Reference
Agent configuration
Complete reference for all configuration surfaces available in a Sovereign agent deployment. Covers identity, skill permissions, approval gates, memory scope, scheduling, security posture, credential management, and notification behavior.
Agent identity
Core attributes that define the agent at the tenant level.
| Field | Type | Description |
|---|---|---|
| name | string | Display name used in thread headers, Telegram handles, and audit log entries. |
| persona | text | Role framing and communication style. Sets tone and default escalation behavior. Does not expose credentials or system topology. |
| timezone | IANA string | All scheduled events and timestamps resolve against this zone. Default: America/Chicago. |
| channel | enum | Primary communication surface: telegram | slack | discord | sms | email. Determines where approval requests and digests are delivered. |
Skill permissions
Controls which skills are active and which roles can invoke them.
| Field | Type | Description |
|---|---|---|
| skills.enabled | string[] | Whitelist of active skill IDs. Skills not in this list cannot be invoked, scheduled, or webhook-triggered. |
| skills.roleGated | map<skill, role[]> | Skills that require a specific user role to invoke. Checked at thread-open time against the authenticated caller. |
| skills.readOnly | string[] | Skills in this list can read data but cannot write, send, or delete. Useful for analyst-tier access. |
| skills.retainerHours | number | Remaining custom-skill build hours on your retainer. Displayed in the portal dashboard. Read-only from configuration; adjusted by Prospectr. |
Approval gates
Thresholds that determine when the agent acts autonomously vs. holds for human sign-off.
| Field | Type | Description |
|---|---|---|
| approval.financialThreshold | number (USD) | Journal entries, payments, and refunds above this amount are held for explicit approval regardless of any inline instruction. |
| approval.externalSendGate | boolean | When true, all customer-facing emails and messages require approval before delivery. Default: true. |
| approval.deleteGate | boolean | When true, any bulk delete or irreversible data operation requires approval. Default: true. |
| approval.timeoutSeconds | number | How long the agent waits for an approval response before escalating or holding the action indefinitely. Range: 60–86400. |
| approval.escalationChannel | string | Secondary channel (phone call, secondary Telegram handle) used when the primary channel does not acknowledge within timeoutSeconds. |
Memory & context
What the agent retains across sessions and how long it keeps it.
| Field | Type | Description |
|---|---|---|
| memory.retentionDays | number | How many days of operational memory are carried forward into new threads. Older entries are archived, not deleted. |
| memory.scope | enum | main: full memory loaded on every thread. isolated: each scheduled or webhook thread starts with a scoped subset relevant to that skill. Isolated reduces token consumption and cost on high-frequency tasks. |
| memory.sensitiveKeys | string[] | Memory keys that are excluded from cross-session sharing and never surfaced in thread output or logs visible to non-admin roles. |
| memory.flushOnCompaction | boolean | When true, the agent writes a session summary to durable storage before any context compaction event. Prevents silent context loss on long-running threads. |
Scheduling & cron
Configuration surface for all time-driven agent invocations.
| Field | Type | Description |
|---|---|---|
| schedule.timezone | IANA string | Wall-clock timezone for all cron expressions. Cron fields are written in local time; no UTC conversion needed. |
| schedule.maxConcurrent | number | Maximum number of scheduled threads that may run simultaneously. Prevents queue buildup from overlapping long-running tasks. Default: 3. |
| schedule.defaultModel | enum | AI model tier used for scheduled runs unless the job overrides it. Typically a lighter model than the main session to control cost on high-frequency tasks. |
| schedule.offHoursWindow | cron expression | Time window reserved for disruptive operations (gateway restarts, config mutations, system upgrades). Operations outside this window are deferred. Default: 2 AM local. |
Security & audit
Authentication, authorization, and audit log configuration.
| Field | Type | Description |
|---|---|---|
| security.mfaRequired | boolean | Requires MFA for all portal logins. Enforced at the identity provider level; not bypassable via API. Default: true on all tiers. |
| security.auditRetentionDays | number | How long the immutable audit log is retained. Minimum 90 days on all plans; extended retention available on Agency tier. |
| security.ipAllowlist | CIDR[] | If set, portal access and API calls are restricted to listed IP ranges. Webhook inbound is not affected by this setting. |
| security.credentialStorage | enum | Where integration credentials are stored: tenant-aws-secrets (default, customer-owned AWS Secrets Manager) | prospectr-managed (Prospectr-hosted, encrypted, scoped to your tenant). Tenant-AWS is required for Sovereign self-hosted deployments. |
| security.dataResidency | enum | AWS region where your agent runtime, memory, and data pipeline operate. us-east-1 default; eu-west-1 and ap-southeast-2 available on Agency tier. |
Integration credentials
How the agent stores and accesses third-party credentials. Credentials are never embedded in configuration files.
| Field | Type | Description |
|---|---|---|
| integrations.storageBackend | enum | AWS Secrets Manager (tenant-managed) or Prospectr-managed vault. Both are AES-256 at rest, TLS 1.2+ in transit, with access scoped to your tenant role only. |
| integrations.rotationPolicy | object | Per-integration token expiry monitoring. Agent alerts the operator channel N hours before expiry and attempts auto-refresh where the OAuth provider supports it. |
| integrations.healthCheckIntervalSeconds | number | How often the agent polls each active integration for liveness. Default: 900 (15 minutes). A failed check triggers an alert; three consecutive failures page the escalation channel. |
Notifications & digests
What the agent sends proactively and when.
| Field | Type | Description |
|---|---|---|
| notifications.morningBriefing | cron | false | Schedule for the daily operational briefing. Format: calendar, pipeline status, inbox summary, recommended actions. Default: 6:30 AM local. |
| notifications.eodDigest | cron | false | End-of-day summary of completed work, pending approvals, and next-day defaults. Default: 8:00 PM local. |
| notifications.alertChannel | string | Primary channel for system alerts (integration failures, approval timeouts, anomaly detections). Separate from the conversational channel. |
| notifications.digestFormat | enum | short (5 bullets, Telegram-optimized) | full (structured sections, email-optimized). The agent adapts length to the channel automatically when set to auto. |
For security reviewers
Security posture summary
This section answers the questions a CTO or enterprise security team typically raises during vendor evaluation.
Where does data live?
All operational data is stored in the customer's AWS account (us-east-1 default; EU and APAC available). Prospectr holds zero customer data outside of what is explicitly shared for support purposes.
Who can access the audit log?
The audit log is immutable and append-only. It is accessible to admin-role users in the portal and can be streamed to the customer's SIEM (CloudTrail, Splunk, Datadog). Prospectr support access to the log requires explicit customer consent.
How are credentials stored?
Integration credentials are stored in AWS Secrets Manager under the customer's IAM, scoped to the agent's task role via least-privilege policy. Prospectr operators cannot access customer secrets without explicit break-glass procedures, which are audit-logged.
What happens when an approval times out?
The action stays held indefinitely. It does not auto-release. The agent escalates to the configured secondary channel (phone call, secondary contact) and continues to alert at the configured interval.
Is the AI model training on our data?
No. The Sovereign deployment uses Anthropic's API under a zero-data-retention agreement. No customer data is used for model training. Model inference is stateless.
What is the RTO / RPO?
The agent runtime is containerized and stateless. State lives in AWS-managed services (DynamoDB, S3, Secrets Manager) with point-in-time recovery enabled. RTO target: 15 minutes. RPO: zero for structured data (DynamoDB PITR), configurable for file assets.
Full security documentation: Security overview · Data Processing Agreement · Acceptable Use Policy