Why Agents
Runlayer lets you build multiple Agents, each for a different job. Instead of one general assistant with broad access, you create focused agents for specific workflows, teams, or risk levels. Each Agent combines:- Instructions (main prompt + optional skills)
- A chosen model
- A curated set of MCP connectors and tools
- Optional deployment channels (Slack, schedules, webhooks)
Agents for any purpose
You can create agents for almost any internal workflow, for example:- Support agent: summarize tickets, query product docs, draft replies
- Incident agent: triage alerts, pull logs, post status updates
- RevOps agent: collect CRM context, prep account briefs
- Security agent: review policy denials, summarize risk events
- Platform ops agent: monitor MCP health and failed tool calls
- Leadership reporting agent: weekly usage + adoption summaries
Set up an agent
Create the Agent
Go to Agents and click Create new.You can start from scratch or pick a template. Templates pre-fill the name, prompt, connectors, and built-in tools so you can get running faster. Current templates include a Runlayer workspace agent, a research agent, a weekly summary agent, and a morning brief agent.In setup, define:
- Name
- Main prompt (required)
- Privacy: Private or Public (workspace-visible)
- Custom icon (optional — pick from the built-in icon library or upload your own)
- Built-in tools (for example, Web Fetch)
Attach connectors and tools
Add one or more connectors (MCP servers), then select which tools are enabled.
This is the core capability boundary for the agent. Connectors that require OAuth show a Connect button on the connector card or a guided setup dialog with per-connector status. Connecting creates a session grant that shares your OAuth credentials with the agent.
Configure model + behavior
Open the agent detail page and set:
- Model — available models depend on which LLM providers are configured in Settings → Workspace (see LLM providers below)
- Instructions (prompt)
- Skills
- Optional env vars (if enabled in your workspace)
Test in Playground
Open the Playground tab to chat with your agent interactively. The playground streams responses in real time and shows tool calls inline so you can verify prompt behavior, connector access, and model output before deploying.The playground automatically injects Runlayer tools (search, run, manage) so the agent can reason about your Runlayer workspace without you manually adding the Runlayer connector first.
Choose deployment mode
Use one or more:
- Schedules for recurring runs — if a scheduled run fails, the agent owner receives a Slack DM (when Slack is connected)
- Webhooks for event-driven runs
- Slack integration (if configured) — run result DMs can be set to Always, Errors only, or Never. When an agent runs from a Slack trigger, it can post additional messages back to the thread using a built-in say tool (no extra setup required).
Validate in Activity
Check run history for status, token/cost usage, and execution trace.
Failed runs can be retried directly from the Activity view, and any past run can be resumed in the Playground — click the run to open it, then click Resume to continue the conversation with the full prior context loaded.
Runs triggered from Slack show conversation, channel, and trigger details with a link to the originating Slack message.
Tighten prompt/tool scope before broad rollout.
Duplicating an agent
Any workspace member can duplicate an agent from the agent detail page (overflow menu → Duplicate) or from the agent card on the list page. Duplicating clones the agent’s configuration, attached connectors, and tools into a new agent owned by you. Only the agent owner can delete an agent; duplication is available to everyone.Browsing and filtering agents
The Agents list page supports:- Sorting by newest, oldest, alphabetical, or last used
- Status filter to show only active or disabled agents
- Search by agent name
- Schedule badge on agent cards showing the number of active schedules
- Connector icons on agent cards showing attached connectors
Run limits
Agents have daily and weekly run limits to prevent runaway usage. Defaults are set at the workspace level in Settings → Workspace and apply to all agents. To override limits for a specific model within an agent, open the agent’s detail page and configure per-model run limits. Each override sets a separate daily and weekly cap for that model (the weekly cap must be greater than or equal to the daily cap). When an agent reaches its limit, new runs are rejected until the window resets.Budget alerts
When Slack is connected, the agent owner receives a DM when an agent crosses 75%, 90%, or 100% of its daily or weekly run limit. Budget alerts are enabled by default and can be toggled per-agent in the agent detail page under Budget alerts.LLM providers
Agents need at least one LLM provider configured to run. Admins manage providers in Settings → Workspace.| Provider | How to enable | Models |
|---|---|---|
| Anthropic | Add your Anthropic API key | Claude Opus 4.7, Claude Opus 4.6, Claude Sonnet 4.6, Claude Opus 4.5 |
| OpenAI | Add your OpenAI API key | GPT-5.4, GPT-5.4 Mini |
| OpenAI-compatible gateway | Set a gateway URL + API key + model list | Any models the gateway exposes (e.g. OpenRouter) |
Self-hosted deployments can also enable Bedrock-hosted Anthropic models via Terraform. See Agent Sandbox LLM Gateway for details.
