Skip to main content
hc
Submit
Agent frameworks · tools · 14 picks

Best AI agent frameworks

Frameworks for building single- and multi-agent LLM systems with orchestration and tool use.

Curated by @heyclaude-editors Updated 2026-06-19

Frameworks for building single- and multi-agent LLM systems with orchestration and tool use.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

FieldAG2 Agent Framework

Open-source Python AgentOS and multi-agent framework, evolved from AutoGen, for building conversable agents, group chats, swarms, human-in-the-loop workflows, tool use, RAG, code execution, and provider-backed agent systems.

Open dossier 		AgentScope

Apache-2.0 Python framework for building visible, controllable, production AI agents and multi-agent services with event streaming, permission controls, workspaces, sandbox backends, middleware, MCP support, Mem0 memory, agent teams, and multi-tenant multi-session serving.

Open dossier 		Microsoft Agent Framework

Microsoft framework for building, orchestrating, and deploying production AI agents and multi-agent workflows across Python and .NET, with workflows, middleware, OpenTelemetry, Foundry hosting, A2A, MCP, and Semantic Kernel migration support.

Open dossier 		CAMEL-AI CAMEL

Open-source Python multi-agent framework for building agent societies, role-playing agents, stateful ChatAgent workflows, RAG agents, synthetic data generation, MCP-enabled use cases, and research-scale agent experiments.

Open dossier 		MetaGPT

Open-source Python multi-agent framework that assigns product manager, architect, project manager, engineer, and other software-company roles to LLM agents for natural-language programming, repo generation, data interpretation, research, debate, and custom agent workflows.

