Add Augment Code "Auggie" CLI as a new agentic engine
Summary
Add the Augment Code Auggie CLI as a new (experimental) agentic engine, alongside the existing Copilot, Claude, Codex, Gemini, Crush, OpenCode, and Pi engines. Auggie is a single-provider hosted agent: authentication happens via a session JSON (AUGMENT_SESSION_AUTH, produced by auggie login), and the model is selected by Augment Code's backend unless overridden with --model.
This issue contains a complete, step-by-step agentic plan as required by CONTRIBUTING.md (non-core contributors submit plans rather than PRs). I have a working, verified reference implementation that rebases cleanly onto main (see "Reference implementation" at the bottom), so the plan below is concrete and grounded in code that already compiles and passes tests.
Motivation / Use case
Auggie is a CLI coding agent with a non-interactive --print mode well suited to CI automation, built-in web-fetch/web-search tools, and standard {"mcpServers": {...}} MCP config support. Adding it as an engine lets workflow authors select engine: auggie and run agentic workflows on Augment Code's hosted agent, the same way they can with the other engines today.
Usage example
Once the engine is registered, a workflow author selects it like any other engine. Minimal form:
---
on:
workflow_dispatch:
engine:
id: auggie
permissions:
contents: read
---
# My workflow
Summarize the open pull requests in this repository.
Extended form (pin a version, override the model, and add args), mirroring EngineConfig handling in the plan:
engine:
id: auggie
version: "0.29.0" # optional; defaults to DefaultAuggieVersion
model: <model-name> # optional; appended as `--model <model-name>`
args: ["--quiet"] # optional; appended after the built-in `--print --quiet`
Authentication is provided via the AUGMENT_SESSION_AUTH repository secret (the session JSON produced by auggie login).
Implementation plan
The engine follows the existing Engine Separation Pattern (one file per engine, shared helpers reused). All helper APIs referenced below already exist on main (GenerateNpmInstallSteps, BuildNpmEngineInstallStepsWithAWF, BuildAWFCommand, BuildDefaultSecretValidationStep, renderDefaultJSONMCPConfig, GetAllowedDomainsForEngine, etc.).
-
Register the engine ID and metadata (pkg/constants/engine_constants.go):
- Add
AuggieEngine EngineName = "auggie".
- Append
string(AuggieEngine) to the AgenticEngines slice (it must stay last to preserve catalog ordering expected by tests).
- Add an engine descriptor entry:
Value: "auggie", Label: "Auggie", Description: "Augment Code Auggie CLI (experimental)", SecretName: "AUGMENT_SESSION_AUTH", KeyURL: "https://docs.augmentcode.com/cli/overview", WhenNeeded: "Auggie engine workflows".
- Add model env-var constants
EnvVarModelAgentAuggie = "GH_AW_MODEL_AGENT_AUGGIE" and EnvVarModelDetectionAuggie = "GH_AW_MODEL_DETECTION_AUGGIE".
- Add
AuggieSessionAuthEnvVar = "AUGMENT_SESSION_AUTH" (the native env var the Auggie CLI reads).
-
Pin the default version (pkg/constants/version_constants.go):
- Add
const DefaultAuggieVersion Version = "0.29.0".
-
Implement the engine (pkg/workflow/auggie_engine.go), a new AuggieEngine embedding BaseEngine:
NewAuggieEngine() with id: "auggie", displayName: "Auggie CLI", experimental: true, and capabilities: ToolsAllowlist: false (Auggie manages its own tool permissions), MaxTurns: false (no native max-turns flag), WebSearch: true (built-in web-fetch/web-search), MaxContinuations: false, NativeAgentFile: false.
GetRequiredSecretNames: AUGMENT_SESSION_AUTH + collectCommonMCPSecrets + GITHUB_MCP_SERVER_TOKEN when a GitHub tool is present + HTTP MCP header secrets.
GetSecretValidationStep: BuildDefaultSecretValidationStep(..., []string{AUGMENT_SESSION_AUTH}, "Auggie CLI", "https://docs.augmentcode.com/cli/overview").
GetInstallationSteps: install via GenerateNpmInstallSteps("@augmentcode/auggie", version, "Install Auggie CLI", "auggie", true /*node setup*/, false /*no install scripts*/, false /*no release-age cooldown*/), then a auggie --version verify step, wrapped with BuildNpmEngineInstallStepsWithAWF. Respect EngineConfig.Command/EngineConfig.Version overrides.
