You’ve been managing your Linear board manually — assigning yourself tickets, opening Claude Code or Cursor, copying the description in, walking the agent through implementation, opening the PR, merging it.
Symphony from OpenAI is the question “what if the loop above ran without you?” — a service that polls Linear, spawns a Codex session per ticket inside an isolated workspace, and keeps it working until the PR lands.
You’re left managing what to build, not how the agent builds it.
What is Symphony?
Symphony is a self-hostable orchestrator service from OpenAI that turns project work into isolated, autonomous implementation runs.
It is the successor concept to OpenAI’s Harness Engineering methodology — moving from manually driving coding agents to running them as a daemon against your ticket backlog.
The repo ships two things:
SPEC.md— a 2,169-line language-agnostic RFC-2119 specification of the service contractelixir/— an Elixir/OTP reference implementation, marked as engineering preview
“Symphony is a low-key engineering preview for testing in trusted environments.”
Symphony on GitHub OpenAI Harness Engineering Codex App Server docs
What makes it different
- 📜 Spec-first, reference-second — Symphony is primarily a specification; the Elixir code is one reference, not the canonical implementation. The README literally suggests: “Tell your favorite coding agent to build Symphony in a programming language of your choice”
- 🎟️ Linear-native — polls Linear on a fixed cadence; spawns sessions for tickets in active states; stops when tickets move to terminal states
- 🤖 Codex App Server — agents run via Codex’s App Server mode, with workspace-write sandboxing and configurable approval policy
- 📁 Per-issue workspaces — every ticket gets its own directory at
~/code/symphony-workspaces/<id>/; workspaces persist across runs and are cleaned up on terminal state transitions - 📝
WORKFLOW.mdis the contract — repo-owned YAML front matter + Markdown prompt template; the agent’s policy lives in your codebase, versioned with your code - 🔄 Restart recovery without a database — orchestrator state is reconstructed from tracker + filesystem on startup, no persistent DB required
- 🛡️ Trust posture is implementation-defined — the spec deliberately doesn’t mandate one approval model; Elixir reference defaults to
approval_policy: neverfor trusted internal use - ⚖️ Apache 2.0 — commercially permissive, OpenAI’s stamp on the spec
Where Symphony Sits in the AI Stack
Symphony belongs to the orchestration layer, alongside Paperclip — but with a different design point. The full five-layer stack we’ve covered on this site:
| Layer | Project | What it is |
|---|---|---|
| Orchestration | Symphony / Paperclip | The “scheduler” / “company” above any agent (Symphony: vendor-flavored; Paperclip: vendor-neutral) |
| Personal assistant | OpenClaw / NanoClaw / Hermes | Messenger-resident agents — Slack, Telegram, voice, Canvas |
| Coding agent harness | Pi / Claude Code / Codex CLI / Cursor CLI | Terminal-resident coding agents (Pi is the MIT option) |
| Coding standards | Agent OS | Captures conventions, injects into AI coding tools |
| Coding workflow | OpenSpec | Spec-driven /opsx:propose workflow inside AI tools |
The honest contrast vs Paperclip — the closest neighbor:
| Symphony | Paperclip | |
|---|---|---|
| Agent target | Codex only | Any agent (Claude, Codex, Cursor, OpenClaw, HTTP) |
| Ticket tracker | Linear only | Built-in ticket system; tracker integrations on roadmap |
| Multi-tenant | No | Multi-company isolation |
| Web UI | Optional Phoenix dashboard | Full React UI |
| Budgets | Implementation-defined | Hard-stop budget enforcement at every scope |
| Spec | Public, language-agnostic, RFC-2119 | Codebase-defined |
| Vendor | OpenAI | Community |
Symphony is simpler, more opinionated, and vendor-flavored (Codex + Linear). Paperclip is broader, more configurable, and vendor-neutral (any agent + any tracker on the roadmap). They occupy the same architectural slot but answer different questions:
- Pick Symphony if you already use Linear + OpenAI Codex, want a small auditable spec, and trust your codebase enough to run Codex with
approval_policy: never - Pick Paperclip if you mix agent providers, want multi-company support, and need budget hard-stops as a core feature
The five design principles (the actual pitch)
The README is short, but the SPEC is long. The opinionated claims behind Symphony are visible if you read both together:
-
The spec is the product; the implementation is one option. This is unusual. OpenAI shipped a 2,169-line RFC-2119 spec and explicitly tells users: “Tell your coding agent to build Symphony in a programming language of your choice.” The Elixir code is a reference, not the canonical answer. Symphony’s bet is that AI coding agents are now capable enough that a tight specification is a more valuable artifact than any single implementation.
-
Policy lives in the target repo, not in Symphony.
