Expand description
Zeph core agent: multi-model inference, semantic memory, skills orchestration, and tool execution.
This crate provides the Agent struct — the autonomous AI system at the heart of Zeph.
It integrates LLM providers (Claude, OpenAI, Ollama, Candle), semantic memory (Qdrant),
skill registry and matching, tool execution (shell, web, custom), MCP client support, and
security/compliance subsystems into a single composable agent framework.
§Usage
The main entry point is Agent::new or Agent::new_with_registry_arc. After creating
an agent, call Agent::run to execute the main loop.
Always call Agent::shutdown before dropping to persist state.
See the bootstrap module in the zeph binary crate for config loading and provider setup examples.
§Key Components
Agent— Main struct that runs the agent loopChannel— Abstraction for user interaction (send/receive messages and events)channel::ChannelMessage— Structured messages flowing to/from the userconfig— Configuration schema (LLM providers, memory, skills, etc.)agent::session_config— Per-session configuration (budget, timeouts, etc.)agent::context— Context assembly and token budgeting utilitiespipeline— Structured execution pipelines for complex workflowsproject— Project indexing and semantic retrievalmemory_tools— Memory search and management utilities
Note: The bootstrap module (AppBuilder, provider setup, etc.) lives in the zeph binary crate.
§Architecture
The agent operates as a single-turn finite state machine that processes each user message through a series of stages:
- Input — Receive user message via channel
- Context assembly — Build prompt from conversation history, memory, and skills
- LLM inference — Call the model with multi-tool calling support
- Tool execution — Run tool calls concurrently with streaming output
- Feedback loop — Feed tool results back to LLM for synthesis
- Output — Send agent response via channel
- Persistence — Save messages and state (async, deferred)
All async operations (await points) are bounded with timeouts to prevent stalls.
§Channel Contract
Implementing the Channel trait allows the agent to integrate with any I/O system:
- CLI —
cargo run -- --config config.toml - Telegram — Bot interface with streaming updates
- TUI — Multi-panel dashboard with real-time metrics
- HTTP gateway — Webhook ingestion and agent event streaming
- Custom — Implement
Channelfor domain-specific systems
§Feature Flags
candle— Local inference via Candle (default off, requires CUDA/Metal)classifiers— ML-based content classification and trust scoringmetal— Candle with Metal acceleration (macOS)cuda— Candle with CUDA acceleration (Linux/Windows)scheduler— Cron-based periodic task scheduler
Re-exports§
pub use agent::Agent;pub use agent::error::AgentError;pub use agent::session_config::AgentSessionConfig;pub use agent::session_config::CONTEXT_BUDGET_RESERVE_RATIO;pub use channel::Attachment;pub use channel::AttachmentKind;pub use channel::Channel;pub use channel::ChannelError;pub use channel::ChannelMessage;pub use channel::LoopbackChannel;pub use channel::LoopbackEvent;pub use channel::LoopbackHandle;pub use channel::StopHint;pub use channel::ToolOutputData;pub use channel::ToolOutputEvent;pub use channel::ToolStartData;pub use channel::ToolStartEvent;pub use skill_loader::SkillLoaderExecutor;
Modules§
- agent
- channel
- config
- Extension trait for resolving vault secrets into a Config.
- config_
watcher - context
- cost
- daemon
- Daemon supervisor for component lifecycle management.
- debug_
dump - Debug dump writer for a single agent session.
- file_
watcher - http
- Shared HTTP client construction for consistent timeout and TLS configuration.
- instructions
- instrumented_
channel - Instrumented wrappers around tokio channels.
- lsp_
hooks - LSP context injection hooks.
- memory_
tools - metrics
- overflow_
tools - pipeline
- project
- provider_
factory - Pure provider factory helpers: build
AnyProviderinstances from config entries. - redact
- runtime_
layer RuntimeLayertrait: middleware hooks for LLM calls and tool dispatch (#2286).- skill_
loader - text
- String utility functions for Unicode-safe text manipulation.
- vault
Structs§
- Adversarial
Policy Info - Snapshot of adversarial policy gate configuration for status display.
- Config
- Top-level agent configuration.
- Content
Isolation Config - Configuration for the content isolation pipeline, nested under
[security.content_isolation]in the agent config file. - Content
Sanitizer - Stateless pipeline that sanitizes untrusted content before it enters the LLM context.
- Content
Source - Provenance metadata attached to a piece of untrusted content.
- Diff
Data - Data for rendering file diffs in the TUI.
- Exfiltration
Guard - Stateless exfiltration guard covering three outbound leak vectors.
- Exfiltration
Guard Config - Configuration for exfiltration guards, nested under
[security.exfiltration_guard]in the agent config file. - Injection
Flag - A single detected injection pattern match in sanitized content.
- Provider
Config Snapshot - Minimal config snapshot needed to reconstruct a provider at runtime via
/provider <name>. - Quarantine
Config - Configuration for the quarantine summarizer, nested under
[security.content_isolation.quarantine]in the agent config file. - Sanitized
Content - Result of the sanitization pipeline for a single piece of content.
Enums§
- Config
Error - Error type for configuration operations.
- Content
Source Kind - All known content source categories.
- Content
Trust Level - Trust tier assigned to content entering the agent context.
- Exfiltration
Event - An exfiltration event detected by
ExfiltrationGuard.
Functions§
- content_
hash - Returns the BLAKE3 hex digest of arbitrary bytes.
- extract_
flagged_ urls - Extract all
http/httpsURLs fromcontentinto aHashSetfor later URL validation.