GetExecutionSteps: build args --print --quiet, append --model <m> when EngineConfig.Model is set, append EngineConfig.Args, append --mcp-config "${RUNNER_TEMP}/gh-aw/mcp-config/mcp-servers.json" when MCP servers are present, then the prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)". Route through BuildAWFCommand when the firewall is enabled (excluding AUGMENT_SESSION_AUTH from the forwarded env via ComputeAWFExcludeEnvVarNames), otherwise a plain tee-to-logfile command. Set env (AUGMENT_SESSION_AUTH, GH_AW_PROMPT, GITHUB_AW, GH_AW_PHASE, GH_AW_MAX_TURNS, MCP config path, etc.) and filter via FilterEnvForSecrets.
GetAgentManifestFiles: ["AGENTS.md"]; GetAgentManifestPathPrefixes: [".augment/"] (protect Auggie config from fork-PR injection).
- Compile-time assertion:
var _ CodingAgentEngine = (*AuggieEngine)(nil).
-
MCP config rendering (pkg/workflow/auggie_mcp.go):
(*AuggieEngine).RenderMCPConfig delegating to renderDefaultJSONMCPConfig(..., "${RUNNER_TEMP}/gh-aw/mcp-config/mcp-servers.json") (standard {"mcpServers": {...}} schema).
-
Register in the engine catalog (pkg/workflow/agentic_engine.go):
- Add
NewAuggieEngine() to the registered engines list.
-
Version/lookup wiring (pkg/workflow/compiler_yaml_lookups.go):
- Map
AuggieEngine -> DefaultAuggieVersion in the relevant version-lookup switch/maps, and include AuggieEngine in the npm-engine grouping alongside Claude/Gemini/OpenCode/Crush/Pi.
-
Network domains (pkg/workflow/domains.go):
- Add
AuggieDefaultDomains = []string{"*.augmentcode.com", "api.augmentcode.com", "auth.augmentcode.com", "d3.augmentcode.com"}.
- Map
constants.AuggieEngine -> AuggieDefaultDomains in the per-engine domains map, and add AuggieEngine to the engine grouping that uses default-domain handling.
-
Engine data descriptor (pkg/workflow/data/engines/auggie.md):
- Frontmatter:
id: auggie, display-name: Auggie CLI, runtime-id: auggie, provider.name: augmentcode, auth: [{role: session, secret: AUGMENT_SESSION_AUTH}].
-
JSON schema (pkg/parser/schemas/main_workflow_schema.json):
- Add
auggie to the allowed engine.id enum so engine: auggie validates.
-
Docs (docs/src/content/docs/reference/engines.md):
- Add Auggie to the engines table (id
auggie, secret AUGMENT_SESSION_AUTH session JSON from auggie login), default-version row ("0.29.0"), and the page description list.
-
Smoke workflow (.github/workflows/smoke-auggie.md):
- A
slash_command: smoke-auggie workflow with engine: { id: auggie }, strict: true, GitHub MCP (repos, pull_requests), web-fetch, bash, edit, cache-memory, and safe-outputs (add-comment, create-issue, add-labels), exercising GitHub MCP, web-fetch, file writing, bash, and make build. Recompile to generate its .lock.yml.
-
Tests (extend existing tables; do not add net-new test files beyond the engine's own):
pkg/workflow/auggie_engine_test.go: install/execute step generation, args (--print --quiet, --model, --mcp-config), secret requirements, capabilities, manifest files/prefixes.
pkg/workflow/engine_catalog_test.go: catalog contains auggie in the expected position.
pkg/constants/constants_test.go: AgenticEngines includes auggie; descriptor fields correct.
pkg/cli/completions_test.go: engine-name completion count includes auggie.
Validation
All changes pass the standard gate (make agent-finish): make build, make test, make recompile (regenerates all .lock.yml, including smoke-auggie.lock.yml), make update-wasm-golden, make fmt, make lint, make lint-errors. The generated smoke-auggie.lock.yml installs @augmentcode/auggie@0.29.0, runs auggie --print --quiet --mcp-config ... "$(cat .../prompt.txt)", validates AUGMENT_SESSION_AUTH, and excludes that secret from the firewall env in both agent and detection phases.
Because the engine deeply impacts execution, this is a good candidate for the smoke label so a smoke run validates it end to end.
