neoagent 2.4.4-beta.10 → 2.4.4-beta.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/docs/models.md ADDED
@@ -0,0 +1,64 @@
1
+ # Models and providers
2
+
3
+ NeoAgent supports local models, API-key providers, and several account-backed
4
+ providers. Provider credentials stay on the server.
5
+
6
+ ## Configure a model
7
+
8
+ Open **Settings > AI Providers** to add credentials and choose models. You can
9
+ also run `neoagent setup` to configure common values from the terminal.
10
+
11
+ ### Local models
12
+
13
+ [Ollama](https://ollama.com/) does not require a hosted-model API key. Set its
14
+ server URL with `OLLAMA_URL`, then select an available Ollama model in NeoAgent.
15
+ The Ollama process may run on the NeoAgent host or another reachable machine.
16
+
17
+ ### API-key providers
18
+
19
+ NeoAgent includes providers for Anthropic, OpenAI, Google Gemini, xAI, MiniMax,
20
+ NVIDIA NIM, OpenRouter, and OpenAI-compatible endpoints. Available models are
21
+ loaded through the configured provider rather than maintained as a fixed list
22
+ in the documentation.
23
+
24
+ ### Account-backed providers
25
+
26
+ The CLI can authenticate supported developer subscriptions:
27
+
28
+ ```bash
29
+ neoagent login github-copilot
30
+ neoagent login openai-codex
31
+ neoagent login claude-code
32
+ neoagent login grok-oauth
33
+ ```
34
+
35
+ These login flows are separate from ordinary API-key providers.
36
+
37
+ ## Model assignment
38
+
39
+ The default model is selected in settings. Individual agents and scheduled
40
+ tasks can override it. A model used for tools must support the tool-calling
41
+ contract expected by its NeoAgent provider.
42
+
43
+ Some features use separate providers:
44
+
45
+ - Embeddings for memory search use a configured supported embedding provider
46
+ and fall back to lexical retrieval when embeddings are unavailable.
47
+ - Recording transcription uses Deepgram when enabled.
48
+ - Image generation and analysis depend on the selected provider and model.
49
+
50
+ ## Credential handling
51
+
52
+ API keys and account tokens are stored under the NeoAgent runtime directory on
53
+ the server. Do not put credentials in task prompts, skills, screenshots, issue
54
+ reports, or chat messages.
55
+
56
+ Use the environment CLI when terminal administration is more appropriate:
57
+
58
+ ```bash
59
+ neoagent env list
60
+ ```
61
+
62
+ `env list` masks secrets. The `env get`, `env set`, and `env unset` commands
63
+ accept a variable name; `env get` prints the selected value, so avoid running it
64
+ in recorded terminals or shared shells.
@@ -1,28 +1,33 @@
1
- # Operations
1
+ # Operations and troubleshooting
2
2
 
3
- ## Service State
3
+ Run service commands on the machine hosting NeoAgent.
4
+
5
+ ## Service commands
4
6
 
5
7
  ```bash
6
- neoagent status # install root, config path, runtime paths, release channel, service state
7
- neoagent logs # first stop for unexpected behavior in UI, messaging, OAuth, or tasks
8
+ neoagent status
9
+ neoagent start
10
+ neoagent stop
8
11
  neoagent restart
12
+ neoagent logs
9
13
  ```
10
14
 
11
- ## Release Channels
15
+ `status` is the first check for install, service, configuration, and health
16
+ problems. `logs` tails the server logs. Logs from a laptop or client do not
17
+ describe a NeoAgent instance running on another server.
12
18
 
13
- ```bash
14
- neoagent channel # show current channel
15
- neoagent channel stable # switch to stable releases (recommended for most installs)
16
- neoagent channel beta # switch to prerelease builds
17
- ```
18
-
19
- ## Updates
19
+ ## Release channels and updates
20
20
 
21
21
  ```bash
22
+ neoagent channel
23
+ neoagent channel stable
24
+ neoagent channel beta
22
25
  neoagent update
23
26
  ```
24
27
 
25
- Follows the configured release channel. On git installs, pulls the latest source and reinstalls dependencies when they change. On npm installs, reinstalls the global package from the matching npm tag. Verifies the bundled web client and restarts the service.
