NAMI: Nova Agent Manager Interface
A desktop command center where Amazon Nova 2 agents safely modify your codebases in parallel.
- Plan, Approve, Execute, Verify → Orchestrated agent loop with human approval gates
- Sandboxed Execution → Filesystem allowlists, command allowlists, network deny-by-default, budgets
- Parallel Threads → Multiple agent sessions per project, each with its own terminal
- Reusable Skills → Parameterized workflows with validation gates
- Lite/Pro Model Routing → Nova 2 Lite for planning, Pro for complex edits and retries
Amazon Nova 2 Integration
NAMI is built entirely around Amazon Nova 2's capabilities. Without Nova 2, this application cannot exist.
Nova 2 Features Used
| Nova 2 Feature | How We Used It | Why It Mattered |
|---|---|---|
| Nova 2 Lite | Planning, triage, file selection, summarization, context compaction | Fast and cheap for high-frequency tasks that don't need deep reasoning |
| Nova 2 Pro | Complex multi-file edits, validation retries, Lite-to-Pro escalation | Handles the hard problems when Lite isn't enough |
| Streaming (SSE) | Agent responses stream in real-time to the thread UI | Users see progress immediately, not a blank screen for 30 seconds |
| Tool Use | Sandboxed filesystem reads/writes, command execution, plan submission | Agents interact with the codebase through validated, constrained tools |
| Multi-Turn Conversations | Each orchestrator phase maintains conversation context | Complex reasoning chains across Plan, Execute, and Verify phases |
Why Nova 2 Is Essential
NAMI uses a phased orchestration architecture where Nova 2 powers every stage:
[Nova 2 Lite: Plan] → [Human: Approve] → [Nova 2 Lite: Execute] → [Nova 2 Lite/Pro: Verify]
The Lite-to-Pro escalation is key: most tasks complete with Lite (fast, low cost), but when verification fails, the system automatically escalates to Pro for deeper reasoning. This dual-model routing is only practical because Nova 2 Lite and Pro share the same tool-use interface and conversation format, making seamless escalation possible without re-engineering the pipeline.
Inspiration
I spend most of my day working across multiple codebases. AI coding assistants are great when you need help in a single file, but they fall apart when you need an agent to work across an entire project, run terminal commands, or follow a repeatable workflow.
The problem with current AI coding tools:
- They live inside your editor, limited to the file you have open
- No sandbox: the agent can read/write anything, run any command
- No approval step: you find out what changed after the fact
- No reusability: you re-explain the same workflow every time
- No visibility: you can't see what the agent is doing or why
I wanted something different. Not an IDE plugin, but a dedicated supervision surface. Something closer to a mission control where you can spin up parallel agent sessions, each locked down to a specific project, with clear visibility into every action the agent takes.
When Amazon Nova 2 launched with reliable tool use, streaming, and the Lite/Pro model split, I saw the right foundation. A fast model for planning and triage, a powerful model for complex edits, and a consistent tool-use interface across both. NAMI is built on that foundation.
What It Does
NAMI turns Amazon Nova 2 into a supervised coding agent that operates within strict boundaries.
The User Journey
- Create a Project with sandbox policies (allowed paths, commands, network rules, budgets)
- Start a Thread scoped to that project, using a specific agent (coder, reviewer, planner, or custom)
- Describe what you need in natural language
- Watch the orchestrator work:
- Plan phase (Nova 2 Lite) reads the codebase and proposes a structured plan
- Approve phase (You) review the plan, see which files will change, and approve or reject
- Execute phase (Nova 2 Lite) implements the plan using sandboxed tools
- Verify phase (Nova 2 Lite, escalates to Pro on failure) runs validation commands
- See real results in the artifact browser: code patches, logs, reports, all with content hashes
What Makes It Different
| Current AI Coding Tools | NAMI + Nova 2 |
|---|---|
| Editor plugin, single file focus | Standalone desktop app, full project scope |
| No sandbox, agent can do anything | Filesystem allowlists, command allowlists, network deny, budgets |
| No approval step | Human reviews plan before any writes happen |
| One-shot: prompt and pray | Plan, Approve, Execute, Verify loop with checkpointing |
| Single model, one size fits all | Lite for speed, Pro for complexity, automatic escalation |
| No reusability | Skills: parameterized workflows you define once and reuse |
| No audit trail | Append-only event log, content-hashed artifacts |
How We Built It
Architecture
┌──────────────────────────────────────────────────────────────────────┐
│ NAMI ARCHITECTURE │
├──────────────────────────────────────────────────────────────────────┤
│ │
│ User: "Add error handling to the API routes" │
│ │ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ Tauri IPC │ ← Typed JSON, versioned schema │
│ └────────┬────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ Orchestrator │ ← Rust state machine: Plan→Approve→Execute→ │
│ │ │ Verify with checkpointing │
│ └────────┬────────┘ │
│ │ │
│ ┌────┴────────────────┐ │
│ ▼ ▼ │
│ ┌────────────┐ ┌──────────────┐ │
│ │ Nova 2 Lite│ │ Sandbox │ │
│ │ (Bedrock) │ │ Enforcement │ │
│ │ │ │ │ │
│ │ Plans, │ │ Path check, │ │
│ │ executes, │ │ cmd allowlist│ │
│ │ verifies │ │ network deny │ │
│ └──────┬─────┘ └──────┬───────┘ │
│ │ │ │
│ └────────┬────────┘ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ Tool Execution │ ← Sandboxed: fs read/write, shell, submit_plan│
│ └────────┬────────┘ │
│ │ │
│ ┌────┴────┐ │
│ ▼ ▼ │
│ ┌────────┐ ┌──────────┐ │
│ │Storage │ │ Events │ │
│ │(SQLite │ │(Stream │ │
│ │+ JSONL)│ │to UI) │ │
│ └────────┘ └──────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ React Frontend │ ← TanStack Query + Zustand + shadcn/ui │
│ │ (Tauri Webview)│ Streaming timeline, artifacts, terminal │
│ └─────────────────┘ │
│ │
└──────────────────────────────────────────────────────────────────────┘
The Hybrid Architecture: "Agent Proposes, Sandbox Disposes"
This is the core design principle. Nova 2 handles reasoning and code generation. The Rust sandbox enforces every boundary.
