Expand description
Filesystem-first agent directory convention (harness-respecting).
A single directory defines a durable agent by convention:
agent/
├── instructions.md (required) role/guidelines — injected as a prompt SLOT,
│ NOT a system-prompt override, so the harness
│ keeps BOUNDARIES, response-format, and
│ verification authoritative.
├── agent.acl (optional) model/providers/queue (CodeConfig). Default if absent.
├── skills/ (optional) *.md skills, appended to CodeConfig.skill_dirs.
├── schedules/ (optional) *.md cron jobs (YAML frontmatter `cron:` + body=prompt).
└── tools/ (optional) *.md tool specs: `kind: mcp` → MCP server,
│ `kind: script` → sandboxed QuickJS tool. Both
│ register into the session as ordinary tools.AgentDir::load SYNTHESIZES existing config objects rather than adding a new
runtime: instructions.md → SystemPromptSlots, agent.acl → CodeConfig,
skills/ → skill_dirs. Tool definition, visibility, and safety stay
harness-owned (the deliberate divergence from user-defined-tools models).
Structs§
- Agent
Dir - A loaded agent directory: synthesized
CodeConfig+ prompt slots + parsed schedule + tool specs. Build a session fromconfig+prompt_slots. - Schedule
Spec - A cron-triggered recurring turn, parsed from
schedules/<name>.md. - Script
Tool Limits - Sandbox limits for a
kind = "script"tool. Mirrors the three numeric fields theprogramtool’sScriptLimitsaccepts and is serialized to it verbatim (camelCase keys), so no new limit machinery is introduced. - Script
Tool Spec - A sandboxed QuickJS tool parsed from a
kind = "script"file. Names a workspace-relative.js/.mjssource and pins the sandbox allow-list + limits; the model supplies onlyinputs. Executed via the existingprogramtool path — no new sandbox. The model’s call to it is permission-gated like any tool; the script’s innerctx.toolcalls are bounded byallowed_tools+ the sandbox (NOT the session permission policy), so the allow-list is the boundary.
Enums§
- Tool
Spec - A tool definition parsed from
tools/<name>.md, dispatched bykind.