Open dossier
Trust
Install riskReview firstReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy Safety Privacy
Categorytoolstoolstoolstoolstools
Sourcesource-backedsource-backedsource-backedsource-backedsource-backed
AuthorAG2AgentScopeMicrosoftCAMEL-AIFoundationAgents
Added2026-06-182026-06-182026-06-182026-06-182026-06-18
Platforms
CLI
CLI
CLI
CLI
CLI
Source repo
Safety notesAG2 agents can converse, call tools, execute code, use retrieval systems, run browser workflows, and coordinate group chats; require explicit permissions and approval gates for high-impact actions. The upstream install docs and examples commonly involve provider credentials; keep API keys, config files, notebooks, and `.env` files out of commits and support tickets. Code execution, Docker, Jupyter, browser-use, and RAG extras can touch local files, network services, notebooks, databases, and external websites; scope them tightly before granting agent access. Multi-agent conversations can continue through nested chats, swarms, group chats, and custom reply handlers; define termination, escalation, retry, and human takeover behavior. Track the release roadmap before upgrading because deprecations and the v1.0 transition can change which APIs should be used for new work.AgentScope examples can give agents Bash, file-read, file-write, edit, search, MCP, and custom tools. Scope tool permissions and approval rules before connecting a real project or account. The README demonstrates permission control, including bypass mode. Do not use bypass-style behavior on production systems, sensitive files, paid APIs, cloud resources, or unreviewed tool chains without compensating controls. Workspace support can run tools and code through local, Docker, or E2B backends; review filesystem mounts, network access, secrets, resource limits, and cleanup behavior. Agent teams, background tasks, and multi-session services can continue work after the initial request; define cancellation, timeout, wakeup, escalation, and audit behavior. Mem0 memory, Redis-backed sessions, MCP configuration, OpenTelemetry, FastAPI services, and model-provider integrations all need version pinning, credential isolation, and security review before production use.Microsoft Agent Framework can orchestrate agents, tools, workflows, middleware, hosting, A2A, MCP, and third-party providers; review each external system before granting access. Production agents need explicit approval gates, retries, cancellation, idempotency, rollback behavior, tool authorization, and human-in-the-loop boundaries. DefaultAzureCredential is convenient for development but can probe multiple credential sources; choose explicit production credentials and managed identity patterns where appropriate. Foundry-hosted agents, cloud workflows, Durable Task, Azure Functions, and A2A/MCP endpoints need authentication, least privilege, network controls, logging policy, and abuse protection. Migration from Semantic Kernel or AutoGen should include behavior parity tests, trace comparison, provider compatibility review, and safety regression checks.CAMEL agents can coordinate multi-step tasks, call tools, use web/search integrations, connect to MCP examples, and run with provider credentials; review tool permissions before giving agents write access or account access. Large-scale agent societies and role-playing workflows can generate high volumes of model calls, tool calls, logs, synthetic data, and intermediate artifacts; set budgets, rate limits, and stop conditions before long runs. RAG, document, media, browser, communication, and data-tool extras may access local files, third-party APIs, vector stores, notebooks, or generated datasets; isolate experiments from production systems. CAMEL examples include MCP-oriented use cases, but MCP does not make connected tools safe by default. Scope server permissions, credentials, filesystem access, and approval gates separately. Do not treat generated code, generated datasets, citations, research summaries, or multi-agent decisions as verified until they have been reviewed against source data and policy requirements.MetaGPT can generate full repositories under a workspace from one-line requirements. Review generated code, dependencies, licenses, prompts, and build scripts before running or publishing anything. The framework coordinates multiple LLM roles and can call code, web, RAG, browser, email, GitHub, and provider integrations through its dependencies and optional extras; scope credentials and tools per workflow. Generated requirements, API designs, architecture documents, diagrams, and code can be plausible but wrong. Treat them as drafts until tested against source requirements and local constraints. Data Interpreter and notebook-style workflows may execute code, create plots, read files, and emit artifacts; run them in an isolated environment for untrusted data. Long multi-agent runs can consume significant model tokens and external API quota, so set cost ceilings, timeouts, and stopping criteria before production use.