What Nova 2 decides:
- Which files to read and modify
- What changes to make and why
- How to structure the implementation plan
- What validation commands to run
What Rust enforces:
- Path resolution and allowlist checks (no symlink escapes)
- Command allowlist validation (no arbitrary shell execution)
- Network policy (deny by default)
- Budget limits (tokens, cost, runtime, tool calls)
- Secret redaction before any data reaches the UI
Why this matters: The agent can never bypass the sandbox. Every filesystem access, every command execution, every network request goes through a single enforcement point in the Rust layer. The frontend is untrusted.
Tech Stack
Backend: Rust / Tauri v2, tokio, SQLite, AWS SDK for Rust (Bedrock Runtime)
Frontend: React + TypeScript (Vite), Tailwind CSS, shadcn/ui, TanStack Query + Router + Virtual, Zustand
AI: Nova 2 Lite (planning, triage, execution), Nova 2 Pro (complex edits, verification retries)
Context Window Management
Long agent sessions can blow past token limits. NAMI handles this with:
- Phase compaction: Between orchestrator phases, Nova 2 Lite summarizes the conversation, keeping critical details and dropping noise
- Warning thresholds: UI alerts at 80% context usage
- Emergency compaction: Automatic at 95% to prevent failures
- Checkpointing: Orchestrator state persisted to SQLite, so sessions survive crashes
Challenges We Ran Into
Sandbox Security was harder than expected. Symlink traversal, environment variable leakage, and command injection through argument patterns all needed careful handling. We learned to enforce everything at a single chokepoint in the Rust layer rather than scattering checks across the codebase.
Context Window Management was a constant battle. Multi-step agent sessions easily exceed token limits. Getting the compaction right (keeping critical details, dropping noise) between orchestrator phases took several iterations.
Lite-to-Pro Escalation required careful design. The models share the same tool-use interface, but switching mid-session means the Pro model needs enough context to understand what Lite was doing. Phase compaction summaries turned out to be the right handoff mechanism.
Terminal Integration needed to feel native. Each thread gets its own PTY session, and streaming terminal output to the frontend without lag or dropped frames required careful buffering and backpressure handling.
IPC Type Safety across the Rust/TypeScript boundary took effort. Every event needs to be serializable, versioned, and typed on both sides. We built a thin typed wrapper layer that prevents components from ever calling raw invoke or listen directly.
Accomplishments We're Proud Of
- Plan, Approve, Execute, Verify loop with crash-resilient checkpointing
- Single-point sandbox enforcement in Rust for all filesystem, command, and network access
- Automatic Lite-to-Pro escalation when verification fails
- Context compaction between phases to keep long sessions within token limits
- Append-only audit trail with content-hashed artifacts
- Reusable Skills that turn common workflows into parameterized templates
What We Learned
- Model routing saves money and time. Not every task needs Pro. Using Lite for 90% of operations and escalating only on failure gave us the best cost/quality balance.
- Sandbox-first design is non-negotiable. Retrofitting security is painful. Starting with deny-by-default and allowlisting up made the whole system more trustworthy.
- Human approval gates build trust. Users are much more comfortable letting an agent write code when they review the plan first and see exactly what changed after.
- Phase-based orchestration beats single-shot prompting. Breaking agent work into Plan, Execute, Verify with compaction between phases produces dramatically better results than one long conversation.
- Typed IPC boundaries prevent entire categories of bugs. The investment in typed wrappers on both sides of the Rust/TypeScript boundary paid for itself many times over.
What's Next
Near-term: Nova Sonic voice integration (STT/TTS with spoken diffs), multimodal understanding (image to structured output), skill authoring UI
Long-term: Image generation with provenance metadata, per-project embedding indexes with Nova Embeddings for retrieval-augmented context, community skill marketplace
Built With
- amazon-nova
- aws-bedrock
- react
- rust
- tailwindcss
- tauri
- typescript
Log in or sign up for Devpost to join the conversation.