Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Amodal Configuration

Amodal has two configuration scopes:

  • Agent workspace pages live under /agents/:agentId/* and configure one deployed agent.
  • Organization workspace pages live under /org/:orgId/* and configure the team, billing, model provider credentials, and shared platform access.

Visibility and editability are permission-based. Viewers may see read-only versions of pages that admins and developers can edit.

Agent Workspace

The left sidebar groups agent pages into Operate, Deploy, Resources, and Configure.

PagePathWhat It Shows
Overview/agents/:idHealth summary, recent sessions, usage, model/provider status, connection gaps, and recommended actions.
Sessions/agents/:id/sessionsRuntime session history, scopes, token usage, messages, tool calls, and session detail pages.
Activity/agents/:id/activityAmodal audit/activity events such as deploys, source commits, auth changes, and secret edits.
Logs/agents/:id/logsRuntime logs with filters for level, scope, session, and search text.
Cost/agents/:id/costCost and usage by scope, model, deploy, day, and highest-cost sessions.
Source/agents/:id/filesGit-backed source browser/editor. Commits are made through Amodal and can be deployed.
Deploys/agents/:id/deploysDeploy list, deploy detail, logs, selected deploy, promote, start, stop, redeploy, and delete actions when permitted.
Evals/agents/:id/evalsEval suites and runs. Arena mode compares model behavior.
Connections/agents/:id/connectionsConnection inventory, credential status, runtime health, file completeness, endpoint details, and route probes.
Guardrails/agents/:id/guardrailsSource-backed connection policy, field restrictions, and safety configuration.
Automations/agents/:id/automationsPlatform-managed background bindings and runs.
Stores/agents/:id/storesStore schemas and documents from the runtime store backend.
Memory/agents/:id/memoryAgent memory entries when memory is enabled.
Feedback/agents/:id/feedbackEnd-user feedback review queue.
Models/agents/:id/modelsModel catalog, configured aliases, provider verification status, prices, context windows, and recent usage.
Prompt/agents/:id/promptCompiled system prompt, token budget, category breakdown, and top prompt contributors.
Embed/agents/:id/embedEmbeddable chat widget configuration and generated React snippet.

Settings Tabs

The Settings page contains these tabs:

TabPathPurpose
General/agents/:id/settings/generalAgent identity and platform metadata.
Source/agents/:id/settings/sourceRepository connection state and current source ref.
Secrets/agents/:id/secretsAgent environment variables and connection secrets.
API Keys/agents/:id/settings/api-keysAgent-scoped programmatic access keys.
Auth/agents/:id/authHosted app protection and end-user identity.
Runtime/agents/:id/runtimeRuntime machine resources.
Domains/agents/:id/settings/domainsApproved embed origins and custom app hostnames.
System/agents/:id/systemRuntime version, Node version, uptime, and repo path.

General

General stores platform metadata for the agent:

FieldMeaning
NameDisplay name shown in Amodal lists.
ContextOptional platform-side context or notes about the agent.
Agent IDStable platform ID. Read-only.
App URLHosted agent URL when available. Read-only.
CreatedAgent creation timestamp. Read-only.

This is not the same as amodal.json#name, though they should usually stay aligned.

Source

Source shows the active repository connection and source ref:

FieldMeaning
Modecloud for platform GitHub source; local for local Amodal.
ProviderUsually GitHub in cloud.
Stateconnected, local, not_configured, or error.
AccessWhether Amodal can manage the connection or only read it.
Repository pathRoot path used by the source backend.
Branch, ref, commit, default branchCurrent selected source information.
Git statusClean/dirty/unavailable status when the backend can report it.

When available, this tab can connect, reconnect, disconnect, or choose from GitHub repositories granted to the organization.

Secrets

Secrets are agent environment variables. They are used for provider keys, connection credentials, OAuth tokens, JWT secrets, and other runtime values referenced by env:.

Actions:

  • Add a secret by name and value.
  • Replace an existing secret value.
  • Reveal a secret only when the backend allows reveal.
  • Delete a user-managed secret.

Some platform-managed secrets cannot be edited or deleted by users.

API Keys

Agent API keys are for programmatic access to the agent from scripts, CI, or external systems.

Actions:

  • Create a named key.
  • Copy the raw secret once at creation time.
  • View key prefix, creation time, and last-used time.
  • Revoke a key.