Privacy notesPrompts, messages, tool arguments, tool outputs, code snippets, notebook state, retrieved documents, vector-store contents, provider responses, traces, and execution logs may contain sensitive user or workspace data. Do not expose secrets, API keys, private file paths, customer records, internal documents, database rows, or raw exceptions through agent messages, logs, notebooks, screenshots, or public examples. Provider extras and retrieval integrations can route data through OpenAI, Anthropic, Google, AWS, local model servers, databases, vector stores, browser automation, or other third-party services. If AG2 is used for code execution or browser automation, define which files, domains, credentials, downloads, screenshots, and logs can be read or retained.AgentScope workflows can process prompts, model responses, tool arguments, tool outputs, workspace files, code, credentials accidentally present in context, event streams, web UI state, logs, traces, memory records, session state, and tenant metadata. Long-term memory through Mem0 and multi-session service storage can persist user facts, intermediate outputs, retrieved context, and tool results beyond a single conversation. Docker, E2B, MCP servers, model providers, Redis, OpenTelemetry exporters, FastAPI deployments, and web UI integrations may send or store data outside the local Python process depending on configuration. Do not expose private prompts, API keys, unpublished code, customer data, tenant identifiers, session transcripts, or workspace artifacts in public issues, examples, screenshots, logs, or generated reports.Prompts, instructions, tool arguments, tool outputs, workflow state, middleware data, traces, provider responses, logs, credentials, and hosted-agent metadata may contain sensitive user or business data. Do not expose Azure credentials, Foundry project endpoints, model deployment names, API keys, private file paths, customer records, internal documents, or raw exceptions through examples, traces, logs, or support issues. When using third-party providers, A2A agents, MCP servers, observability systems, or cloud hosting, review where data is sent, stored, retained, and governed. If workflows are durable or restartable, define retention and access controls for checkpoints, state stores, trace spans, and replayable execution history.Prompts, model responses, agent messages, tool arguments, tool outputs, retrieved documents, search results, logs, generated datasets, traces, and errors may include user or workspace data. Model providers, search providers, MCP servers, vector stores, web tools, document parsers, browser tools, and observability integrations may receive data from CAMEL workflows. Keep provider API keys, OAuth tokens, MCP server credentials, vector database URLs, generated logs, and synthetic datasets out of committed examples, screenshots, public issues, and shared notebooks. If `CAMEL_MODEL_LOG_ENABLED` or other logging/tracing integrations are enabled, review request/response logs and model configuration logs before sharing or retaining them.Requirements, prompts, role messages, generated code, diagrams, documents, repo files, notebook outputs, model responses, logs, and traces may contain private product or workspace data. Configured LLM providers, browser/search tools, RAG/vector services, GitHub integrations, email/IMAP tools, cloud providers, and generated workspaces may receive or retain workflow data. Do not commit `~/.metagpt/config2.yaml`, provider keys, local model URLs, generated repos with secrets, workspace logs, notebook outputs, or customer requirements. If teams share MetaGPT outputs, strip private prompts, internal system names, customer data, generated credentials, and non-public architecture details first.
Prerequisites
  • Python 3.10 or newer and a Python environment managed with pip, uv, or another package manager.
  • Model provider credentials for the selected provider extra, such as OpenAI, Anthropic, Gemini, Bedrock, Mistral, Ollama, Groq, xAI, or another supported route.
  • A secrets strategy for provider keys, AG2 config files, `.env` files, notebooks, and example `OAI_CONFIG_LIST`-style credentials.
  • A reviewed execution boundary for code execution, Docker, Jupyter, browser-use, RAG, retrieval, database, and external tool extras.
  • Python 3.11 or newer and an isolated Python environment managed with pip, uv, or another package manager.
  • Model provider credentials for the selected model backend, such as DashScope, OpenAI-compatible APIs, Anthropic, Gemini, Ollama, xAI, or another supported route.
  • A permission policy for tools such as Bash, Grep, Glob, Read, Write, Edit, MCP tools, custom functions, and long-running background tasks.
  • A workspace isolation decision for local, Docker, E2B, or other sandbox backends before running code or file tools.
  • Python 3.10 or newer for the Python SDK, or a supported .NET runtime for the `Microsoft.Agents.AI` package.
  • A selected model/provider route, such as Microsoft Foundry, Azure OpenAI, OpenAI, GitHub Copilot SDK, or another supported provider.
  • Azure identity, Foundry project, endpoint, model deployment, or API-key configuration appropriate for the chosen provider and runtime.
  • A deployment plan for workflows, hosting, A2A, MCP, Durable Task, Azure Functions, local development, or cloud execution.
  • Python 3.10 through 3.14 and an isolated Python environment managed with pip, uv, or another package manager.
  • A configured model provider such as OpenAI or another provider supported by the selected CAMEL model route.
  • Provider API keys, search credentials, vector database credentials, or tool-specific secrets stored outside source control.
  • Optional extras for web tools, document tools, RAG, model platforms, storage backends, dev tools, or research tools only when those integrations are required.
  • Python 3.9 through 3.11 and an isolated Python environment.
  • Node.js and pnpm for workflows that render diagrams or use MetaGPT's documented software-company generation path.
  • LLM provider configuration in `~/.metagpt/config2.yaml`, such as OpenAI, Azure, Ollama, Groq, or another supported provider route.
  • API keys, base URLs, local model endpoints, and generated workspace paths kept outside source control.
Install
pip install 'ag2[openai]'
pip install agentscope
pip install agent-framework
pip install camel-ai
pip install --upgrade metagpt
Config
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
  1. 01
    tools

