
Two terminal agents was one too many
For most of this year we were building two terminal agents. AGTerm had a CLI and an orchestration layer of its own, and …

Calliope CLI 3.0 is out. The release removed more code than it kept, and the point of the deletion was to make room for the things no other agent harness ships: an audit trail you could hand an auditor, budget caps a CI pipeline can trust, and a harness that treats a 30B model on your own hardware as a first-class citizen instead of a checkbox. Version 2.5 had 106 slash commands, 56 config keys, a theme package with roughly 180 pop-culture skins, three AI personas, and a multi-agent orchestration layer wrapping three external SDKs that were not even in package.json. Version 3.0 has 22 commands, 16 config keys, three appearances (dark, light, no-color), one professional voice, and none of the orchestration.
We started with an honest audit. The repository looked like 305,000 lines, but the product was 47,000; the rest was tests, an unpublished theme package, and experiments. About 30 percent of the product code was worth keeping: the provider engine, the agent loop, tool execution, MCP, and project memory. We kept that, cut the rest, and rebuilt on top. The 94 percent test coverage we inherited is what made the deletion safe. Every removal shipped with the suite green.
Install it with npm install -g @calliopelabs/cli, or grab a single binary for macOS and Linux from the release page. The binary needs no Node and cold-starts in 75 milliseconds.
The headline features:
calliope replay re-renders any session read-only and verifies the chain, exiting 4 if a byte was changed. calliope cost reports where money and tool time went. Budget caps stop the loop cleanly, with exit codes CI can branch on.calliope acp speaks the Agent Client Protocol over stdio, so Calliope runs inside Zed and JetBrains and operates on live editor buffers.Configs migrate from 2.x automatically, including credentials, which moved into a per-provider map.
The terminal-agent field is crowded and good. OpenCode owns multi-provider breadth, with a client/server split and an enormous community. Claude Code sets the bar for long-horizon coding quality, closed-source and single-vendor. Codex CLI rewrote itself in Rust, citing Node distribution friction and startup time. Goose is the vendor-neutral generalist under the Linux Foundation. If raw breadth or a specific frontier model is what you need, those are strong choices and we say so without hedging.
Calliope competes on a different axis: trust. Four things in 3.0 have no equivalent in any of the harnesses above.
Audit you can verify. Every session writes a hash-chained JSONL log, secrets redacted, on by default. calliope replay re-renders the session and verifies the chain, exit 4 if any byte changed. During launch testing we had an agent-built tool and Calliope independently verify the same tampered file; both convicted on the same line. No other OSS harness ships a tamper-evident record of what its agent did.
Control that halts the loop. Per-run and per-project budget caps stop the agent cleanly mid-task with a CI-friendly exit code, and a fail-closed policy hook lets an external engine approve or deny every tool call before it runs. Most harnesses offer a permission prompt; none offer a policy seam a compliance team can own.
A harness that polices its own model. Plan mode requires the agent to read files before proposing, and a plan produced with no reads is marked unverified in the transcript. Approvals bind to execution, so “go” runs tools instead of generating prose about running them. We built these because our own testing caught a model claiming work it never did; the harness now makes that lie visible in the moment, without opening a log.
Local models as an optimization target. Every harness lists Ollama support. Calliope simplifies tool schemas for smaller models, gives malformed tool calls one grammar-constrained repair round-trip, and anchors edits to a content hash so a weak model cannot apply a stale diff. We verified the path against gemma4:31b, which produced native tool calls and a successful repair on the first live run. If your models run inside your own perimeter, this is the difference between a demo and a tool.
One more point on the distribution argument. Codex moved to Rust partly to escape the Node requirement. We kept TypeScript and compiled: the 3.0 binary needs no Node and cold-starts in 75 milliseconds, under budgets that CI enforces on every pull request. The language was never the bottleneck; the discipline was.
The last week before release was live testing, and the product debugged itself. A tester asked the agent to get situated in a codebase. It promised to investigate and did nothing. The audit log convicted it in seconds: twelve read-only tool calls, zero writes, then a claimed “Implemented.” over an empty directory.
That catch became two features. Plan mode now requires the agent to read files before proposing, and a plan produced without reading anything gets marked unverified in the transcript. Approvals now bind to execution, so replying “go” after a plan runs tools instead of producing prose.
The retest ended better. The agent built a complete audit-analysis tool: a grounded plan with line-number citations, honest test results, cost figures that matched our independent math to six decimals. Then we flipped one byte in an audit log. The agent’s tool and Calliope’s own verifier convicted on the same line, independently. Our audit format is now third-party verified, and the third party is a program the product wrote.
Full release notes and the removal ledger are on the GitHub release . The changelog lists every cut and why; everything removed is preserved in git history, and two of the cuts are already scheduled to return in better shape.
The short version of 3.0: other harnesses compete on capability, and several of them are excellent at it. Calliope competes on whether you can trust, verify, and afford what the agent did. That is the axis that matters once agents leave the demo and enter the perimeter.

For most of this year we were building two terminal agents. AGTerm had a CLI and an orchestration layer of its own, and …

When Operational Reliability Is the Regulation Most regulated industries have a data-protection focus: customer …