WORKFLOW.md— the file that defines what the agent does for each ticket state, how it handles blockers, when it hands off to humans — lives in the codebase being worked on, not in Symphony’s config. The agent’s behavior evolves with the codebase. Symphony is intentionally policy-free. -
Symphony is a runner, not an editor. The SPEC is explicit: Symphony schedules and isolates agent runs. The agent itself does the ticket-writing, PR-opening, status-transitioning work using tools provided in the workflow environment. This means Symphony is much smaller than it could be — and Symphony updates don’t change your team’s ticket workflow.
-
Trust posture is implementation-defined, not mandated. The spec deliberately refuses to prescribe a single approval / sandbox / confirmation policy. The Elixir reference targets trusted internal environments with
approval_policy: never+thread_sandbox: workspace-write; other implementations can require manual approvals, run in stronger sandboxes, or layer on additional governance. This is the spec authors saying “we know orchestration needs vary.” -
Restart recovery without a database. The orchestrator state is rebuildable from the tracker (Linear) and the filesystem (workspaces) on startup. No persistent DB requirement. This is a deliberate non-goal — the spec says explicitly that exact in-memory scheduler state is not restored, only enough to resume work without losing tickets. The simplicity is the feature.
The whole thing is the opposite of a maximalist platform pitch. Symphony is small, opinionated, and unapologetic about what it doesn’t do.
Self-Hosting Symphony
The Elixir reference is what you’d run if you don’t want to build your own. The README is upfront about its status:
“Symphony Elixir is prototype software intended for evaluation only and is presented as-is. We recommend implementing your own hardened version based on
SPEC.md.”
If you want the experience anyway, here’s how.
Requirements
- Elixir 1.19 + Erlang/OTP (use mise )
- Codex CLI with App Server support
- A Linear workspace + Personal API key (Settings → Security & access → Personal API keys)
- A codebase set up for harness engineering
Install
git clone https://github.com/openai/symphony
cd symphony/elixir
mise trust
mise install
mise exec -- mix setup
mise exec -- mix build
Configure
- Copy
elixir/WORKFLOW.mdinto your target codebase’s repo - Edit the YAML front matter — set
tracker.project_slugto your Linear project’s slug, pointhooks.after_createat your repo’s clone command - Edit the Markdown body — describe the agent’s policy for ticket handling
- Optionally copy the
commit,push,pull,land, andlinearskill files into your repo
Run
export LINEAR_API_KEY=lin_api_...
mise exec -- ./bin/symphony ./WORKFLOW.md
# Or with the optional Phoenix dashboard:
mise exec -- ./bin/symphony ./WORKFLOW.md --port 4000
The orchestrator polls Linear every interval_ms (default 5000), picks up tickets in your configured active_states, spawns Codex in each ticket’s workspace, and works until the ticket transitions to a terminal state.
What the bundled skills do
Five reference skills ship in elixir/ and are meant to be copied into your repo:
| Skill | Purpose |
|---|---|
commit |
Commit changes with a structured message |
push |
Push to remote |
pull |
Sync from remote |
land |
Open / merge PR according to your project’s conventions |
linear |
Talk to Linear via the injected linear_graphql app-server tool — comment editing, attachment uploads, status transitions |
The linear skill specifically expects Symphony’s client-side linear_graphql tool to be available — Symphony injects this into every Codex App Server session it spawns.
The sandbox / approval defaults
The Elixir reference’s codex config block in the example WORKFLOW.md:
codex:
command: codex --config shell_environment_policy.inherit=all --config 'model="gpt-5.5"' --config model_reasoning_effort=xhigh app-server
approval_policy: never
thread_sandbox: workspace-write
turn_sandbox_policy:
type: workspaceWrite
What these mean:
approval_policy: never— Codex never asks for approval on tool calls. Suitable only for trusted environments where the workspace is isolated.thread_sandbox: workspace-write— Codex can write within the workspace directory, not outside it.turn_sandbox_policy.type: workspaceWrite— Same constraint enforced per-turn.model_reasoning_effort=xhigh— Maximum reasoning effort for the agent.shell_environment_policy.inherit=all— Inherits all host environment variables (soLINEAR_API_KEYetc. reach the agent).
For stricter environments, the SPEC explicitly permits other policies. You’d swap approval_policy: never for on_request or similar, and consider tighter sandbox modes.
The 'build it yourself' alternative
The README endorses asking a coding agent to build Symphony from the spec, which is genuinely viable given how tight SPEC.md is:
Implement Symphony according to the following spec:
https://github.com/openai/symphony/blob/main/SPEC.md
This is the path for teams that want Symphony in Go / Rust / TypeScript / Python instead of Elixir, want different tracker support (e.g. GitHub Issues, Jira), or want a hardened production implementation rather than the prototype reference.
