Plug-and-play AI cartridge hub — package, distribute, and run composable AI harness configurations locally, then deploy the same cartridges to hosted Tendos Cloud.
Tendos is building toward "Docker for AI agents and harnesses": portable, signed cartridges with reproducible execution across local machines and managed cloud.
The name and product metaphor come from Nintendo cartridges (plug in and play) combined with Docker-style portability and reproducibility.
Small and open language models are making local AI practical. Tendos exists so builders and teams do not have to re-create agent harnesses from scratch for every use case.
A Tendos cartridge is a reusable, swappable unit that can bundle:
- model configuration (base model + optional adapters)
- agent configuration (prompt, nodes, graph, tools)
- security and trust data (checksums, signatures)
- licensing and usage metadata
Long-term direction:
- local-first execution by default (privacy and ownership)
- hosted deployment option via Tendos Cloud (pay to host)
- community ecosystem where creators publish cartridges and users install/compose them quickly
Tendos currently provides the v0.1 foundation for cartridge packaging and trust:
- Cartridge specification and manifest schema validation
- Cartridge loader for validate/pack/unpack workflows
- Ed25519 signing and signature verification
- AES-256-GCM encryption helpers for protected artifacts
- JWT token utilities for pay-per-use licensing primitives
- Harness YAML declarations for security guardrails, PII redaction, and update/sync policies
- Manual/custom harness declarations via
harness.declarations.custom_configfor user-defined launcher/runtime keys tendos runlauncher execution supports both host command launchers and self-contained Docker launchers
# Install
pip install tendos
# or
uv add tendos
# Initialize a new cartridge project
tendos init my-cartridge
# Validate the cartridge manifest
tendos validate my-cartridge/cartridge.json
# Pack into a distributable .cartridge archive
tendos pack my-cartridge/
# Sign the cartridge for integrity verification
tendos sign my-cartridge.cartridge --key ~/.tendos/signing.key
# Verify signature
tendos verify my-cartridge.cartridge --pub ~/.tendos/signing.pub --sig my-cartridge.cartridge.sig
# Run harness launcher (if declared)
tendos run my-cartridge/- Local-first: run on your hardware first, with cloud as an option
- Portable artifacts: one cartridge format for reuse and sharing
- Trust by default: signing, verification, and integrity checks
- Composability: stack cartridges for domain-specific workflows
# Clone and install
git clone https://github.com/junaidahmed361/tendos.git
cd tendos
uv sync --all-extras
# Run tests
make test
# Run full quality suite
make all
# Run pre-commit hooks
make pre-commitsrc/tendos/
cartridge/ # Cartridge schema, loader, validator
runtime/ # Runtime execution engine (expanding)
hub/ # Marketplace and registry client (expanding)
security/ # Signing, encryption, JWT tokens
cli/ # Command-line interface
tests/
unit/
integration/
All pull requests are expected to pass:
- ruff lint + formatting checks
- mypy strict type checks
- bandit static security scan
- pytest with coverage threshold
- pre-commit hooks
- Local execution runtime for cartridges
- Lockfile + compatibility checks for reproducibility
- Community hub for publish/discover/install workflows
- Tendos Cloud hosted deployment for managed agent execution
Contributions are welcome. See CONTRIBUTING.md for guidelines.
Apache License 2.0 — see LICENSE.