What it does

Cairn is a general-purpose state-space search engine built around a blackboard architecture. You give it an origin, a goal, and a problem domain; it grows a graph of Facts and Intents until it finds a path. The first validated domain is autonomous penetration testing — where it solved all 54 challenges at a Tencent Cloud hackathon, placing 3rd among 610 teams.

The interesting bit

The system has no predefined agent roles, no workflow templates, and no direct agent-to-agent communication. Workers coordinate through stigmergy — reading and writing to a shared board of Facts, Intents, and Hints. Tasks are generated at runtime from the graph’s current state, not from job descriptions. The README notes this came online at 4 AM on competition day with zero prior testing, zero MCP tools, zero RAG, and zero tuning.

Key highlights

• Three primitives drive everything: Facts (confirmed findings), Intents (planned exploration), and Hints (human judgment injected on demand)
• Workers run an OODA loop — Observe the full graph, Orient, Decide, Act — with no fixed roles
• Supports Claude Code, Codex, and Pi as worker backends
• Server maintains graph consistency; Dispatcher schedules tasks and manages Docker worker containers
• Dual-licensed under AGPLv3 with commercial licensing available

Caveats

• Requires macOS or Linux, Python ≥ 3.12, and Docker; Windows is not mentioned as supported
• The “general-purpose” claim is architectural, not empirically validated beyond pentesting/CTF domains
• Setup demands manual LLM endpoint configuration in dispatch.yaml

Verdict

Worth a look if you’re building autonomous agents and suspect rigid workflows are the bottleneck. Probably overkill if you just need a scripted scanner or a single LLM with a ReAct loop.