The spec uses RFC 2119 normative language (MUST / SHOULD / MAY) throughout — this is unusually rigorous for an open spec, and intentionally so. It’s designed to be a contract a competent AI coding agent can implement directly.
What Symphony Is Not
| Is | Isn’t |
|---|---|
| A scheduler/runner for Codex sessions | An editor of tickets / PRs / comments |
| A spec + reference implementation | A general-purpose workflow engine |
| Linear-only (v1 spec) | Trackor-agnostic (yet) |
| Codex-only (v1 spec) | Multi-agent (use Paperclip for that) |
| Engineering preview / trusted environments | Production-hardened |
| Apache 2.0, open | OpenAI-hosted SaaS |
A successful Symphony run can end at a workflow-defined handoff state (e.g. Human Review) — not necessarily Done. The agent decides when it’s blocked or when humans need to take over; Symphony just keeps the loop running.
Conclusion
Symphony is a tightly-scoped, opinionated answer to “what if I never had to start a Codex session manually for a Linear ticket again?” The fact that the primary deliverable is a 2,169-line spec (with an Elixir reference as one option) is itself the most interesting design choice — OpenAI is betting that AI coding agents are now good enough that a precise specification is more valuable than any specific implementation.
For teams already using Linear + Codex who want autonomous coding-agent runs on their backlog, it’s the right shape of project. For teams that need broader agent/tracker support or stronger governance features, Paperclip is the better orchestration choice — Symphony stays focused.
Related tools worth knowing:
- Paperclip — broader orchestration layer; multi-agent, multi-company, budget hard-stops
- OpenAI Codex — the agent Symphony runs; App Server mode is what Symphony uses to drive it
- Linear — the (currently only) supported ticket tracker
- Agent OS — standards layer that runs inside the Codex sessions Symphony spawns
- OpenSpec — workflow layer that runs inside the Codex sessions Symphony spawns
Frequently Asked Questions
Is Symphony a self-hosted service?
Yes — the Elixir reference is a long-running OTP service you run on your own infrastructure. There is no OpenAI-hosted version. The spec is also language-agnostic, so you can build your own implementation in any language.
Does Symphony require a database?
No. The SPEC explicitly states that restart recovery rebuilds state from the tracker (Linear) and the filesystem (workspaces) — exact in-memory scheduler state is not restored, but enough is recovered to resume work without losing tickets.
Why is the spec so long if the README is so short?
Because the spec is the product. The README’s job is to point you at SPEC.md and at the Elixir reference. SPEC.md is 2,169 lines of RFC-2119-precise contract — MUST / SHOULD / MAY clauses for every component, behavior, and edge case. It’s designed to be implemented by an AI coding agent directly.
Can I use Symphony with non-Linear trackers?
The v1 spec is Linear-only. The spec is structured so that swapping the Integration Layer (tracker adapter) is a clean port — but you’d have to implement a GitHub Issues / Jira / Asana adapter yourself. Future spec versions may broaden tracker support.
Can I use Symphony with non-Codex agents?
Same answer — the v1 spec targets Codex App Server. The Execution Layer is the swap point. Swapping to Claude Code or Cursor’s CLI would require adapting the agent-launch and prompt-stream interfaces, but the orchestrator and workspace machinery are agent-agnostic.
What does “trusted environment” mean in the warning?
The Elixir reference defaults to approval_policy: never and thread_sandbox: workspace-write. This is fine when:
- The codebase being worked on is yours and the changes go through CI + human review before merge
- The host machine doesn’t contain unrelated secrets / production data
- You trust Codex not to do something irreversible inside the workspace
It’s not fine when running against random codebases, on shared infrastructure, or with permissive workspace mounts. For those cases, the spec encourages stricter approval and sandbox policies — you’d customize the WORKFLOW.md to require explicit approvals.
How does this compare to GitHub’s autonomous coding features?
GitHub’s autonomous features (Copilot Workspace, etc.) are vendor-hosted and tied to GitHub Issues. Symphony is self-hosted, tracker-agnostic by design, and Codex-specific in the v1 spec. The trade-off: GitHub’s solution is more polished, Symphony gives you full control over the orchestrator behavior via WORKFLOW.md.
What’s “Harness Engineering”?
OpenAI’s term for the practice of making your codebase a good environment for AI coding agents — clear conventions, good tooling, fast feedback loops, machine-readable test results, etc. Symphony’s README links to openai.com/index/harness-engineering ; Symphony explicitly targets codebases that have adopted the methodology.
Is the Elixir choice meaningful?
OTP (the Erlang/Elixir actor system) is well-suited to long-running orchestration with bounded concurrency and supervised processes — exactly what Symphony does. But the spec is deliberately language-agnostic, and the README endorses re-implementing in any language. The Elixir choice for the reference is a pragmatic OTP-suits-the-job decision, not a normative recommendation.
Comments