    AG2 Agent Framework

    Build Python multi-agent systems with AG2, the open-source AgentOS evolved from AutoGen, including conversable agents, group chats, swarms, tools, human review, RAG, and code execution.

    Review firstSource-backedReview firstAdded 21h ago
    Safety Privacy
    Why it made the cut

    AG2 Agent Framework is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  2. 02
    tools

    AgentScope

    Build and serve Python agents with event streams, permissions, workspaces, middleware, MCP, Mem0 memory, and agent teams.

    Review firstSource-backedReview firstAdded 21h ago
    Safety Privacy
    Why it made the cut

    AgentScope is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  3. 03
    tools

    Microsoft Agent Framework

    Build production Python and .NET agents with Microsoft Agent Framework, including workflows, orchestration, middleware, observability, Foundry hosting, A2A, MCP, and Semantic Kernel migration paths.

    Review firstSource-backedReview firstAdded 21h ago
    Safety Privacy
    Why it made the cut

    Microsoft Agent Framework is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  4. 04
    tools

    CAMEL-AI CAMEL

    Python multi-agent framework for agent societies, ChatAgent workflows, RAG, tool use, MCP examples, data generation, and large-scale agent research.

    Review firstSource-backedReview firstAdded 21h ago
    Safety Privacy
    Why it made the cut

    CAMEL-AI CAMEL is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  5. 05
    tools

    MetaGPT

    Multi-agent software-company framework for turning one-line requirements into user stories, requirements, architecture, APIs, documents, code, and agent workflows.

    Review firstSource-backedReview firstAdded 21h ago
    Safety Privacy
    Why it made the cut

    MetaGPT is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  6. 06
    tools

    OpenAI Agents JavaScript SDK

    Build JavaScript and TypeScript multi-agent workflows with the official OpenAI Agents SDK, including tools, handoffs, guardrails, sessions, tracing, MCP tools, realtime agents, and sandbox agents.

    Review firstSource-backedReview firstAdded 21h ago
    Safety Privacy
    Why it made the cut

    OpenAI Agents JavaScript SDK is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  7. 07
    tools

    OpenAI Agents Python SDK

    Build Python multi-agent workflows with the official OpenAI Agents SDK, including tools, handoffs, guardrails, sessions, tracing, realtime agents, MCP integrations, and sandbox agents.

    Review firstSource-backedReview firstAdded 21h ago
    Safety Privacy
    Why it made the cut

    OpenAI Agents Python SDK is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  8. 08
    tools

    Google Agent Development Kit

    Build, run, evaluate, and deploy code-first AI agents and workflows.

    Review firstSource-backedReview firstAdded 15d ago
    Safety Privacy
    Why it made the cut

    Google Agent Development Kit is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  9. 09
    tools

    Hugging Face Smolagents

    Build lightweight Python agents with Hugging Face Smolagents, including CodeAgent, ToolCallingAgent, MCP tools, Hub tools, LiteLLM providers, local models, CLI agents, and optional sandboxes.

    Review firstSource-backedReview firstAdded 21h ago
    Safety Privacy
    Why it made the cut

    Hugging Face Smolagents is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  10. 10
    tools

    HumanLayer

    Open-source IDE for orchestrating AI coding agents, built on Claude Code, with parallel sessions, worktrees, and team context engineering.

    Review firstSource-backedReview firstAdded 14d ago
    Safety Privacy
    Why it made the cut

    HumanLayer is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  11. 11
    tools

    Koog

    Kotlin/JVM AI agent framework from JetBrains with MCP, graph workflows, memory, streaming, tools, OpenTelemetry, and Spring/Ktor integration.

    Review firstSource-backedReview firstAdded 21h ago
    Safety Privacy
    Why it made the cut

    Koog is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  12. 12
    tools

    Microsoft AutoGen

    Open-source framework for multi-agent AI applications.

    Review firstSource-backedReview firstAdded 2mo ago
    Safety Privacy
    Why it made the cut

    Microsoft AutoGen is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  13. 13
    tools

    Strands Agents

    Python and TypeScript agent SDK with model providers, MCP, streaming, structured output, hooks, observability, tools, and multi-agent patterns.

    Review firstSource-backedReview firstAdded 21h ago
    Safety Privacy
    Why it made the cut

    Strands Agents is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  14. 14
    tools

    LangGraph

    Stateful orchestration framework for LLM agents.

    Review firstSource-backedReview firstAdded 2mo ago
    Safety · Privacy
    Why it made the cut

    LangGraph is included because it has privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.