Agent memory
Each agent includes a built-in persistent SQLite database it can use to save structured notes and state between runs. You do not need to attach extra storage for this — it is available automatically. Use agent memory for things like:- Durable preferences or instructions specific to that agent
- IDs, checkpoints, or summaries from earlier runs
- Lightweight working state for recurring tasks
Example prompts
- “Remember that Acme prefers weekly status updates every Monday.” The agent can save that preference in its memory and use it in later runs for Acme-related work.
- “Store the last processed Zendesk ticket ID as 18423 and pick up from there next run.” The agent can write that checkpoint, then retrieve it later to avoid starting from scratch.
- “What do you already remember about our Q2 board report workflow?” The agent can query its stored notes, summarize what it finds, and use that as context for the current task.
Subagents
An agent can delegate work to subagents — lightweight child agents that run inside the parent agent’s sandbox with their own name, description, prompt, and optional model override. Subagents inherit the parent’s connectors and tools but follow their own instructions, so you can split a complex workflow into focused sub-tasks without creating separate top-level agents. To add subagents, open the agent detail page and look for the Agents section. Click Add agent, then fill in:| Field | Required | Notes |
|---|---|---|
| Name | Yes | Lowercase, alphanumeric + hyphens (max 64 chars) |
| Description | Yes | Short summary (max 255 chars) |
| Prompt | No | Instructions for the subagent (max 10 000 chars) |
| Model | No | Override the parent’s model; defaults to the parent model if unset |
add_agent_subagent, update_agent_subagent, delete_agent_subagent).
Agent policies
Each agent has a dedicated Policies section on its detail page where you can define access rules scoped to that agent’s connectors and tools. Agent policies work like server-level policies but are managed directly from the agent rather than from each connector individually. To add a policy, open the agent detail page, scroll to the Policies section, and click Add policy. Each policy includes:| Field | Description |
|---|---|
| Tools | Select which tools the policy applies to (from the agent’s attached connectors) |
| Action | Allow or Deny |
| Conditions | Optional runtime conditions (same condition language as server-level policies) |
Multi-agent strategy
Use multiple agents instead of one overloaded agent:- Split by business function (Support, Security, Ops, GTM)
- Split by data sensitivity (low-risk vs privileged systems)
- Split by trigger type (human chat vs scheduled vs webhook)
- Keep prompts short and role-specific
- Keep connector/tool permissions narrow per agent
Ownership and access
- The agent owner is shown on the agent detail page (below the webhook section)
- Agent owners and admins with the Manage Agents capability can edit core settings (including the enable/disable toggle); advanced settings (model, environment variables, subagents) are visible only to admins and the agent owner
- When you create or update an agent, you automatically receive access to the connectors attached to it
- Public agents are accessible to workspace users
- Non-owners may have read/run access but not edit rights
- All calls still pass through your Runlayer policy model and scanner stack
Use Runlayer MCP inside agents
Runlayer MCP is a first-party connector that lets an agent reason about your Runlayer workspace itself (analytics, audit logs, inventory, governance). To use it in an agent:- Install/enable the Runlayer server in your workspace.
- Add that connector to the agent.
- Test with focused prompts (examples below).
- “Use Runlayer MCP to export top tools used in the last 30 days and summarize top failure causes.”
- “List recent policy denied events and group by connector.”
- “Show all connectors with low usage but high error rate.”
- “List pending access requests and summarize by team.”
Mutating Runlayer MCP actions are confirm-gated (for example
confirm=true)
and permission-gated (admin/owner where required).Agents vs Agent Accounts
- Agents: UI-managed AI workers with prompt + tool curation
- Agent Accounts: OAuth client identities for programmatic/API access
Related docs
Runlayer MCP
Built-in MCP for analytics, audit logs, inventory, governance
Agent Accounts
Programmatic auth + delegated access model
Policies
Control what agents and users can do
MCP Troubleshooting
Debug connector, auth, and permission failures