Reference implementation
I have a complete, rebased-onto-main, verified implementation on a fork branch that a core team member can use as a starting point:
https://github.com/carlosflorencio/gh-aw/tree/add-auggie-engine
It touches 14 source files (listed above) plus regenerated lock/golden artifacts. Happy to refine the plan or the reference branch based on team feedback.
Add Augment Code "Auggie" CLI as a new agentic engine
Summary
Add the Augment Code Auggie CLI as a new (experimental) agentic engine, alongside the existing Copilot, Claude, Codex, Gemini, Crush, OpenCode, and Pi engines. Auggie is a single-provider hosted agent: authentication happens via a session JSON (
AUGMENT_SESSION_AUTH, produced byauggie login), and the model is selected by Augment Code's backend unless overridden with--model.This issue contains a complete, step-by-step agentic plan as required by
CONTRIBUTING.md(non-core contributors submit plans rather than PRs). I have a working, verified reference implementation that rebases cleanly ontomain(see "Reference implementation" at the bottom), so the plan below is concrete and grounded in code that already compiles and passes tests.Motivation / Use case
Auggie is a CLI coding agent with a non-interactive
--printmode well suited to CI automation, built-in web-fetch/web-search tools, and standard{"mcpServers": {...}}MCP config support. Adding it as an engine lets workflow authors selectengine: auggieand run agentic workflows on Augment Code's hosted agent, the same way they can with the other engines today.Usage example
Once the engine is registered, a workflow author selects it like any other engine. Minimal form:
Extended form (pin a version, override the model, and add args), mirroring
EngineConfighandling in the plan:Authentication is provided via the
AUGMENT_SESSION_AUTHrepository secret (the session JSON produced byauggie login).Implementation plan
The engine follows the existing Engine Separation Pattern (one file per engine, shared helpers reused). All helper APIs referenced below already exist on
main(GenerateNpmInstallSteps,BuildNpmEngineInstallStepsWithAWF,BuildAWFCommand,BuildDefaultSecretValidationStep,renderDefaultJSONMCPConfig,GetAllowedDomainsForEngine, etc.).Register the engine ID and metadata (
pkg/constants/engine_constants.go):AuggieEngine EngineName = "auggie".string(AuggieEngine)to theAgenticEnginesslice (it must stay last to preserve catalog ordering expected by tests).Value: "auggie",Label: "Auggie",Description: "Augment Code Auggie CLI (experimental)",SecretName: "AUGMENT_SESSION_AUTH",KeyURL: "https://docs.augmentcode.com/cli/overview",WhenNeeded: "Auggie engine workflows".EnvVarModelAgentAuggie = "GH_AW_MODEL_AGENT_AUGGIE"andEnvVarModelDetectionAuggie = "GH_AW_MODEL_DETECTION_AUGGIE".AuggieSessionAuthEnvVar = "AUGMENT_SESSION_AUTH"(the native env var the Auggie CLI reads).Pin the default version (
pkg/constants/version_constants.go):const DefaultAuggieVersion Version = "0.29.0".Implement the engine (
pkg/workflow/auggie_engine.go), a newAuggieEngineembeddingBaseEngine:NewAuggieEngine()withid: "auggie",displayName: "Auggie CLI",experimental: true, and capabilities:ToolsAllowlist: false(Auggie manages its own tool permissions),MaxTurns: false(no native max-turns flag),WebSearch: true(built-in web-fetch/web-search),MaxContinuations: false,NativeAgentFile: false.GetRequiredSecretNames:AUGMENT_SESSION_AUTH+collectCommonMCPSecrets+GITHUB_MCP_SERVER_TOKENwhen a GitHub tool is present + HTTP MCP header secrets.GetSecretValidationStep:BuildDefaultSecretValidationStep(..., []string{AUGMENT_SESSION_AUTH}, "Auggie CLI", "https://docs.augmentcode.com/cli/overview").GetInstallationSteps: install viaGenerateNpmInstallSteps("@augmentcode/auggie", version, "Install Auggie CLI", "auggie", true /*node setup*/, false /*no install scripts*/, false /*no release-age cooldown*/), then aauggie --versionverify step, wrapped withBuildNpmEngineInstallStepsWithAWF. RespectEngineConfig.Command/EngineConfig.Versionoverrides.GetExecutionSteps: build args--print --quiet, append--model <m>whenEngineConfig.Modelis set, appendEngineConfig.Args, append--mcp-config "${RUNNER_TEMP}/gh-aw/mcp-config/mcp-servers.json"when MCP servers are present, then the prompt"$(cat /tmp/gh-aw/aw-prompts/prompt.txt)". Route throughBuildAWFCommandwhen the firewall is enabled (excludingAUGMENT_SESSION_AUTHfrom the forwarded env viaComputeAWFExcludeEnvVarNames), otherwise a plaintee-to-logfile command. Set env (AUGMENT_SESSION_AUTH,GH_AW_PROMPT,GITHUB_AW,GH_AW_PHASE,GH_AW_MAX_TURNS, MCP config path, etc.) and filter viaFilterEnvForSecrets.GetAgentManifestFiles:["AGENTS.md"];GetAgentManifestPathPrefixes:[".augment/"](protect Auggie config from fork-PR injection).var _ CodingAgentEngine = (*AuggieEngine)(nil).MCP config rendering (
pkg/workflow/auggie_mcp.go):(*AuggieEngine).RenderMCPConfigdelegating torenderDefaultJSONMCPConfig(..., "${RUNNER_TEMP}/gh-aw/mcp-config/mcp-servers.json")(standard{"mcpServers": {...}}schema).Register in the engine catalog (
pkg/workflow/agentic_engine.go):NewAuggieEngine()to the registered engines list.Version/lookup wiring (
pkg/workflow/compiler_yaml_lookups.go):AuggieEngine->DefaultAuggieVersionin the relevant version-lookup switch/maps, and includeAuggieEnginein the npm-engine grouping alongside Claude/Gemini/OpenCode/Crush/Pi.Network domains (
pkg/workflow/domains.go):AuggieDefaultDomains = []string{"*.augmentcode.com", "api.augmentcode.com", "auth.augmentcode.com", "d3.augmentcode.com"}.constants.AuggieEngine -> AuggieDefaultDomainsin the per-engine domains map, and addAuggieEngineto the engine grouping that uses default-domain handling.Engine data descriptor (
pkg/workflow/data/engines/auggie.md):id: auggie,display-name: Auggie CLI,runtime-id: auggie,provider.name: augmentcode,auth: [{role: session, secret: AUGMENT_SESSION_AUTH}].JSON schema (
pkg/parser/schemas/main_workflow_schema.json):auggieto the allowedengine.idenum soengine: auggievalidates.Docs (
docs/src/content/docs/reference/engines.md):auggie, secretAUGMENT_SESSION_AUTHsession JSON fromauggie login), default-version row ("0.29.0"), and the page description list.Smoke workflow (
.github/workflows/smoke-auggie.md):slash_command: smoke-auggieworkflow withengine: { id: auggie },strict: true, GitHub MCP (repos,pull_requests),web-fetch,bash,edit,cache-memory, andsafe-outputs(add-comment, create-issue, add-labels), exercising GitHub MCP, web-fetch, file writing, bash, andmake build. Recompile to generate its.lock.yml.Tests (extend existing tables; do not add net-new test files beyond the engine's own):
pkg/workflow/auggie_engine_test.go: install/execute step generation, args (--print --quiet,--model,--mcp-config), secret requirements, capabilities, manifest files/prefixes.pkg/workflow/engine_catalog_test.go: catalog containsauggiein the expected position.pkg/constants/constants_test.go:AgenticEnginesincludesauggie; descriptor fields correct.pkg/cli/completions_test.go: engine-name completion count includesauggie.Validation
All changes pass the standard gate (
make agent-finish):make build,make test,make recompile(regenerates all.lock.yml, includingsmoke-auggie.lock.yml),make update-wasm-golden,make fmt,make lint,make lint-errors. The generatedsmoke-auggie.lock.ymlinstalls@augmentcode/auggie@0.29.0, runsauggie --print --quiet --mcp-config ... "$(cat .../prompt.txt)", validatesAUGMENT_SESSION_AUTH, and excludes that secret from the firewall env in both agent and detection phases.Because the engine deeply impacts execution, this is a good candidate for the
smokelabel so a smoke run validates it end to end.Reference implementation
I have a complete, rebased-onto-
main, verified implementation on a fork branch that a core team member can use as a starting point:https://github.com/carlosflorencio/gh-aw/tree/add-auggie-engine
It touches 14 source files (listed above) plus regenerated lock/golden artifacts. Happy to refine the plan or the reference branch based on team feedback.