- LLM session — conversation history and model configuration
- Docker sandbox — isolated execution environment
- Tool permissions — the specific tools it can invoke
- Skills — read-only knowledge packages mounted into the sandbox
- Workspace — persistent
/workspacedirectory that survives restarts
Defining an Agent
Agents are defined inconfig.json5 under agents:
Configuration Fields
Model Restriction: The
model and fallbackModels together define the only models an agent can use. Users cannot switch to other models via the TUI or API. See LLM Providers → Model Restriction for details.
For the complete list of all config fields and their defaults, see the Config Reference.
Tool Permissions
Tools are provided by plugins and assigned to agents by name:tools array. This is the deny-by-default policy. Every agent always has the 4 core tools (read, write, patch, exec) regardless of config.
Plugin tools are available on the agent’s $PATH inside the sandbox, so agents call them naturally:
Skills
Skills are read-only knowledge packages mounted into the sandbox. Unlike tools, which execute code, skills provide context and guidelines the agent reads on demand./skills/<name>/ in the sandbox. The system prompt references them; the agent reads the docs when relevant:
Sandbox Customization
Docker Image
Extra Mounts
Mount additional host directories into the sandbox:Extra Environment Variables
extraEnv — they would be visible to the agent. API keys and secrets stay on the gateway host only.
Sessions
Each agent’s conversation history is persisted to disk as JSONL files:Session Keys
Session Commands (TUI)
Multi-Agent Example
Config Validation
The gateway validates agent configuration at startup:Next Steps
LLM Providers
Configure providers, models, thinking levels, and fallbacks
Full Config Reference
Complete config.json5 reference with all fields
