Agent manifest
Every Covenant agent registers itself with the daemon by dropping an agent.toml file under $COVENANT_HOME/agents/. The manifest declares the agent's identity, what runtime it expects, where its executable lives, the capabilities it needs, the resource budget it should run under, and an optional settlement hint.
Example
[agent]
id = "research@local"
name = "research"
version = "0.1.0"
runtime = "rust-bin"
entry = "target/release/research"
[capabilities]
required = ["tool.web_search"]
optional = ["memory.write"]
[resources]
cpu_ms_per_task = 30000
memory_mb = 512
disk_mb = 100
network = "outbound-https-only"
[settlement]
budget_credits_per_hour = 1000
priority = "normal"Schema
[agent]
| Field | Type | Required | Notes |
|---|---|---|---|
id | string | yes | Stable identifier in the form name@host. Used as the routing key, the audit-log subject, and the memory-record owner. |
name | string | yes | Display name; appears in CLI listings. |
version | string | yes | SemVer recommended. |
runtime | enum | yes | rust-bin, python3, or node. The runtime determines how the daemon executes entry. |
entry | string | yes | Path to the binary (for rust-bin) or the entry script (for python3 / node). Resolved relative to the manifest's parent directory unless absolute. |
[capabilities]
| Field | Type | Default | Notes |
|---|---|---|---|
required | list of action strings | [] | Every action in this list must be present in the issuer's active capability set or the dispatch is rejected. |
optional | list of action strings | [] | Recorded for visibility but not enforced. |
Action strings live in reserved namespaces: intent., memory., identity., tool., agent.. The daemon validates that required and optional actions sit in one of these namespaces.
[resources]
| Field | Type | Default | Notes |
|---|---|---|---|
cpu_ms_per_task | u64 milliseconds | 30000 | Wall-clock budget. The runtime kills the process when the budget elapses. |
memory_mb | u64 MiB | 512 | Advisory today; enforced by sandboxed runtimes. |
disk_mb | u64 MiB | 100 | Advisory today. |
network | enum | outbound-https-only | off, outbound-https-only, or full. |
[settlement]
| Field | Type | Default | Notes |
|---|---|---|---|
budget_credits_per_hour | u64 | 0 | Soft cap; tolerated as 0 until enforced by the on-chain settlement program. |
priority | enum | normal | low, normal, high. |
Runtime contract
At dispatch, the runtime spawns the agent according to runtime and entry:
runtime = "rust-bin" → exec entry directly
runtime = "python3" → exec python3 entry
runtime = "node" → exec node entryThe agent reads exactly one JSON line from stdin:
{
"id": "uuid",
"text": "the user's intent",
"issuer": { "display": "user@local", "pubkey": "…" },
"issued_at": 1714938000000,
"priority": "normal",
"parent": null
}And writes exactly one JSON line to stdout:
{
"intent_id": "uuid",
"status": "ok" | "error",
"text": "…",
"sources": ["…"]
}Any output on stderr is captured by the daemon's tracing subsystem and surfaces in the operator's logs. The agent process must terminate within resources.cpu_ms_per_task; a longer-running agent is killed and the dispatch returns an error.
Validation rules
The manifest parser rejects manifests that:
- omit any of
agent.id,agent.name,agent.version,agent.entry, or have any of those fields empty; - declare a
requiredoroptionalcapability action outside the reserved namespaces; - fail to parse as TOML.
Unknown top-level sections are tolerated for forward compatibility; future Covenant releases may attach meaning to them.
Where manifests live
The daemon scans $COVENANT_HOME/agents/*.toml on startup. There is no online registration; restart the daemon after dropping a new manifest. Existing manifests can be edited in place — they are re-read on the next daemon start.
Related
- Concepts — agents in context.
- Capability tokens — what the
requiredlist refers to. - Security model — what the resource budget protects.