Graphorin API reference v0.4.0
Graphorin API reference / @graphorin/agent / / AgentConfig
Interface: AgentConfig<TDeps, TOutput>
Defined in: packages/agent/src/types.ts:141
The full options object accepted by createAgent.
Stable
Type Parameters
| Type Parameter | Default type |
|---|---|
TDeps | unknown |
TOutput | string |
Properties
| Property | Modifier | Type | Description | Defined in |
|---|---|---|---|---|
causalityMonitor? | readonly | CausalityMonitorConfig | - | packages/agent/src/types.ts:190 |
checkpointStore? | readonly | CheckpointStore | - | packages/agent/src/types.ts:224 |
contextEngine? | readonly | ContextEngineConfig | - | packages/agent/src/types.ts:157 |
dataFlowPolicy? | readonly | DataFlowPolicyConfig | Provenance / taint-based data-flow policy (P1-3, opt-in). Enforces data-flow rules at the tool-execution boundary using the provenance Graphorin already tracks (trust class + source + sensitivity), to defuse the lethal trifecta: a sink (side-effecting / external-stateful tool) is blocked when untrusted content flows into it verbatim, or — conservatively — when it fires while both untrusted content and secret-tier data are present in the run. - mode: 'shadow' — audit-only; tainted flows are flagged (tool:dataflow:flagged audit + counter) but never blocked. Ship this first to surface false positives. - mode: 'enforce' — tainted flows are blocked (the sink does not run; the call yields a dataflow_policy_blocked error) unless the sink is listed in declassifySinks (an audited operator override). Composes with 'code-mode': each in-script tool call flows through the same executor gate. Absent (the default) leaves the loop unchanged. | packages/agent/src/types.ts:213 |
deps? | readonly | TDeps | - | packages/agent/src/types.ts:228 |
fallbackModels? | readonly | readonly ModelSpec[] | - | packages/agent/src/types.ts:176 |
fallbackPolicy? | readonly | AgentFallbackPolicy | - | packages/agent/src/types.ts:177 |
guardrails? | readonly | { input?: readonly InputGuardrail[]; output?: readonly OutputGuardrail<TOutput>[]; } | - | packages/agent/src/types.ts:150 |
guardrails.input? | readonly | readonly InputGuardrail[] | - | packages/agent/src/types.ts:151 |
guardrails.output? | readonly | readonly OutputGuardrail<TOutput>[] | - | packages/agent/src/types.ts:152 |
handoffs? | readonly | readonly HandoffEntry<TDeps>[] | - | packages/agent/src/types.ts:148 |
instructions | readonly | string | ((ctx) => string | Promise<string>) | - | packages/agent/src/types.ts:143 |
maxParallelTools? | readonly | number | - | packages/agent/src/types.ts:158 |
memory? | readonly | Memory | - | packages/agent/src/types.ts:147 |
mergeGuard? | readonly | MergeGuardConfig | - | packages/agent/src/types.ts:191 |
modelTierAutoClassification? | readonly | boolean | - | packages/agent/src/types.ts:180 |
modelTierMap? | readonly | Partial<Record<ModelHint, ModelSpec>> | - | packages/agent/src/types.ts:179 |
name | readonly | string | - | packages/agent/src/types.ts:142 |
outputType? | readonly | OutputSpec<TOutput> | - | packages/agent/src/types.ts:149 |
preferredModel? | readonly | | ModelHint | ModelSpec | - | packages/agent/src/types.ts:178 |
prepareStep? | readonly | PrepareStepHook<TDeps> | - | packages/agent/src/types.ts:156 |
protocolGuard? | readonly | ProtocolGuardConfig | - | packages/agent/src/types.ts:192 |
provider | readonly | Provider | - | packages/agent/src/types.ts:144 |
reasoningRetention? | readonly | ReasoningRetention | Per-agent override of the per-provider auto-detected ReasoningRetention default. Wins over the provider- level default when both are present. The agent runtime feeds the effective value into every provider.stream(...) call so the wire-correct contract is honoured per RB-42 / suggested DEC-158 / suggested ADR-046. | packages/agent/src/types.ts:189 |
resultReaders? | readonly | readonly ResultReader[] | Additional result-handle readers (P1-4 / WI-13), tried after the built-in spill-file reader. Wire an MCP resource reader (createMcpResourceReader from @graphorin/mcp/client) here so the model can resolve an MCP resource_link on demand via the built-in read_result tool, instead of inlining the resource body. Supplying any reader force-registers read_result even when no tool spills. | packages/agent/src/types.ts:222 |
sensitivity? | readonly | Sensitivity | - | packages/agent/src/types.ts:225 |
sessionId? | readonly | string | - | packages/agent/src/types.ts:226 |
skills? | readonly | SkillsRegistryLike | - | packages/agent/src/types.ts:146 |
stopWhen? | readonly | StopCondition | - | packages/agent/src/types.ts:154 |
toolChoice? | readonly | ToolChoice | - | packages/agent/src/types.ts:155 |
toolInvocation? | readonly | "direct" | "code-mode" | How the model invokes tools (P1-2). - 'direct' (default) — the model emits one provider tool-call per tool, each result inlined into the conversation. - 'code-mode' — the agent advertises only the code_execute / code_search meta-tools; the model writes a script that calls tools in a sandbox via tools.<name>(args), and only the script's final result re-enters context (intermediate results stay inside the sandbox). Each in-script call still runs through the executor, so per-tool ACL / sanitization / truncation apply. Approval-gated tools are not reachable from code-mode (there is no durable-HITL path mid-script); call those in 'direct' mode. Default 'direct' | packages/agent/src/types.ts:175 |
tools? | readonly | readonly Tool<unknown, unknown, TDeps>[] | - | packages/agent/src/types.ts:145 |
tracer? | readonly | Tracer | - | packages/agent/src/types.ts:223 |
userId? | readonly | string | - | packages/agent/src/types.ts:227 |