agent

Executes DevOps tasks autonomously by routing LLM decisions through a Model Context Protocol (MCP) system that dynamically loads and executes tools. The agent implements a 14-method AgentProvider trait abstraction with two backends: RemoteClient for cloud-hosted inference and LocalClient for offline operation. Tool execution flows through a container system that validates schemas, manages permissions, and handles SSH-based remote operations on target machines.

Provides a full-featured terminal user interface (TUI) built in Rust that runs as a subprocess spawned by the CLI with bidirectional event channels. The TUI implements a core event loop managing state transitions, user input handling (keyboard/mouse), and real-time rendering of agent messages and interactive components. State is managed through immutable snapshots with event-driven updates, enabling responsive interaction while the agent processes tasks asynchronously.

Manages agent configuration through a TOML file at ~/.stakpak/config.toml that persists profiles, API keys, context sources, and execution settings. The configuration system supports multiple named profiles, enabling different agents to use different LLM backends and settings. Configuration is loaded at startup and can be reloaded without restarting the agent. The system provides a CLI subcommand for configuration management and validation.

Provides a CLI subcommand that displays current account information, billing status, and usage metrics for the authenticated user. The system queries account metadata from the remote API (for RemoteClient mode) or displays local account information (for LocalClient mode). Account information includes subscription tier, API usage, and billing details.

Implements an Agent Client Protocol (ACP) server that enables editor integration (VS Code, Cursor, JetBrains) by exposing agent capabilities through a standardized protocol. The ACP server handles editor requests for agent execution, tool discovery, and result streaming. The system supports bidirectional communication between editors and the agent, enabling in-editor task execution and result display.

Implements a secret substitution system that dynamically detects and redacts sensitive data (API keys, passwords, tokens) from agent outputs, logs, and user-facing messages before display or storage. Privacy mode can be enabled to further redact environment variables, file paths, and command arguments. The system uses pattern matching and configurable secret patterns to identify sensitive data across all message types, with audit logging that preserves redacted values in encrypted storage for compliance.

Manages a context injection pipeline that enriches agent prompts with workspace-specific information (codebase structure, environment variables, git history, previous task outputs) before sending to the LLM. Session profiles stored in ~/.stakpak/config.toml define API keys, model selection, and context sources. The pipeline supports multiple profile selection, enabling different agents to use different LLM backends and context configurations for the same task.

Provides two MCP deployment modes: MCP server mode that exposes the agent's tool registry as a Model Context Protocol server for external clients (editors, IDEs, other agents), and MCP proxy mode that routes tool requests to an upstream MCP server with request/response transformation. Both modes use the same tool container and execution system, enabling tool reuse across different client types and deployment topologies.

Executes tools locally on the agent's host machine by validating tool calls against JSON schemas, resolving tool definitions from the MCP tool registry, and executing them through a containerized execution environment. Tools can be shell commands, scripts, or native binaries. The system validates input parameters against schemas before execution, captures stdout/stderr, and returns structured results to the agent. Execution happens synchronously with timeout protection.

Executes tools on remote machines via SSH by establishing connections using credentials stored in the agent's configuration, executing commands on the remote host, and capturing results. The system manages SSH connection pooling, handles authentication (password, key-based), and integrates with the secret redaction system to prevent credential exposure. Remote operations are treated as first-class tools in the MCP system, enabling agents to manage distributed infrastructure.

Provides a CRUD interface for managing rulebooks that encode organizational standard operating procedures (SOPs) and policies. Rulebooks are stored centrally and can be referenced by agents to guide decision-making and constrain actions. The system supports rulebook versioning, team-based access control, and integration with agent execution to enforce policies during task execution.

Supports two execution modes: async mode that runs agent logic directly without a TUI for batch/scheduled execution, and interactive mode that spawns a TUI subprocess for real-time interaction. The CLI determines execution mode based on command-line flags and routes to different handlers (mode_async.rs, mode_interactive.rs). Both modes share the same agent logic and tool execution system, differing only in user interaction and output handling.

Implements a guardrails system called Warden that enforces security and operational policies during agent execution. The system validates agent actions against defined rules before execution, prevents unauthorized operations, and logs policy violations. Warden integrates with the secret redaction system and privacy mode to enforce data protection policies. Policy rules are configurable and can be updated without restarting the agent.