Local storage
Every file Dreadnode writes under ~/.dreadnode/ — config, profiles, transcripts, spans, caches, and auth tokens.
Dreadnode keeps all local state under ~/.dreadnode/. Nothing ships to the platform that isn’t explicitly sent; nothing sensitive sits outside this directory. Back it up and you back up every session, every profile, every cached artifact.
~/.dreadnode/├── config.yaml profiles and identity├── prompt-history.jsonl composer history (last 500 entries)├── runtimes.json cached runtime tokens├── mcp-auth.json OAuth tokens for MCP servers (0600)├── capabilities/ installed capabilities├── packages/ pulled artifacts (datasets, models, agents, environments)├── cas/ content-addressed blob store├── artifacts/ log outputs from runs├── projects/│ └── <project_key>/│ └── <run_id>/│ ├── spans.jsonl│ └── metrics.jsonl└── sessions/ ├── sessions.sqlite3 └── <session_id>/ ├── chat_<session_id>.json ├── runtime_<session_id>.json └── spans_<session_id>.jsonlWhat each file is for
Section titled “What each file is for”| Path | Owner | What’s in it |
|---|---|---|
config.yaml | CLI / TUI | Saved profiles (server URL, API key, default org/workspace/project), active profile pointer |
prompt-history.jsonl | TUI composer | Last 500 unique prompts you typed. Deduped, appended, rotated |
runtimes.json | TUI | Cached sandbox tokens so a workspace reuses its runtime across restarts |
mcp-auth.json | MCP client | OAuth access/refresh tokens for MCP servers. File mode 0600 |
capabilities/<name>/ | Capability loader | Installed capability bundles, one directory per capability |
packages/{datasets,models,agents,environments}/ | dn pull / SDK | Hub artifacts pulled into local cache |
cas/sha256/ | Storage layer | Content-addressed blobs backing packages + artifacts |
artifacts/ | Run exports | Structured outputs from agent runs (e.g. report tool) |
projects/<project>/<run>/spans.jsonl | Tracing | OpenTelemetry spans per run |
projects/<project>/<run>/metrics.jsonl | Tracing | Metrics per run |
sessions/sessions.sqlite3 | Session store | Local index of sessions |
sessions/<id>/chat_<id>.json | Session store | Full transcript |
sessions/<id>/runtime_<id>.json | Session store | Runtime state snapshot |
sessions/<id>/spans_<id>.jsonl | Session store | Trace spans for the session (local mirror) |
Safe to delete?
Section titled “Safe to delete?”| Path | Effect of deletion |
|---|---|
prompt-history.jsonl | Composer history resets. No other effect |
runtimes.json | Next session provisions a fresh runtime instead of reusing the cached one |
mcp-auth.json | Every MCP server re-prompts for OAuth |
cas/, packages/ | Artifacts re-download on next use |
sessions/<id>/ | That session becomes unrecoverable locally. If synced to the platform, still on the server |
config.yaml | All saved profiles gone. Log in again with /login |
cas/ and packages/ can grow large — they’re the only directories worth periodically clearing for disk space.
Sandbox mount
Section titled “Sandbox mount”When a Dreadnode-managed sandbox runs, ~/.dreadnode/ inside the sandbox is mounted via s3fs to the workspace’s storage bucket — scoped to {org_id}/workspaces/{workspace_id}/. Writes from the sandbox land in the same logical tree, but the physical storage is the platform, not the sandbox’s disk.
This is what lets a session’s transcripts and artifacts survive when the sandbox is reset or replaced.