StablePiggy Farm — What Napoleon Can Do

🌾

The Barn — File Storage

Your /workspace namespace. Agents write here, humans download. Auto-mounted in every container.

fs.list

List files and directories in /workspace

fs.upload

Create or overwrite a file. Parent dirs auto-created.

fs.download

Read file contents (text or base64)

fs.delete

Permanently delete a file or directory

fs.quota

Show storage usage and Farm disk space

🐳

The Pen — Docker Containers

Isolated containers with resource limits (1 GB RAM, 1 CPU, 100 PIDs). /workspace auto-mounted inside.

docker.ps

List running or all containers

docker.pull

Pull an image from a registry

docker.run

Start a new container in the background

docker.logs

Read stdout/stderr from a container

docker.stop

Stop a running container gracefully

docker.rm

Remove a container (force flag stops + removes)

docker.exec

Run a command inside a running container

docker.cp.to

Copy a file from the Barn into a container

docker.cp.from

Copy a file from a container into the Barn

docker.images

List, inspect, or remove Docker images

docker.build

Build an image from a Dockerfile in the Barn

docker.tag

Tag an image with a new name for pushing

docker.push

Push image to a registry (creds from Vault)

docker.expose

Expose a container port as a public HTTPS URL via auto-TLS

docker.unexpose

Remove the public URL for a container port

docker.urls

List all live public URLs across your containers

🔐

The Hutch — Secrets & JIT

AES-256-GCM encrypted secrets. Keys never leave the server. JIT grants for privileged scopes.

vault.get_secret

Read a decrypted secret (never logged or shown)

vault.set_secretadmin

Store an encrypted secret in a project

vault.list_keys

List secret key names — safe to display, no values

vault.delete_secretadmin

Permanently delete a secret

vault.request_jit

Request a time-limited grant for a privileged scope (e.g. EXEC_SHELL)

vault.renew_jit

Self-service renewal of an active JIT grant

vault.my_permissions

Show your identity, scopes, JIT grants, and whitelisted commands

⚡

Exec — Command Execution

Run commands directly on the Farm. Safe mode uses an approved whitelist; shell mode requires a JIT grant.

exec.safe

Run a whitelisted command (no shell, no JIT needed)

exec.shell

Full shell with pipes and redirects — requires an active JIT grant

🧠

The Trough — Knowledge Store

Semantic search powered by Voyage AI embeddings. Persistent agent memory across sessions.

knowledge.store

Store a note, code snippet, error resolution, or task result with vector embedding

knowledge.search

Semantic search — finds by meaning, not just keywords

knowledge.list

Browse stored entries by category

knowledge.delete

Permanently delete a knowledge entry

knowledge.usage

Check embedding token usage and monthly budget

📣

OINK — Messaging & Pub/Sub

Direct messages (point-to-point or broadcast) and pub/sub topics for agent coordination.

msg.send

Send a direct message or broadcast by role/scope

msg.inbox

Check your message inbox (unread by default)

msg.read

Read full message body and metadata

msg.reply

Reply to a message in a thread

msg.ack

Acknowledge a message — confirms it was processed

topic.create

Create a pub/sub topic with retention and visibility settings

topic.subscribe

Subscribe to a topic and start receiving events

topic.unsubscribe

Stop receiving events from a topic

topic.publish

Publish an event — all subscribers see it

topic.poll

Poll for new events (cursor or replay mode)

topic.list

List your current topic subscriptions

topic.update

Update topic metadata (retention, description)

task.handoff

Reassign a task to another agent with a notification

🌱

The Soil — Intelligence Layer

Read-only. Worker and Scout Ants collect signals. Pheromone Paths (ACO) show what sequences work best.

soil.health

Farm health overview: signal counts, ant status, recent signals

soil.trends

Query aggregated signals — tool popularity, error rates, patterns

soil.paths

Explore pheromone paths — which tool sequences produce the best outcomes

🔀

Git — Repository Management

Repos live in /workspace/repos/. HTTPS only. Auth tokens auto-resolved from the Vault. Secret scanning on commit.

git.clone

Clone a repo — auth tokens read automatically from the Vault

git.status

Working tree status: branch, staged, modified, untracked

git.diff

Show file diffs (staged or unstaged)

git.log

Commit history with hash, author, date, message

git.commit

Stage files and commit — secret scanning blocks leaks

git.branch

List, create, switch, or delete branches

git.push

Push to remote — force push and default branch push blocked by default

git.pull

Pull from remote — reports merge conflicts if they occur

git.repos

List all cloned repositories in your namespace

git.delete

Remove a cloned repo permanently

git.safety

View or update safety settings (force push, secret scanning)

📌

Stables — Persistent Sessions

Named sessions that survive MCP disconnects. Checkpoints, scratch space, TTL expiry.

session.create

Open a named persistent session with TTL

session.resume

Resume a session by name or ID after a disconnect

session.checkpoint

Save current state — keeps last 5 checkpoints

session.restore

Roll back to a previous checkpoint

session.scratch_set

Stash key-value data (max 1 MB/key, 10 MB/session)

session.scratch_get

Retrieve stashed working data

session.list

List sessions — admins see all across the org

session.close

Close a session with optional final state snapshot

✅

Tasks — Multi-Step Chores

Define sequences of tool calls. Agent-driven execution. Step-level audit trail. Human approval gates.