28
+ Stable is intended for normal installations. Beta receives prerelease builds.
29
+ `update` follows the selected channel, updates the package or Git checkout,
30
+ verifies the bundled client, and restarts the service.
26
31
 
27
32
  ## Recovery
28
33
 
@@ -30,32 +35,43 @@ Follows the configured release channel. On git installs, pulls the latest source
30
35
  neoagent fix
31
36
  ```
32
37
 
33
- Use when NeoAgent is in a broken state after a self-edit or corrupted install. On git installs: backs up runtime data, saves local tracked changes, resets source files, reinstalls dependencies, and restarts.
38
+ Use `fix` for a damaged installation or failed source update. It preserves
39
+ runtime data, repairs application source and dependencies, and restarts the
40
+ service. It is not a substitute for a backup.
34
41
 
35
- For configuration-only issues:
42
+ For configuration problems:
36
43
 
37
44
  ```bash
38
45
  neoagent setup
39
46
  neoagent restart
40
47
  ```
41
48
 
42
- ## Troubleshooting
49
+ ## Backups
43
50
 
44
- | Symptom | First step |
45
- |---|---|
46
- | Service won't start | `neoagent logs` — look for startup errors |
47
- | UI loads but agent doesn't respond | Confirm an AI provider key is set in **Settings → AI Providers** |
48
- | OAuth integration fails | Confirm `PUBLIC_URL` is reachable and the redirect URI matches |
49
- | Messaging not delivering | Check credentials in the messaging tab; confirm `PUBLIC_URL` for webhook-based platforms |
50
- | Tasks not running | Confirm the task is enabled; check **Runs** and **Logs** for error output |
51
- | Broken after update | `neoagent fix` — resets source, reinstalls, restarts |
52
-
53
- ## Runtime Data
51
+ Stop the service or take an application-consistent filesystem snapshot, then
52
+ back up:
54
53
 
55
54
  | Path | Contents |
56
55
  |---|---|
57
- | `~/.neoagent/.env` | Server config and secrets |
58
- | `~/.neoagent/data/` | Database, session data, logs, update status |
59
- | `~/.neoagent/agent-data/` | Skills, memory, daily data |
56
+ | `~/.neoagent/.env` | Server configuration and secrets |
57
+ | `~/.neoagent/data/` | SQLite database, sessions, logs, update state |
58
+ | `~/.neoagent/agent-data/` | Skills, memory files, daily data |
59
+
60
+ If `NEOAGENT_HOME` is set, these paths live under that directory instead.
61
+ Protect backups as credentials and personal data.
60
62
 
61
- Back up these paths before moving a server or doing manual repairs.
63
+ ## Common failures
64
+
65
+ | Symptom | Check |
66
+ |---|---|
67
+ | Service does not start | `neoagent status`, then `neoagent logs` |
68
+ | Chat has no response | Provider connection, selected model, provider quota |
69
+ | Browser or shell unavailable | QEMU installation and first runtime boot |
70
+ | OAuth fails | Reachable HTTPS `PUBLIC_URL` and exact callback URI |
71
+ | Messaging receives nothing | Channel credentials, webhook, and allowlists |
72
+ | Task does not run | Enabled state, trigger account, next run, **Runs** |
73
+ | Android action fails | ADB visibility, selected device, tool approval |
74
+ | Paired device unavailable | Companion or extension connection on that machine |
75
+
76
+ When reporting a bug, include the NeoAgent version, server OS, installation
77
+ type, runtime profile, exact reproduction steps, and sanitized server logs.
@@ -0,0 +1,49 @@
1
+ # Persistence and migrations
2
+
3
+ NeoAgent uses a single SQLite database opened through
4
+ `server/db/database.js`. Services share that instance and use synchronous
5
+ `better-sqlite3` statements and transactions.
6
+
7
+ ## Stored state
8
+
9
+ The database owns:
10
+
11
+ - Users, sessions, agents, and settings
12
+ - Conversations, messages, runs, steps, events, and model usage
13
+ - Tasks, triggers, webhook deliveries, and widgets
14
+ - Integration connections and encrypted credentials
15
+ - Memory, facts, entities, source documents, and retrieval telemetry
16
+ - Recordings, transcripts, health records, and device registrations
17
+ - Tool policies and approval history
18
+
19
+ Larger artifacts and editable agent data use runtime directories under
20
+ `NEOAGENT_HOME`.
