Skip to main content

Agent configuration

Registering skills

Each skill declares its input/output schemas via Zod, supported communication modes, and trust tier.
Input is validated against your Zod schema before the handler runs. If validation fails, the caller receives SCHEMA_INVALID — your handler is never invoked.

Trust tiers

See Access Control for the full patterns.

Trusting specific peers

For trusted-peers skills, register the caller’s public key before they connect:
Use AgentClient.prepare() on the client side to get the public key before connecting — see Calling Agents.

Starting the server

On first serve() the SDK generates and persists an Ed25519 keypair under keysDir. Subsequent runs load the existing key — the agent’s identity is stable across restarts.

Injection defense

The SDK always runs a regex-based injection scan on every incoming payload. For high-trust skills, add a second LLM-based layer via injectionClassifier in AgentConfig: OpenAI moderation API:
Ollama (local, zero cost):
The classifier receives the raw skill input object. Return true to block (HTTP 400, INJECTION_DETECTED). If the classifier throws, the SDK fails open — it logs a warning and lets the request through. To fail closed instead, catch errors inside your function and return true.

Skill chaining

Skills can call other agents using AgentClient: