Works with OpenAI-compatible APIs, Anthropic, DeepSeek, Qwen, Ollama, and LM Studio.

05

Agent workflows

Planning, checkpoints, subagents, contracts, recipes, evaluations, handoffs, and recovery.

06

Permission aware

Approved workspaces, risk-classified commands, audited writes, masked secrets, and explicit approval gates.

Model providers

Bring the model that fits the work.

Donovan is provider-flexible rather than tied to a single hosted service. It supports OpenAI and OpenAI-compatible APIs, Anthropic, DeepSeek, Qwen, Ollama, LM Studio, and custom local or hosted /v1/chat/completions endpoints.

The setup wizard guides users through API keys, model selection, optional Tavily search, workspace permissions, and tool approval settings. Providers can be changed later without rebuilding the workspace.

OpenAIOpenAI-compatibleAnthropicDeepSeekQwenOllamaLM StudioCustom endpoints
donovan setup
donovan model
donovan model set

Workflows & memory

Context that survives beyond one prompt.

Long-running state is stored in SQLite, including sessions, message history, tool calls, audit logs, memories, learned skills, project context, scheduled tasks, and activity events. This allows Donovan to resume work, recall prior decisions, and keep a traceable record of actions.

Higher-level workflows turn raw tools into repeatable engineering processes. Contracts define a goal and success criteria; recipes capture reusable procedures; sandboxes stage commands before promotion; profiles preserve workspace preferences; and evaluations or agent tests check repeatable behaviour.

Plan

Break complex tasks into visible steps with thinking summaries and activity streams.

Protect

Create checkpoints and sandboxes before risky edits or command execution.

Delegate

Coordinate subagents, routing, handoffs, watchers, and inbox triage.

Learn

Store project memories and reusable skills inside the approved workspace.

create a contract for fixing the browser companion setup
set up a recipe named release-check that runs tests and summarizes risks
configure router automatically for this project

Browser & MCP

Work across the terminal, browser, and external tools.

Donovan supports the Model Context Protocol for connecting servers that expose tools, resources, and prompts. MCP servers can be registered, inspected, diagnosed, and called from the interactive agent.

Browser work has two modes. Browser Companion works with already-open Chrome, Edge, Brave, Vivaldi, Opera, Arc, Chromium, and Firefox tabs through a local extension. Dedicated automation sessions use optional Playwright support for controlled browsing, text extraction, screenshots, and interaction.

donovan mcp listList connected MCP servers
donovan mcp add <name>Add an external tool server
/browser companion activeInspect the active browser connection
/browser screenshotCapture the current automated page

Safari requires a separately packaged and signed Safari Web Extension, so it is not supported by the unpacked Browser Companion.

Security

Capability stays visible and permissioned.

Because Donovan can edit files, execute code, and connect external tools, its defaults are designed around explicit workspaces and auditable actions. Workspaces must be approved, destructive commands are risk-classified, writes and patches are logged, tool results are recorded, API keys are masked in configuration output, and sensitive system paths are blocked.

readonly

Read approved files only. Writes and execution are blocked.

review

Reads are allowed; writes, shell, and code require approval.

workspace

Review-style permissions tuned for approved project work.

full autonomy

Fewer prompts, while destructive operations still require care.

Full autonomy should only be used on machines and folders where broad tool execution is acceptable.

Architecture

A modular Python system built for extension.

The repository separates the agent loop from execution, providers, security, memory, browser tooling, MCP, planning, scheduling, skills, subagents, and terminal UI. This keeps integrations replaceable and makes security-sensitive behaviour easier to inspect.

Agent corePrompts, planning, compaction, and tool protocol
ExecutionLocal, Docker, and SSH backends
MemorySQLite recall, summaries, and learned skills
SecurityPath permissions and command-risk detection
ExtensionsMCP, browser automation, tools, and providers
InterfaceRich rendering and prompt_toolkit input

Running donovan doctor checks Python, the operating system, terminal encoding, configuration, writable data directories, SQLite, provider connectivity, Tavily, the shell backend, Git, ripgrep, Node, workspace permissions, browser automation, checkpoints, skills, and registered tools.

Quick install

Install once. Start building.

macOS, Linux, Git Bash, or WSL

curl -fsSL https://raw.githubusercontent.com/tudor-22/donovan-agent/main/install.sh | bash

Windows PowerShell

powershell -ExecutionPolicy Bypass -c "irm https://raw.githubusercontent.com/tudor-22/donovan-agent/main/install.ps1 | iex"

The installer checks Python, clones the repository, creates a virtual environment, adds Donovan to your user PATH, optionally installs browser support, and runs first-time setup.

Launch the agentdonovan
Ask one questiondonovan chat "Explain this repository's structure."
Run a taskdonovan run "Inspect this project and summarize the main risks."
Check your environmentdonovan doctor

Known limitations include timeout-limited Python execution rather than a complete security sandbox, explicit search-and-replace patching, non-streaming tool-call turns when structured tool calls are required, and optional Playwright installation for browser automation.

Open source

Read the code. Run the agent. Make it yours.

Visit the repository