21
+
22
+ ## Schema changes
23
+
24
+ Base schema creation lives in the database module. Incremental migrations live
25
+ in `lib/migrations.js` and `lib/schema_migrations.js`. A migration must be
26
+ idempotent and preserve existing user data.
27
+
28
+ Do not create tables or run `ALTER TABLE` from feature services. Do not open a
29
+ second SQLite database instance.
30
+
31
+ FTS5 and JSON1 use graceful fallbacks where the host SQLite build may not
32
+ provide an extension. New behavior must preserve those fallback paths unless
33
+ the installation requirements are deliberately changed.
34
+
35
+ ## Runtime paths
36
+
37
+ `runtime/paths.js` is the source of truth for application, configuration, data,
38
+ agent-data, log, update, and PID paths. Services must use those exports rather
39
+ than hard-coded home-directory paths.
40
+
41
+ Startup can migrate legacy in-repository `.env`, `data`, and `agent-data`
42
+ locations into the runtime home when the destination is empty.
43
+
44
+ ## Backup implications
45
+
46
+ The database and agent-data directories should be backed up as one logical
47
+ state. Integration credentials and session material make backups sensitive.
48
+ Restoring only the database can leave referenced files or editable skills out
49
+ of sync.
@@ -0,0 +1,41 @@
1
+ # Recordings and health
2
+
3
+ Recordings and health data are optional features of the NeoAgent clients. Both
4
+ store their processed data on the NeoAgent backend.
5
+
6
+ ## Recordings
7
+
8
+ The web client can capture microphone and screen audio. The Android client can
9
+ record microphone audio through a foreground service.
10
+
11
+ Recordings upload in chunks and move through recording, processing, completed,
12
+ failed, or cancelled states. When Deepgram is configured, NeoAgent transcribes
13
+ the audio and stores timestamped segments that can be searched from the
14
+ operator interface or by the agent.
15
+
16
+ Optional recording insights can produce summaries, action items, and event
17
+ suggestions after transcription.
18
+
19
+ The agent can list recordings, inspect a session, and search transcripts. It
20
+ can also extract transcripts and metadata from supported public social-video
21
+ URLs when the required host tool is installed.
22
+
23
+ ## Health Connect
24
+
25
+ The Android app can read Health Connect records after the user grants Android
26
+ permissions. Supported data includes steps, heart rate, sleep, exercise, and
27
+ weight.
28
+
29
+ The app uploads granted records to the user's NeoAgent backend. Stored metrics
30
+ appear in **Health** and are available to the owning agent through the health
31
+ tool.
32
+
33
+ Health Connect access can be revoked in Android settings. Revoking access stops
34
+ future reads but does not remove records already uploaded to NeoAgent; delete
35
+ stored server data separately when required.
36
+
37
+ ## Privacy
38
+
39
+ Audio, transcripts, and health records are sensitive personal data. Protect the
40
+ server account, use HTTPS for remote clients, restrict agents and integrations,
41
+ and include these data stores in backup and deletion procedures.
@@ -0,0 +1,52 @@
1
+ # Runtime and tool execution
2
+
3
+ The runtime manager selects where browser, shell, desktop, and Android actions
4
+ execute. Tool security is checked before dispatch, independent of the model
5
+ that requested the action.
6
+
7
+ ## Browser and shell
8
+
9
+ The default browser and CLI backend is a per-user isolated runtime managed by
10
+ the server. It exposes a guest agent authenticated with a generated token and
11
+ stores artifacts through the server artifact service.
12
+
13
+ Browser settings can select a paired Chrome extension. CLI settings can select
14
+ a paired desktop companion. If the requested paired backend is unavailable,
15
+ the effective backend falls back to the isolated runtime.
16
+
17
+ ## Desktop companion
18
+
19
+ Desktop control and selected CLI commands are sent through the authenticated
20
+ desktop companion registry. Non-PTY desktop commands can run through an
21
+ isolated worker process that has no imports from the main server process.