The secret is not shown again after creation.

Auth

These settings are the Amodal surface for the two auth layers. See Authentication for the full model — the browser cookie flow, API-client tokens, and how to choose a setup (and the same settings via the Platform API).

Auth has two layers:

  1. Deploy protection controls who can open the hosted app URL.
  2. End-user identity controls what identity the agent receives after the visitor reaches the app.

Deploy Protection

Maps to the hosted_auth_mode field (Platform API / amodal.json).

Modehosted_auth_modeBehavior
PublicpublicAnyone with the hosted app URL can open it. End-user identity is still controlled by the selected auth strategy.
Team onlyuser_authOnly members of the agent's organization can open the hosted app. End-user identity is still controlled by the selected auth strategy.

Team-only mode uses the platform's hosted login flow. It gates app access before runtime chat begins.

End-User Identity Modes

ModeUse WhenFields
Hosted JWKS presetThe platform host owns login and token issuance, such as the WorkOS-hosted path.Application client ID, optional JWKS URL, optional issuer, optional audience.
Anonymous identityDemo, server-to-server, or any app where per-user identity is not required.Optional synthesized user ID. Defaults to anonymous. Chat/runtime calls still require runtime authentication.
Shared JWT secretYour backend already mints HMAC JWTs for users.Shared secret, algorithm, optional issuer, optional audience.
OIDC / SSOYou want the runtime to perform a full OAuth/OIDC login dance with Okta, Azure AD, Google Workspace, Auth0, Keycloak, etc.Issuer URL, client ID, client secret, callback URL, scopes, session signing secret, optional cookie name, optional session TTL.
Trusted headerAn upstream proxy authenticates users and injects identity.Header name. Defaults to X-Auth-User.
CustomYou need a custom runtime AuthStrategy.Module path relative to the runtime directory.

Use env: references for secrets such as JWT shared secrets, OIDC client secrets, and session signing secrets.

Hosted JWKS Preset

Hosted JWKS is the managed preset used when the platform owns login and organization membership. The runtime verifies hosted JWTs against a JWKS endpoint. In hosted deployments the platform can inject the JWKS URL and issuer, so the advanced fields can often stay blank.

Fields:

  • Application client ID: Client/application ID for the hosted login application.
  • JWKS URL: Remote key set used to verify hosted JWTs.
  • Expected issuer: Required iss claim.
  • Audience: Token aud; defaults to client ID when omitted.

Shared JWT Secret

Use this when your product backend mints a JWT and passes it to the widget/runtime.

Fields:

  • Shared secret: HMAC secret or env: reference.
  • Algorithm: HS256, HS384, or HS512.
  • Expected issuer: Optional iss requirement.
  • Expected audience: Optional aud requirement.

OIDC / SSO

Use this when the runtime should redirect users to an identity provider.

Fields:

  • Issuer URL: IdP discovery base URL.
  • Client ID and client secret: Registered OIDC application credentials.
  • Callback URL: Redirect URI registered in the IdP.
  • Scopes: One per line. Defaults to openid, email, profile.
  • Session signing secret: Runtime cookie signing secret; keep it distinct from the IdP secret.
  • Cookie name: Defaults to amodal_session.
  • Session TTL: Defaults to 86400 seconds.

Trusted Header

Use only behind infrastructure that strips incoming spoofed headers and writes its own authenticated identity header. Do not expose trusted-header auth directly to the public internet.

Custom Auth Strategy

Custom auth loads a module from the runtime directory. The module's default export must implement the runtime AuthStrategy interface.

Runtime

Runtime settings currently control machine memory:

OptionUse
512 MBDefault. Fits most agents.
1 GBLarger bundles and several connection drivers.
2 GBHeavy in-process workloads.
4 GBMaximum. Use when smaller sizes hit OOM.

Changes take effect on the next deploy or runtime rollout. Existing machines keep their current size until then.

Domains

Domains are split into two different concepts:

SectionPurpose
Approved DomainsBrowser origins allowed to embed this agent. These do not route app traffic.
Custom DomainsHostnames that serve the hosted agent app. DNS and TLS remain on the ingress/provider unless the capability says otherwise.

Approved domains allow:

  • Normal hostnames, such as app.example.com.
  • localhost.
  • Wildcard hostnames, such as *.example.com.

