Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.murmur.dev/llms.txt

Use this file to discover all available pages before exploring further.

These catalog resources define agent behavior, identity, and access control. They cover everything from reusable agent personas to tenant-wide role bindings.

agent

Runtime record created when an agent is spawned. Tracks the agent’s lifecycle state in the catalog.

Fields

FieldTypeDescription
namestringAgent identifier (matches the slug).
agent_idstringUnique agent identifier.
grantsarrayPermissions granted to this specific agent.
created_attimestampWhen the agent was spawned.
terminated_attimestampWhen the agent finished or was killed (if applicable).
session_urlstringURL to the agent’s live session view.
purposestringHuman-readable summary of the agent’s goal.
service_profilestringReference to a service-profile resource for this agent’s identity.

Example

name: fix-auth-bug
agent_id: wf-abc123
grants:
  - agent.read
  - agent.edit
created_at: "2026-05-08T10:00:00Z"
session_url: "https://app.murmur.dev/w/acme/u/jdoe/fix-auth-bug/session"
purpose: "Fix the authentication bypass vulnerability in the login endpoint"
Agent resources are created automatically when you spawn an agent. You typically do not create them manually via murmur set.

agent-persona

Reusable persona definitions that customize an agent’s behavior, model, and available tools.

Fields

FieldTypeDescription
namestringPersona identifier (e.g. architect, reviewer, security-auditor).
contentstringSystem prompt content appended to the agent’s context. Alias: prompt.
modelstringModel override for agents using this persona.
toolsarrayAllowlist of tools the agent can use. Empty means all tools.
disallowed_toolsarrayDenylist of tools the agent cannot use.
max_turnsintegerMaximum number of turns before the agent is stopped.
tasksarrayDefault checklist tasks for agents using this persona.

Example

name: security-auditor
content: |
  You are a security auditor. Focus exclusively on security vulnerabilities,
  authentication issues, and authorization bypasses. Do not make functional
  changes unless they are security-related.
  
  Always check for:
  - SQL injection
  - XSS vulnerabilities
  - Authentication bypasses
  - Insecure direct object references
  - Missing authorization checks
model: opus
disallowed_tools:
  - Bash(rm *)
  - Bash(git push --force*)
max_turns: 50
tasks:
  - "Review authentication middleware"
  - "Check authorization on all endpoints"
  - "Scan for injection vulnerabilities"

flight

Stored flight documents — reusable orchestration plans with optional triggers for automated execution.

Fields

FieldTypeDescription
namestringFlight identifier.
contentstringThe flight document (Markdown with structured orchestration instructions).
workspacestringDefault workspace for agents spawned by this flight.
pausedbooleanIf true, triggers are disabled. Default: false.
daemonbooleanIf true, the flight runs continuously. Default: false.
triggersarrayEvent triggers that automatically launch the flight.
triggers[].eventstringEvent type (e.g. pr_opened, push, schedule).
triggers[].filterobjectConditions for the trigger (e.g. branch pattern, label).
max_concurrentintegerMaximum simultaneous runs of this flight.
personastringReference to an agent-persona for the pilot agent.
modelstringModel override for the pilot agent.
expected_outputstringExpected output type (pr, push, respond).
dequeue_strategystringFollow-up dequeue strategy: all, one, or five.
service_profilestringReference to a service-profile for the flight’s identity.

Example

name: pr-review
content: |
  # PR Review Flight
  
  Review the pull request and provide feedback.
  
  1. Read the PR diff
  2. Check for bugs, security issues, and style problems
  3. Post a review with comments
workspace: acme-backend
triggers:
  - event: pr_opened
    filter:
      base_branch: main
  - event: pr_synchronize
    filter:
      base_branch: main
max_concurrent: 5
persona: reviewer
model: sonnet
expected_output: respond

secret

Tenant-wide secrets, encrypted at rest with the tenant’s KMS key. Injected into VMs as environment variables.

Fields

FieldTypeDescription
namestringSecret identifier. Becomes MURMUR_SECRET_{NAME} on VMs (uppercased, hyphens to underscores).
plaintext_valuestringThe secret value. Write-only — accepted on set, never returned on get.
encryptedstringThe KMS-encrypted value. Managed by the platform.
created_attimestampWhen the secret was created.

Example

# Create a secret (interactive)
murmur set secret npm-token --value "npm_abc123def456"

# The secret is available on VMs as:
# MURMUR_SECRET_NPM_TOKEN=npm_abc123def456
Secret values are write-only. Once set, you cannot read back the plaintext value. If you need to update a secret, set it again with the new value.

user-secret

Per-developer secrets. Same as secret but encrypted with the developer’s identity in the AAD, ensuring they can only be decrypted for that specific developer.

Fields

FieldTypeDescription
namestringSecret identifier.
plaintext_valuestringThe secret value. Write-only.
encryptedstringThe KMS-encrypted value with developer AAD.
created_attimestampWhen the secret was created.
User secrets are useful for developer-specific credentials that should not be shared across the team (e.g. personal API tokens for third-party services).

user

User identity records in the catalog.

Fields

FieldTypeDescription
namestringUsername (GitHub login).
git_namestringGit commit author name.
git_emailstringGit commit author email.
ssh_public_keysarraySSH public keys for VM access. Array of strings.

Example

name: jdoe
git_name: "Jane Doe"
git_email: "jdoe@example.com"
ssh_public_keys:
  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ... jdoe@laptop"

role

Named permission sets. See Authorization for the full permission model.

Fields

FieldTypeDescription
namestringRole identifier (e.g. developer, observer, admin).
permissionsarrayList of {kind}.{verb} permission strings. Supports wildcards.

Example

name: developer
permissions:
  - agent.create
  - agent.edit
  - agent.read
  - agent.list
  - agent.delete
  - secret.read
  - secret.list
  - "*.read"
  - "*.list"

group

User groups for bulk role assignment.

Fields

FieldTypeDescription
namestringGroup identifier.
sourcestringMember source: static, github_admin, or all_tenant_members.
membersarrayList of usernames (only for static source).

Example

# Static group with explicit members
name: backend-team
source: static
members:
  - alice
  - bob
  - carol

# Dynamic group matching all org admins
name: platform-admins
source: github_admin

tenant-binding

Binds users or groups to roles at the tenant level.

Fields

FieldTypeDescription
namestringBinding identifier.
grantobjectThe grant specification.
grant.role_refstringReference to a role resource.
grant.user_refstringUsername to bind (mutually exclusive with group_ref).
grant.group_refstringReference to a group resource (mutually exclusive with user_ref).

Example

name: backend-developers
grant:
  role_ref: developer
  group_ref: backend-team

alias

Name aliases for resources, enabling shorthand references.

Fields

FieldTypeDescription
namestringAlias name (the shorthand).
agent_idstringThe target agent’s identifier.
portintegerOptional port number for port aliases.

Example

name: my-api
agent_id: wf-abc123
port: 8080

service-profile

Service identity and credentials for platform operations. Defines the identity under which agents or services operate.

Fields

FieldTypeDescription
namestringService profile identifier.
git_namestringGit commit author name for this service identity.
git_emailstringGit commit author email for this service identity.
secret_refsarrayList of secret names available to this service profile.
grantsarrayPermissions granted to this service profile.

Example

name: ci-bot
git_name: "CI Bot"
git_email: "ci-bot@acme.com"
secret_refs:
  - npm-token
  - deploy-key
grants:
  - agent.create
  - agent.read
  - agent.list