22
+
23
+ This process separation protects server memory; it does not restrict what the
24
+ paired desktop account itself can access.
25
+
26
+ ## Android
27
+
28
+ The Android provider is created per user but executes through ADB on the
29
+ NeoAgent host. Device selection, screenshots, UI observation, input, intents,
30
+ application installation, and shell commands therefore operate outside the
31
+ browser and CLI runtime.
32
+
33
+ ## Workspace files
34
+
35
+ File tools use server-side path validation and the user's workspace boundary.
36
+ They do not accept arbitrary paths merely because a model generated them.
37
+
38
+ ## Tool security hook
39
+
40
+ `before_tool_call` runs before tool execution. The security hook maps sensitive
41
+ tools to categories and applies the user's deny, approval, session allow, or
42
+ persistent allow policy.
43
+
44
+ Approval waits are delivered through Socket.IO. The model receives a structured
45
+ blocked result for denial or timeout and should not treat the tool as executed.
46
+
47
+ ## Boundaries not provided
48
+
49
+ The runtime does not provide destination-level network egress filtering.
50
+ Read-only tools can execute without approval. Paired machines and ADB devices
51
+ remain trusted operator resources. See [Security](security-boundaries.md) for
52
+ deployment guidance.
@@ -1,122 +1,76 @@
1
- # Security Boundaries
1
+ # Security and permissions
2
2
 
3
- NeoAgent processes untrusted content from web pages, email, messaging
4
- platforms, integrations, MCP servers, files, and other external systems. That
5
- content may attempt prompt injection.
3
+ NeoAgent reads untrusted content from websites, email, messages, files,
4
+ integrations, and MCP servers. Any of that content can contain prompt
5
+ injection. Model instructions and injection warnings help, but authorization
6
+ must come from server-enforced boundaries and operator choices.
6
7
 
7
- Prompt instructions, warning text added to tool results, and injection
8
- detection heuristics are defense-in-depth signals for the model. They are not
9
- authorization boundaries. The boundaries below are enforced in server-side
10
- code and cannot be bypassed by any model-generated content.
8
+ ## Tool permissions
11
9
 
12
- ## What Is Enforced
10
+ Sensitive tools are grouped into categories for shell commands, file writes,
11
+ privileged Android actions, desktop control, browser evaluation, network
12
+ writes, and skill or widget mutation.
13
13
 
14
- ### Infrastructure isolation
14
+ Each category can be:
15
15
 
16
- | Capability | Enforced boundary |
16
+ | Policy | Result |
17
17
  |---|---|
18
- | Browser, default backend | Runs in a per-user Docker container with resource limits (`no-new-privileges`, no host filesystem mount). |
19
- | Browser, paired extension | Commands are sent to the explicitly paired Chrome extension. Controls that browser profile; outside the container boundary. |
20
- | Shell, VM backend | `execute_command` runs in the same per-user container as the default browser backend. |
21
- | Shell, desktop companion | Commands route through `ShellWorkerPool` a `child_process.fork()` pool of isolated worker processes (`server/services/cli/shell_worker.js`). Workers carry **no server imports**: no database handle, no JWT secret, no app state. A compromised command result cannot read main-process memory. |
22
- | Workspace file tools | `read_file`, `write_file`, `edit_file`, directory listing, and file search are restricted by server-side path checks to the user's workspace directory. |
23
- | Android | `android_shell` and related tools run from the NeoAgent host via ADB against the selected device or emulator. |
24
- | Official integrations | OAuth credentials remain server-side. Accounts configured as read-only have write tools blocked by server-side access checks. |
25
- | Runtime API | The container endpoint is published on loopback. A guest token authenticates requests between the server and the runtime. |
18
+ | Deny | The tool does not run |
19
+ | Require approval | The run pauses for a user decision |
20
+ | Allow | The tool runs for the current session |
21
+ | Always allow | The stored policy permits future runs |
26
22
 
27
- ### Tool policy system
23
+ The default is approval for sensitive categories. Skill and widget mutation is
24
+ denied by default. Users can also select a global default, always-ask, or
25
+ allow-all mode.
