Skip to content
Evershell Docs

Evershell Documentation

Evershell is a runtime for free agents. Your agent runs with full power inside a sandboxed workspace; outbound network calls are mediated by a transparent proxy that enforces a policy compiled from the workspace’s role. No agent code changes required.

This site covers the parts that don’t fit in a tooltip — what a workspace, role, content pack, or credential is at runtime; the shape of caps.yaml; every audit event the runtime emits; how the control plane gates access via member roles and permission scopes; and the evershell CLI that backs the same /v1/* API as the console.

Concepts

Section titled “Concepts”

Runtime

Section titled “Runtime”
  • Workspaces — The isolated pod each agent task runs in: lifecycle, snapshots, fork, the off-pod proxy that intercepts every outbound call, and the session / task / iteration / compaction events the agent emits.
  • Agent roles & providers — The configuration unit operators ship: provider + model + capabilities + packs + timeouts + warm-pool policy. Includes the topology and role-editor canvases.
  • Content packs — OCI-packaged bundles of guides, scripts, data, and behavioural instructions attached to roles. Covers OCI packaging, digest pinning, the stale-pack signal, and how a pack’s capabilities are auto-copied into the role on attach.
  • Credentials & secrets — How outbound auth and secret material reach the proxy on the agent’s behalf — typed credentials for providers the platform models (OAuth, API key, Basic) versus opaque secrets for anything else.

Access

Section titled “Access”
  • Member roles — Owner / Operator / Member tiers, what each can do, how invitations flow.
  • Permissions & scopes — The <resource>:<verb>[:own] scope ladder, what :own narrows, which routes are gated on which scope.
  • API keys — Lifecycle of an org-scoped API key: how it’s issued, what permission template it carries, and what happens when you revoke.

Reference

Section titled “Reference”
  • API reference — Every customer-facing endpoint on the control plane API: routes, request shapes, response codes, error envelope.
  • caps.yaml — Every field in a capability spec, with closed enums and a complete example.
  • Audit events — The catalog of event types the runtime emits, what their detail looks like, and how to query the audit log.

CLI

Section titled “CLI”
  • evershell CLI — Install, authenticate, and the full verb reference. Backs the same /v1/* API the console drives; useful for CI, scripting, and one-off ad-hoc queries.

Getting access

Section titled “Getting access”

If you don’t have an Evershell tenant yet, request a demo and we’ll provision one. Existing customers sign in at auth.evershell.ai.