Agents
Markdown files with frontmatter that define the agents a capability ships — model, tool access, and skills.
An agent in a capability is a markdown file. Frontmatter declares identity and runtime configuration; the body is the system prompt the model sees.
---name: triagedescription: Decide which tools and skills to use for indicator triage.model: anthropic/claude-sonnet-4-5-20250929tools: '*': false lookup_indicator: trueskills: [report]---
You are a threat hunting triage agent. Decide what to investigate next and explain why.Agent files live under agents/ by default. The loader auto-discovers every *.md in that directory; list them explicitly under agents: in the manifest if you want a subset.
Frontmatter fields
Section titled “Frontmatter fields”| Field | Required | Purpose |
|---|---|---|
name | yes | Unique within the capability. Falls back to the filename stem. |
description | yes | One-line summary shown in selection UIs. |
model | no | Default model for the agent, or inherit to use the session’s. |
tools | no | Tool access rules — see Tool gating below. |
skills | no | Skill names the agent can load on demand. |
metadata | no | Free-form dict passed through to the runtime. |
The body — everything after the closing --- — becomes the agent’s system prompt. An empty body is logged as a warning at load time.
Model resolution
Section titled “Model resolution”The model field accepts a literal model id or the special string inherit:
| Value | Behavior |
|---|---|
inherit (default) | Use whichever model the session is configured with. |
anthropic/claude-sonnet-4-5 | Pin to a specific model regardless of session settings. |
| Any LiteLLM-supported id | Same — the runtime hands the string to the generator factory. |
inherit is the right choice for most agents. Use a pinned model when the prompt has been tuned for a specific family or when an agent needs different cost/latency characteristics than the session default.
Tool gating
Section titled “Tool gating”The tools field is a map of glob pattern to boolean. Rules evaluate in order; the last matching rule wins. Tools with no matching rule are allowed.
# Allow everything except bashtools: bash: false
# Start with nothing, opt in by nametools: '*': false lookup_indicator: true fetch_intel: true
# Allow most MCP tools, block onetools: '*': true 'mcp_*': true mcp_filesystem_write: falsePattern matching is fnmatch-style (*, ?, [seq]) and case-insensitive. The '*': false opt-out is the most common shape — it forces the agent to only see tools you’ve explicitly enabled.
Skills
Section titled “Skills”The skills field lists skill names the agent can load. Every listed skill’s name and description appear in the agent’s context; the body of the skill loads only when the agent decides to use it.
skills: [incident-response, report]Skill names are the directory name under skills/ — see Skills for how the files are structured.
Where the file lives
Section titled “Where the file lives”Default location is agents/<name>.md under the capability root. Manifest control:
# Auto-discover every agents/*.mdagents: # (omit entirely)
# Load only theseagents: - agents/triage.md - agents/responder.md
# Disable agents even if agents/ existsagents: []The filename stem is used as the agent name when frontmatter omits name. Match the two when you can — debugging is simpler when agents/triage.md defines the agent named triage.
Selecting an agent at runtime
Section titled “Selecting an agent at runtime”A capability that ships multiple agents lets the user pick one per session:
# Launch the TUI on a specific agentdn --agent triage
# Switch agents inside the TUI/agent triageAgents are addressed by bare name — every installed capability contributes its agents to a single shared namespace. Pick distinct names if you ship multiple capabilities side-by-side.