28
26
 
29
- The `before_tool_call` hook fires before every tool execution in both the
30
- sequential and parallel engine paths. Two handlers are registered at startup
31
- and cannot be removed by agent code:
27
+ Approval prompts time out after 30 seconds. A denied or timed-out call is
28
+ reported to the model as blocked rather than executed.
32
29
 
33
- **Priority 5 per-category policy check** (`server/services/security/tool_security_hook.js`)
30
+ ## Where tools run
34
31
 
35
- Every tool is mapped to one of seven sensitive categories:
36
-
37
- | Category | Tools |
38
- |---|---|
39
- | `shell` | `execute_command` |
40
- | `file_write` | `write_file`, `edit_file` |
41
- | `android_privileged` | `android_shell`, `android_install_apk`, `android_open_intent`, `android_open_app` |
42
- | `desktop_control` | `desktop_click`, `desktop_type`, `desktop_press_key`, `desktop_drag`, `desktop_launch_app`, `desktop_observe` |
43
- | `browser_privileged` | `browser_evaluate` |
44
- | `network_write` | `http_request` (POST/PUT/PATCH/DELETE only) |
45
- | `skill_mutation` | `create_skill`, `update_skill`, `delete_skill`, `create_ai_widget`, `update_ai_widget`, `delete_ai_widget` |
46
-
47
- Read-only tools (`think`, `web_search`, `browser_navigate`, `read_file`, etc.)
48
- are in a static `SAFE_TOOLS` set and bypass all policy checks with a single
49
- `Set.has()` call.
50
-
51
- Per-category policy (stored in `tool_policies` table, one row per user per
52
- category):
53
-
54
- | Policy | Effect |
55
- |---|---|
56
- | `deny` | Tool call is blocked immediately. The model receives a structured error and can explain the restriction to the user. |
57
- | `require_approval` | Execution suspends; the user receives a real-time prompt (bottom sheet + optional push notification). Decision options: Deny / Allow once / Allow session / Always allow. |
58
- | `allow` | Tool runs without interruption. Grants expire at session end. |
59
- | `allow_always` | Tool runs without interruption. Persisted to DB; never expires. |
60
-
61
- Default policy for all categories is `require_approval`, except `skill_mutation` which defaults to `deny`.
62
-
63
- **Priority 10 — approval gate** (`server/services/security/approval_gate_service.js`)
64
-
65
- When a category policy is `require_approval`, execution is suspended and a
66
- `tool:approval_required` event is emitted to the user's Socket.IO room. The
67
- agent loop awaits the decision with a 30-second timeout. If no decision is
68
- received, the tool is denied and the model is informed of the timeout.
69
-
70
- ### Global security mode
71
-
72
- Users can override all per-category settings with a global mode (stored in
73
- `user_settings` under key `tool_security_mode`):
74
-
75
- | Mode | Behaviour |
32
+ | Capability | Runtime |
76
33
  |---|---|
77
- | `default` | Per-category policies apply (recommended). |
78
- | `allow_all` | All tool policy and approval checks are bypassed. The agent runs without interruption. |
79
- | `always_ask` | Every sensitive tool requires approval regardless of per-category settings. |
80
-
81
- ### Agent-loop feedback
82
-
83
- When a tool is blocked, the model receives a structured result:
84
-
85
- ```json
86
- { "tool": "execute_command", "status": "blocked", "blocked_by": "policy|user_denied|approval_timeout", "reason": "..." }
87
- ```
88
-
89
- The `reason` field contains an actionable message the model can surface to the
90
- user (e.g., pointing to Settings Tool Permissions, or acknowledging that the
91
- user denied the call and it should not retry).
92
-
93
- ## What Is Not Enforced
94
-
95
- - **No per-tool allowlist at the schema/selection level.** A tool blocked by
96
- policy is still listed in the tool catalog. The block fires at execution
97
- time, not at selection time.
98
- - **No mandatory approval for safe tools.** Tools in `SAFE_TOOLS` always
99
- execute without a policy check.
100
- - **No network egress filtering.** The `http_request` tool (non-write methods)
101
- can reach any URL reachable from the server.
