sulala-docs
Platform

Security

How secrets, tokens, and access are handled in Sulala Agent OS.

Overview

  • Secrets live in ~/.agent-os/config.json or in the environment; never commit them to the repo.
  • Server binds to 127.0.0.1 by default (configurable via HOST); no internet exposure unless you use a reverse proxy or change HOST.
  • Channel tokens (Telegram, Slack, Discord, Signal, Viber) are stored only in config; webhooks should be served over HTTPS in production.
  • Skill config (API keys, options) is stored in ~/.agent-os/configs/<skill_id>.json; keep that directory out of public repos.

Agent OS

  • Binding: Server binds to 127.0.0.1:3010 by default. Expose publicly only behind a reverse proxy with HTTPS and, if needed, auth.
  • Secrets: API keys (OpenAI, OpenRouter, Anthropic, Google) and channel tokens are read from config.json or env. Set them in Settings or edit the file; never put them in code or git.
  • Workspace: Each agent has a sandbox at ~/.agent-os/workspaces/{agent_id}/. File-access tools are restricted to this path (resolveInWorkspace); agents cannot read/write outside it.
  • Tools: Agents declare allowed tools (from their skills + built-in allowlist). Runtime limits (max_turns, max_tokens, max_runtime) can be set per agent. Restrict which tools an agent can use via its config.
  • Exec tool: If the agent can run shell commands (exec tool), restrict to a safe working directory (workspace) and document allowed commands; avoid running untrusted code.

Channels

  • Webhooks: In production use HTTPS for webhook URLs. Set tokens and signing secrets only in config or env.
  • Verification: Slack (signing secret) and Discord (public key) verify request signatures; keep those values secret and set them in config.

Optional store

  • If you run a skill store, protect admin and submission APIs with secrets (e.g. ADMIN_SECRET). License tokens for paid skills should be kept private.
  • Agent OS only consumes a registry URL; it does not store OAuth tokens for the store. Store credentials belong in the store app’s env.

Best practices

  • Use HTTPS for any publicly reachable server (e.g. reverse proxy in front of Agent OS).
  • Rotate API keys and channel tokens if you suspect exposure.
  • Prefer least privilege: run the process with a user that cannot access unrelated files; rely on the workspace sandbox for agent file access.

Skills Authoring

How to write a skill for Agent OS — folder layout (skill.yaml or SKILL.md, tools.yaml), config schema, and installation.

Agent API Reference

REST API for Sulala Agent OS — agents, run, stream, tasks, skills, memory, conversations, channels.