task.create

Create a task with ordered steps (MCP tool calls)

task.run

Execute the next pending step — call in a loop until complete

task.status

Check progress, step results, and blockers

task.log

Append a log entry to the task's audit trail

task.list

List tasks — admins see all

task.update

Update task status or metadata (pause, cancel)

task.spawn

Create a sub-task linked to a parent

task.approveadmin

Approve or reject an approval gate on a step

🤖

Agents — Always-On Deployments

Persistent agents in containers. Auto-restart with exponential backoff, event triggers, daily budgets. Max 10 per identity.

agent.deploy

Deploy an always-on agent from a template or custom config

agent.undeploy

Permanently remove a deployed agent

agent.start

Start a stopped agent deployment

agent.stop

Stop without removing — preserves config for restart

agent.deployments

List deployed agents with status and daily budget usage

agent.deployment_status

Detailed status: health, trigger history, restarts, last error

agent.deployment_logs

Container logs and trigger execution history

agent.templates

Browse system and custom agent templates

agent.save_template

Save a working deployment as a reusable template

🤝

Coordination — Herd & Contracts

Herd presence, versioned API contracts, schema diffing, conflict resolution, and backpressure queuing.

agent.register

Announce what you're working on — TTL-based presence in the Herd

agent.current_job

See what all active agents are doing and their queue depth

agent.task_list

List completed tasks and published contracts by other agents

agent.contract_publish

Publish a versioned schema/interface contract

agent.contract_get

Fetch a published contract (latest or specific version)

agent.contract_check

Diff your local schema against a published contract

agent.contract_subscribe

Subscribe to contract change notifications

agent.conflict_raise

Flag a contract incompatibility for the owner to resolve

agent.conflict_list

List open contract conflicts across the org

agent.conflict_resolve

Resolve or dismiss a conflict, optionally publishing a new version

agent.queue_status

Check an agent's queue depth and throttle hints before sending work

agent.queue_cancel

Cancel a pending request you sent to another agent's queue

💻

Workspaces — Dev Environments

Provision full dev environments from templates — Node, Python, Go, Rust, Postgres, Redis, and more.

workspace.templates

Browse system and custom workspace templates

workspace.create

Create a workspace from a template

workspace.list

List your workspaces with status

workspace.get

Get full workspace config and container status

workspace.start

Launch the workspace container

workspace.stop

Stop container — Barn storage preserved for restart

workspace.destroy

Permanently remove a workspace

workspace.save_template

Save a custom workspace template for reuse

workspace.delete_template

Delete a custom template (system templates protected)

🚀

Pipelines — GitHub Issue → Tested PR

Napoleon clones, branches, implements, tests, and creates a PR — automated from GitHub issue to reviewed pull request.

pipeline.create

Create a pipeline for a GitHub repo with a test command

pipeline.run

Trigger a run for a specific GitHub issue

pipeline.status

Check run status with proof-of-work report and PR link

pipeline.list

List your pipelines with run counts

pipeline.runs

List pipeline runs with status and PR links

pipeline.config

Update test commands, safety limits, approval settings

⏰

Schedules & Webhooks

Cron-based recurring tasks (min 5-minute interval) and inbound HTTP webhooks for event-driven triggers.

schedule.create

Create a cron-scheduled task (max 20 per identity)

schedule.list

List schedules with next and last run times

schedule.update

Update cron expression, template, or enable/disable

schedule.delete

Permanently delete a schedule

schedule.history

View execution history and task outcomes

schedule.run

Manually trigger a schedule now (doesn't affect cron timing)

webhook.create

Create an inbound webhook — returns URL and HMAC secret (shown once)

webhook.list

List webhooks with trigger counts and URLs

webhook.delete

Delete a webhook — URL immediately stops accepting requests

📸

Screenshot — Headless Browser

Persistent Chromium container per user. See what you built — capture any public URL as a PNG.

screenshot.capture

Take a screenshot of any public URL → saved to outputs/ in the Barn. First call may take ~30s to start the browser.

⚙️

Farmland Management admin only

Identity, scope, quota, whitelist, JIT, and capability management. Requires Farmland Manager (ADMIN) role.

admin.create_identity

Create a new human, agent, or CI identity

admin.list_identities

List all identities in the org with roles and status

admin.create_api_key

Generate an API key for an identity (shown once)

admin.assign_role

Change an identity's role (admin, developer, agent, ci)

admin.create_project

Create a project for secrets, members, and resources

admin.add_member

Add an identity to a project as owner, member, or viewer

admin.grant_scope

Grant a permission scope to an identity

admin.revoke_scope

Revoke a permission scope — takes effect immediately

admin.audit_query

Search the Mud (audit log) — filter by identity, tool, time, result

admin.list_jit

List JIT grants — filter by status, identity, or task type

admin.approve_jit

Approve a pending JIT grant request

admin.deny_jit

Deny a pending JIT grant request

admin.revoke_jit

Immediately revoke an active JIT grant

admin.manage_whitelist

Add, list, or remove entries from the exec.safe command whitelist

admin.manage_task_types

Configure JIT task types — TTL, renewal limits, active state

admin.list_capabilities

List pending capability grant requests awaiting approval

admin.approve_capability

Approve a capability request (auto-creates whitelist entry for commands)

admin.deny_capability

Deny a capability request with an optional reason

admin.set_quota

Set max containers, storage bytes, and exec calls per day for an identity

admin.rotate_vault_key

Re-encrypt all Vault secrets with the current master key

🏅

Capabilities — Skill Badges

Self-service requests for commands, docker build/push access, registry access, or extra scopes. Farmland Managers auto-approve; others queue for review.

capability.request

Request a capability grant — command, docker_push, docker_build, registry_access, or scope

capability.check

Check the status of a pending or approved grant

capability.my_grants

List all your grants — pending, approved, expired, denied