Custom domains must be concrete hostnames. localhost and wildcard hostnames are not valid custom domains.

Custom domain status can be pending, verifying, active, or error. Depending on plan and backend capability, Amodal may allow create, delete, status refresh, and verify actions.

System

System is read-only runtime information:

  • Runtime version
  • Node.js version
  • Uptime
  • Repository path

Use it for support/debugging rather than agent behavior configuration.

Embed

Embed config controls the generated @amodalai/react/widget snippet.

FieldOptions / Meaning
EnabledTurns the widget on/off for the saved embed config.
Positionfloating, right, bottom, or inline.
Scopeoptional or required. Required scope adds scopeId={tenant.id} to the snippet.
Open by defaultOpens the widget panel immediately.
Session historyShows previous sessions in the widget.
Feedback buttonsShows thumbs up/down feedback controls.
Verbose toolsShows expanded tool details in the widget.
HeaderWidget title text.
PlaceholderInput placeholder.
Empty stateInitial empty chat text.
Primary colorAccent color.
Modeauto, light, or dark.
Allowed domainsOne allowed embed origin per line. Empty means any domain.

Embed settings are stored in platform metadata, not committed to the agent repo.

Models

The Models page is read-only for agent-level model selection. It shows:

  • Current model.
  • Available providers and credential verification.
  • Recent usage and priced sessions.
  • Model catalog with provider, model ID, input/output price, context window, usage, and status.
  • Filters for all, configured, and available models.

Organization-level model provider credentials and allowlists are managed from Organization > Model Providers.

Organization Workspace

Organization pages configure shared workspace behavior.

PagePathPurpose
Agents/org/:orgIdList and create agents.
Users/org/:orgId/membersInvite users, manage roles, copy invite links, revoke invites, and remove members.
Usage/org/:orgId/usageBilling v2 usage ledger by org and agent.
Billing/org/:orgId/billingPlan, billing mode, credits, spend limit, payment methods, and subscription actions.
Model Providers/org/:orgId/model-providersProvider credentials, credential source, provider enablement, verification, base URLs, and model allowlists.
Settings/org/:orgId/settingsOrganization name, ID, plan, creation date, and GitHub App installation grants.
Automation Tokens/org/:orgId/automation-tokensTokens for coding agents and CI.

Users

Roles are assigned at the organization level. Admins and developers are billable product seats; viewers are free. Pending invites appear in the user list but are billed only after acceptance.

Amodal prevents removing yourself and prevents demoting/removing the last admin.

Model Providers

Each provider card supports:

  • Enable/disable provider.
  • Credential source: Amodal managed or bring your own key.
  • API key for BYOK providers.
  • Optional base URL override.
  • Clear saved API key on save.
  • Allowed model checklist.
  • Save and verify actions.

Verification status can be not configured, needs verify, verified, or failed. Runtime routing and final billing attribution depend on the provider gateway and cost service.

Automation Tokens

Automation tokens are explicit non-browser credentials for coding agents and CI.

AccessMeaning
ObserverRead-only status, deploys, sessions, usage, and evals.
OperatorObserver plus redeploy and eval operations. No secrets, billing, or member management.
AdminHigh-trust administration. Use short expirations.

Tokens can bind to all org agents or one agent. Expiration options are 7, 30, or 90 days; admin defaults to 7 days and other kinds default to 30 days. The raw token is shown once at creation.

Token creation, listing, and revocation require a signed-in user session with organization admin permissions. Automation tokens cannot create or revoke other automation tokens.

Use org-wide admin tokens only for setup flows that need to create agents or connect source repositories. After an agent exists, prefer agent-bound operator tokens for CI deploys and observer tokens for read-only monitoring.

Agent API keys under the agent settings are different: they create ak_ runtime keys for calling a deployed agent. They are not needed for platform setup, GitHub source connection, secrets, or deployments.

Billing and Usage

Usage shows the source-of-truth billing ledger:

  • Billable tokens
  • Platform fee
  • Provider pass-through
  • Total usage charges
  • Provider spend observed
  • Usage by subject, including agent rows

Billing manages:

  • Current plan and pending plan
  • Billing mode: charge, invoice review, or shadow
  • Included credits and remaining credits
  • On-demand/overage usage
  • Spend limit
  • Payment methods
  • Plan changes and cancellation/reactivation