agentd
Spin up an AI agent that works on its own.
Give it a task, a goal, or a whole workflow — agentd runs as a daemon (or a one-shot), calls tools, and self-corrects until the job is done. Every step is governed, observable, and audited.
## THE LOOP — SINGULAR, AND YOU WROTE IT
your workflow.toml ──► validate (build-time + load-time)
│
trigger ───────────────────▼────────────────────────────┐
(HTTP / cron / fs-watch / │ ENGINE: walk the DAG │
manual --input) │ one node at a time │
┌─────────────────────┼─────────────────────┐ │
│ read_file · parse_json · template_render │ │
│ llm_infer ◄── bounded reasoning step │ │
│ write_file · http_request · call_mcp_tool │ │
│ switch / condition / fail / terminate │ │
└─────────────────────┬─────────────────────┘ │
│ policy + budgets + deadline│
▼ │
outcome JSON + execution trace ◄───────┘## WHY BOUNDED
The LLM is one node type with a prompt template and a JSON contract. It cannot add nodes, pick edges, or invent tool calls — routing on its output is a switch node you declared.
Tool families are Cargo features. A build without tools-http cannot make an outbound request — the code is not in the binary. CI proves every canonical feature set.
Allowlists per family: fs paths, env keys, URLs, shell commands, MCP tools. Empty sections deny. Optional Rego layers on as a logical AND.
HTTP webhooks (bearer / HMAC / mTLS / OIDC, rate-limited), cron + interval schedules, debounced filesystem watches, or one-shot CLI runs.
ed25519 signatures verified over raw TOML bytes before anything parses trust. Every run yields the exact node path it walked; audit events stream to a redacting JSONL sink.
Hand-rolled HTTP/1.1 both directions, no async runtime in the core, ~25 MB distroless image, systemd-hardened unit, deb/rpm packages.