Skip to content

Workspace spec

Last updated: 2026-06-24

microagent.yaml records the inputs needed to recreate a workspace from source control. It is the declarative form of microagent create: each field corresponds to a create flag, and when both are given, CLI flags override matching spec fields. Use the file when the workspace definition should live in the repo; use flags for one-off overrides.

Pass it with --file to create (auto-discovered as microagent.yaml / microagent.yml), or explicitly to run and dispatch for one-shot work. With the optional agent: block (below), a spec doubles as an Agentfile — a build-free recipe for running an agent in an isolated workspace.

name: research
image: docker.io/library/ubuntu:24.04
profile: medium
restart: on-failure
entrypoint: /app/start.sh
shell: /bin/bash
hostname: research
setup:
- mkdir -p /workspace
- echo ready > /workspace/status
files:
- src: ./agent.py
dst: /app/agent.py
mode: "0644"
env:
MICROAGENT_NAME: research
model: unsloth/Qwen3-4B-Instruct-2507-GGUF/Qwen3-4B-Instruct-2507-Q4_K_M.gguf
modelRunner:
backend: llamacpp
gpu: off
args: ["--no-ui"]
modelMediation:
mode: policy
policyFile: ./model-policy.json
policyTimeout: 250ms
resources:
memoryMiB: 2048
cpuCount: 2
sizeMiB: 8192
mediation:
enabled: true
required: true
port: 2048
target: 127.0.0.1:9900
failClosed: true
health:
exec: ["python3", "-c", "import socket; socket.create_connection(('127.0.0.1', 8080), 1)"]
intervalSeconds: 15
timeoutSeconds: 2
retries: 3
startPeriodSeconds: 10
disks:
- name: workspace
path: /tmp/workspace.ext4
mountpoint: /workspace
mode: rw
bundles:
- name: config
path: ./config.tar
mountpoint: /config
mode: ro
outputs:
- name: report
path: /workspace/report.json
agent:
entry: python /app/agent.py
egress: strict
allow: [api.anthropic.com]
cred-swap: [anthropic]

The optional agent: block turns a spec into an Agentfile — it carries the few agent-defining knobs the rest of the spec cannot express, while base image, dependency install, files, and env reuse the normal top-level fields. There is no image to build: microagent dispatch --file agent.yaml pulls the thin base, runs setup in the booted guest, drops files, and runs entry under the egress envelope — installing the SDK at boot rather than baking a fat image. See examples/agents.

Terminal window
microagent dispatch --file agent.yaml

CLI flags override the block (e.g. --egress strict beats agent.egress, --exec beats agent.entry); agent.allow and agent.cred-swap union with the corresponding flags.

Terminal window
microagent create --file microagent.yaml

If microagent.yaml or microagent.yml exists in the current directory, microagent create reads it automatically.

CLI flags override spec fields, so this is valid:

Terminal window
microagent create --file microagent.yaml --name research-2 --profile large
FieldDescription
nameWorkspace name
imageOCI image reference
profileResource profile: tiny, small, medium, or large
restartRestart policy: never, on-failure, or always
entrypointCommand to run when the workspace starts
shellInteractive console shell path. Defaults to /bin/sh; the path must exist inside the guest
hostnameGuest hostname. Defaults to the workspace name sanitized as a Linux hostname
setupCommands to run before first start
filesSource files to copy into the workspace rootfs
files[].srcHost path, relative to the spec file or absolute
files[].dstAbsolute guest path to write
files[].modeOptional octal file mode string, such as "0755"
envGuest environment variables
modelHuggingFace GGUF ref of a locally served model to pair the workspace with; every start re-pairs it, and a CLI --model flag overrides the field. See model
modelRunner.backendModel runner backend: llamacpp, vllm, or custom
modelRunner.gpuModel runner GPU intent: off, on, or auto
modelRunner.backendModelBackend model id for runners such as vLLM
modelRunner.servedModelOpenAI-compatible served model name for runners such as vLLM
modelRunner.commandCustom runner argv template; supports {model}, {host}, {port}, and {addr}
modelRunner.nameCustom runner name recorded in runner state
modelRunner.healthPathCustom runner health probe path
modelRunner.argsExtra runner argv entries
modelMediation.modeModel mediation mode: off, local-allow, or policy
modelMediation.policyFileStructured model mediation policy file path
modelMediation.policyURLExternal model mediation policy endpoint URL
modelMediation.policyTimeoutModel mediation policy timeout, such as 250ms or 2s
resources.memoryMiBMemory override
resources.cpuCountCPU override
resources.sizeMiBRootfs disk size override
mediationGuest-to-host vsock mediation channel contract
mediation.enabledEnables the mediation declaration
mediation.requiredRequires the channel for workspace startup
mediation.portGuest vsock port used by the agent
mediation.targetHost address and port for the enforcer/orchestrator
mediation.failClosedTreats a required channel break as closed by default
healthLiveness probe; an unhealthy workspace is restarted by supervise under the restart policy
health.execProbe command run in the guest through structured exec when the selected backend exposes execReady; healthy on exit 0. Declare either exec or httpGet
health.httpGetProbe path for a host-side GET against a published guest port (e.g. /healthz); healthy on a non-error status
health.portPublished guest port the httpGet probe targets
health.intervalSecondsSeconds between probes (default 30)
health.timeoutSecondsPer-probe timeout (default 5)
health.retriesConsecutive failures before the workspace is considered unhealthy (default 3)
health.startPeriodSecondsGrace period after start before probing begins (default 0)
disksExisting ext4 disks to attach
bundlesTar bundles to build into ext4 disks and attach
outputsDeclared output artifact paths inside the workspace
agent.entryThe agent’s run command (the one-shot exec); a CLI --exec overrides it
agent.egressEgress mode: guarded, strict, or off; a CLI --egress overrides it
agent.allowExtra egress hosts to allowlist; unioned with --egress-allow
agent.cred-swapBuilt-in providers to inject host-side, each PROVIDER[=env:NAME|file:PATH|vault:PATH] (reference only, never a literal); unioned with --cred-swap. See credential swap
  • create - the command this file drives
  • apply - apply spec changes to an existing workspace
  • profiles - the named resource profiles
  • supervise - acts on restart and health