102
- - **Prompt-injection detection is heuristic.** The detection layer may warn the
103
- model but cannot prevent every injection attempt.
104
-
105
- ## Deployment Guidance
106
-
107
- - Run NeoAgent under a dedicated, unprivileged OS account.
108
- - Prefer the container-backed browser and CLI defaults (VM backend).
109
- - Do not select the desktop shell backend on a machine containing data the
110
- agent should not access.
111
- - Use `require_approval` or `deny` for `shell` and `android_privileged` on
112
- machines where you run personal or work data alongside NeoAgent.
113
- - Treat a paired browser extension as giving the agent control of that browser
114
- profile. Use a dedicated profile.
115
- - Treat an ADB-connected Android device as accessible to the agent, including
116
- capabilities exposed by `adb shell`.
117
- - Keep integration accounts read-only unless write access is required.
118
- - The `allow_all` global mode is suitable only for trusted automated
119
- environments where the operator controls all input. Do not use it for
120
- open-ended agentic sessions that browse the web or read email.
121
-
122
- For vulnerability reporting, see [Security Policy](https://github.com/NeoLabs-Systems/NeoAgent/blob/main/SECURITY.md).
34
+ | Default browser and shell | Per-user isolated runtime managed by the NeoAgent host |
35
+ | Workspace files | Server-enforced user workspace paths |
36
+ | Paired Chrome extension | The paired Chrome profile and machine |
37
+ | Paired desktop companion | The paired desktop account |
38
+ | Android | The selected host-attached ADB device or emulator |
39
+ | Integrations | NeoAgent server using stored account credentials |
40
+
41
+ The paired extension and desktop companion are access grants, not isolation
42
+ boundaries. Android commands do not run in the browser and shell VM.
43
+
44
+ ## Account and integration controls
45
+
46
+ - Credentials remain on the server.
47
+ - Official integration accounts can be set to read-only.
48
+ - Users and agents have separate application data and assignments.
49
+ - Messaging allowlists restrict which chats and senders can trigger runs.
50
+ - A guest token authenticates communication with the isolated runtime.
51
+
52
+ ## Important limitations
53
+
54
+ - Read-only tools do not require approval by default.
55
+ - Outbound network access is not filtered by destination.
56
+ - A paired browser can access the signed-in state of that Chrome profile.
57
+ - A paired desktop process acts with the permissions of its OS account.
58
+ - ADB can expose broad access to the selected Android device.
59
+ - Prompt-injection detection cannot identify every malicious instruction.
60
+ - Multi-user application isolation does not make NeoAgent suitable for
61
+ mutually hostile tenants on a shared host.
62
+
63
+ ## Deployment guidance
64
+
65
+ - Run NeoAgent as a dedicated unprivileged OS account.
66
+ - Use HTTPS for remote access.
67
+ - Keep shell, desktop, Android, and write categories on approval until the
68
+ workflow is understood.
69
+ - Use dedicated Chrome and desktop profiles for paired control.
70
+ - Keep integrations read-only unless writes are required.
71
+ - Do not use allow-all for open-ended runs that browse the web or read messages.
72
+ - Back up secrets and user data securely and test account recovery.
73
+
74
+ The implementation details are documented in
75
+ [Runtime and tool execution](runtime-and-tools.md). Report vulnerabilities
76
+ through [SECURITY.md](https://github.com/NeoLabs-Systems/NeoAgent/blob/main/SECURITY.md).
package/docs/skills.md CHANGED
@@ -1,59 +1,46 @@
1
- # Skills
1
+ # Skills and MCP
2
2
 
3
- Skills are Markdown files that instruct the agent on how to use a local capability or follow a multi-step workflow. They load at runtime from `~/.neoagent/agent-data/skills/`, so edits take effect without restarting the service.
3
+ Skills and MCP servers both extend the agent, but they solve different
4
+ problems.
