Problem
Today, provisioning a machine/service consumer of Agnes (an external bot, a custom user-built AI agent, a CI integration — anything that isn't a human analyst logging in via Google/email) is an admin-only, CLI-driven process: create a group, add a service user, grant resources one by one via /admin/access, mint a PAT via agnes auth token create, hand-write setup instructions. There's no self-serve, guided flow for an analyst who wants to compose "a bundle of stuff for my own AI agent/bot" without going through an admin.
Naming note
Do not call this "Agent" in the UI — that word is already taken by the Store content type (a Claude Code subagent .md definition, see #865) and by "agent surfaces" (web chat/Slack/Telegram/MCP/CLI) in existing docs. Use "Harness" instead — it matches the product's own tagline ("Agnes — AI Harness") and reads unambiguously as "an external AI tool/bot that consumes Agnes," distinct from both existing senses of "agent."
Proposed flow (from user description)
- User clicks something like "New harness" and names it (e.g. "my agent 1").
- A catalog picker shows everything grantable — data packages, Store/marketplace skills, Store agents, possibly MCP connections — and the user attaches a subset.
- Saving the harness bundles the selection, mints a token, and returns an install prompt (text the user pastes into their external agent/bot's startup so it self-installs Agnes access).
- The user can later view usage — which of the attached resources the harness actually used, how much, etc. — on a per-harness dashboard.
- Version pinning (confirmed in follow-up discussion): when a harness is created, it should freeze the current version of each attached resource rather than always tracking "latest." The owner gets an explicit "upgrade to latest" action per resource (or in bulk) rather than silently receiving new versions on next sync.
Why this is mostly reuse, not new infrastructure
| Piece |
Existing primitive to reuse |
| Catalog of grantable things |
ResourceType enum + list_blocks delegates in app/resource_types.py — same data that powers /admin/access today |
| Bundle + identity |
New lightweight concept: a "harness" = a hidden system group + a dedicated service user, created implicitly |
| Token |
Existing PAT mint path (agnes auth token create --ttl … --raw), surfaced via a UI button instead of CLI |
| Install prompt |
app/web/setup_instructions.py already renders this kind of "paste this into your client" content for human analysts — parameterize for a harness identity |
| Usage tracking |
audit_log already supports per-user queries (count_for_user, etc. in src/repositories/audit.py) — filter by the harness's service-user id |
| Version pinning |
Store entities already have version_no / version_history / promote_to_version (per-entity, owner-controlled "live" pointer) and curated marketplaces already have a ref (tag/SHA) pin (per-marketplace, admin-controlled). Both are global pins, not per-consumer. This needs a new per-harness join (e.g. harness_resource_pins(harness_id, resource_type, resource_id, pinned_version_no)) so a harness can freeze independently of what other installers/consumers see. |
Open design question
Self-serve permission boundary: when a non-admin user creates a harness, can they only attach resources they themselves already have access to (safe, no new admin surface), or should they be able to request access to things they don't have yet (which would need an approval step, similar to the Store guardrails moderation queue)? This should be settled before implementation starts.
Related
Problem
Today, provisioning a machine/service consumer of Agnes (an external bot, a custom user-built AI agent, a CI integration — anything that isn't a human analyst logging in via Google/email) is an admin-only, CLI-driven process: create a group, add a service user, grant resources one by one via
/admin/access, mint a PAT viaagnes auth token create, hand-write setup instructions. There's no self-serve, guided flow for an analyst who wants to compose "a bundle of stuff for my own AI agent/bot" without going through an admin.Naming note
Do not call this "Agent" in the UI — that word is already taken by the Store content type (a Claude Code subagent
.mddefinition, see #865) and by "agent surfaces" (web chat/Slack/Telegram/MCP/CLI) in existing docs. Use "Harness" instead — it matches the product's own tagline ("Agnes — AI Harness") and reads unambiguously as "an external AI tool/bot that consumes Agnes," distinct from both existing senses of "agent."Proposed flow (from user description)
Why this is mostly reuse, not new infrastructure
ResourceTypeenum +list_blocksdelegates inapp/resource_types.py— same data that powers/admin/accesstodayagnes auth token create --ttl … --raw), surfaced via a UI button instead of CLIapp/web/setup_instructions.pyalready renders this kind of "paste this into your client" content for human analysts — parameterize for a harness identityaudit_logalready supports per-user queries (count_for_user, etc. insrc/repositories/audit.py) — filter by the harness's service-user idversion_no/version_history/promote_to_version(per-entity, owner-controlled "live" pointer) and curated marketplaces already have aref(tag/SHA) pin (per-marketplace, admin-controlled). Both are global pins, not per-consumer. This needs a new per-harness join (e.g.harness_resource_pins(harness_id, resource_type, resource_id, pinned_version_no)) so a harness can freeze independently of what other installers/consumers see.Open design question
Self-serve permission boundary: when a non-admin user creates a harness, can they only attach resources they themselves already have access to (safe, no new admin surface), or should they be able to request access to things they don't have yet (which would need an approval step, similar to the Store guardrails moderation queue)? This should be settled before implementation starts.
Related
agentStudio authoring domain (distinct, narrower scope; that's about publishing a subagent definition as content, this is about provisioning a consuming identity)