4
5
 
5
- ## Built-in Skills
6
+ ## Skills
6
7
 
7
- | Skill | Description |
8
- |---|---|
9
- | `browser.md` | Web browsing and scraping with Puppeteer |
10
- | `cli.md` | Shell commands in a persistent PTY terminal |
11
- | `files.md` | Read, write, and search host files |
12
- | `memory.md` | Store and recall long-term facts |
13
- | `messaging.md` | Send via Telegram, WhatsApp, Discord, Slack, Matrix, Teams, Google Chat, or webhooks |
14
- | `system-stats.md` | CPU, memory, and disk usage |
15
- | `weather.md` | Current weather via wttr.in |
16
- | `ip-info.md` | Public IP and geolocation |
17
- | `port-check.md` | Check if a TCP port is open |
18
- | `ping-host.md` | Ping a host |
19
- | `process-monitor.md` | List running processes |
20
- | `disk-usage.md` | Directory size breakdown |
21
- | `find-large-files.md` | Locate large files |
22
- | `docker-status.md` | Docker container status |
23
- | `tail-log.md` | Tail any log file |
24
- | `news-hackernews.md` | Fetch top Hacker News stories |
25
- | `qr-code.md` | Generate QR codes |
26
- | `pdf-toolkit.md` | Inspect, extract, merge, split, compress PDFs |
27
- | `git-summary.md` | Summarize git status, branches, commits, and diffs |
28
- | `csv-toolkit.md` | Inspect and transform CSV or TSV files |
29
- | `markdown-workbench.md` | Clean up, outline, and convert Markdown documents |
8
+ A skill is a Markdown instruction set for a repeatable workflow. Skills can
9
+ teach an agent how to use existing tools, commands, file formats, or local
10
+ conventions. They do not add a new security boundary or bypass tool approvals.
30
11
 
31
- ## Creating a Custom Skill
12
+ Manage skills in **Skills**. NeoAgent includes a catalog of system, network,
13
+ document, data, creative, and development workflows. Installed skills are
14
+ editable and removable.
32
15
 
33
- Add a Markdown file to `~/.neoagent/agent-data/skills/`:
16
+ Custom skills live in the NeoAgent agent-data directory and are loaded without
17
+ restarting the server. Keep them focused, name the actual tools they require,
18
+ and never store secrets in them.
34
19
 
35
- ```markdown
36
- # My Skill Name
20
+ Use a skill when:
37
21
 
38
- Brief description of what this skill does and when to use it.
22
+ - the workflow repeats;
23
+ - the agent already has the required underlying tools; and
24
+ - written procedure is enough to make the work reliable.
39
25
 
40
- ## Usage
26
+ ## MCP servers
41
27
 
42
- Step-by-step instructions or exact commands the agent should follow.
43
- ```
28
+ The [Model Context Protocol](https://modelcontextprotocol.io/) connects NeoAgent
29
+ to external tool servers. Configure servers in **MCP**, choose the supported
30
+ authentication method, and inspect the connection state before assigning the
31
+ tools to an agent.
44
32
 
45
- The agent reads all `.md` files in the skills directory on each turn. Keep skills focused. Include exact tool names or shell commands when precision matters. Don't store secrets in skill files.
33
+ Use MCP when an external system exposes a maintained MCP server or when a
34
+ capability requires a real API implementation rather than instructions.
46
35
 
47
- **When to use a custom skill** — repeated workflows involving specific local paths, commands, or multi-step procedures. For connecting to third-party services, prefer official integrations or MCP tools instead.
36
+ ## Choosing the right extension
48
37
 
49
- ## Skill Store
38
+ Prefer, in order:
50
39
 
51
- The **Skills** section in the UI includes a built-in catalog from `/api/store`. Skills install as Markdown files into the runtime skills directory — editable and removable after installation.
40
+ 1. An official NeoAgent integration for supported account services
41
+ 2. A maintained MCP server
42
+ 3. A skill using existing tools
43
+ 4. Browser or shell automation when no structured interface exists
52
44
 
53
- Catalog categories: system, network, info, document, data, and git helpers.
54
-
55
- ## MCP Tools
56
-
57
- External tools connect via the [Model Context Protocol](https://modelcontextprotocol.io). Configure MCP servers in **Settings → MCP**. Connected tools appear alongside built-in skills automatically.
58
-
59
- Use official integrations or MCP tools when they exist — they are more reliable than browser automation or shell scraping and easier to audit.
45
+ Structured integrations are easier to restrict, audit, and keep stable than UI
46
+ automation.