eve-agentic-app-design
Agentic App Design on Eve Horizon
Transform a full-stack app into one where agents are primary actors — reasoning, coordinating, remembering, and communicating alongside humans.
When to Use
Load this skill when:
- Designing an app where agents are primary users alongside (or instead of) humans
- Adding agent capabilities to an existing Eve app
- Choosing between human-first and agent-first architecture
- Deciding how agents should coordinate, remember, and communicate
Prerequisite: Start with the Foundation
Load eve-fullstack-app-design first. The agentic layer builds on a solid PaaS foundation. Without a well-designed manifest, service topology, database, pipeline, and deployment strategy, agentic capabilities collapse into chaos.
The progression:
eve-agent-native-design— Principles (parity, granularity, composability, emergent capability)eve-fullstack-app-design— PaaS foundation (manifest, services, DB, pipelines, deploys)- This skill — Agentic layer (agents, teams, memory, events, chat, coordination)
Each layer assumes the previous. Skip none.
Agent Architecture
Defining Agents
Agents are defined in agents.yaml (path set via x-eve.agents.config_path in the manifest). Each agent is a persona with a skill, access scope, and policies.
version: 1
agents:
coder:
slug: coder
description: "Implements features and fixes bugs"
skill: eve-orchestration
harness_profile: primary-coder
access:
envs: [staging]
services: [api, worker]
policies:
permission_policy: auto_edit
git:
commit: auto
push: on_success
gateway:
policy: routable
Design decisions for each agent:
| Decision | Options | Guidance |
|---|---|---|
| Slug | Lowercase, alphanumeric + dashes | Org-unique. Used for chat routing: @eve coder fix the login bug |
| Skill | Any installed skill name | The agent's core competency. One skill per agent. |
| Harness profile | Named profile from manifest | Decouples agent from specific models. Use profiles, never hardcode harnesses. |
| Gateway policy | none, discoverable, routable |
Default to none. Make routable only for agents that should receive direct chat. |
| Permission policy | default, auto_edit, never, yolo |
Start with auto_edit for worker agents. Use default for agents that need human approval. |
| Git policies | commit, push |
auto commit + on_success push for coding agents. never for read-only agents. |
Designing Teams
Teams are defined in teams.yaml. A team groups agents under a lead with a dispatch strategy.
version: 1
teams:
review-council:
lead: mission-control
members: [code-reviewer, security-auditor]
dispatch:
mode: council
merge_strategy: majority
deploy-ops:
lead: ops-lead
members: [deploy-agent, monitor-agent]
dispatch:
mode: relay
Choose the right dispatch mode:
| Mode | When to Use | How It Works |
|---|---|---|
fanout |
Independent parallel work | Root job + parallel child per member. Best for decomposable tasks. |
council |
Collective judgment | All agents respond, results merged by strategy (majority, unanimous, lead-decides). Best for reviews, audits. |
relay |
Sequential handoff | Lead delegates to first member, output passes to next. Best for staged workflows. |
Design principle: Most work is fanout. Use council only when multiple perspectives genuinely improve the outcome. Use relay only when each stage's output is the next stage's input.
Harness Profiles
Define named profiles in the manifest. Agents reference profiles, never specific harnesses.
x-eve:
agents:
profiles:
primary-coder:
- harness: claude
model: opus-4.5
reasoning_effort: high
- harness: codex
model: gpt-5.2-codex
reasoning_effort: high
fast-reviewer:
- harness: mclaude
model: sonnet-4.5
reasoning_effort: medium
Profile entries are a fallback chain: if the first harness is unavailable, the next is tried. Design profiles around capability needs, not provider loyalty.
Model Selection Guidance
| Task Type | Profile Strategy |
|---|---|
| Complex coding, architecture | High-reasoning model (opus, gpt-5.2-codex) |
| Code review, documentation | Medium-reasoning model (sonnet, gemini) |
| Triage, routing, classification | Fast model (haiku-equivalent, low reasoning) |
| Specialized domains | Choose the model with strongest domain performance |
Memory Design
Load eve-agent-memory for the full storage primitive catalog. This section focuses on architectural decisions.
What Goes Where
| Information Type | Storage Primitive | Why |
|---|---|---|
| Scratch notes during a job | Workspace files (.eve/) |
Ephemeral, dies with the job |
| Job outputs passed to parent | Job attachments | Survives job completion, addressable by job ID |
| Rolling conversation context | Threads | Continuity across sessions, summarizable |
| Curated knowledge | Org Document Store | Versioned, searchable, shared across projects |
| File trees and assets | Org Filesystem (sync) | Bidirectional sync, local editing |
| Structured queries | Managed database | SQL, relationships, RLS |
| Reusable workflows | Skills | Highest-fidelity long-term memory |
Namespace Conventions
Organize org docs by agent and purpose:
/agents/{agent-slug}/learnings/ — discoveries and patterns
/agents/{agent-slug}/decisions/ — decision records
/agents/{agent-slug}/runbooks/ — operational procedures
/agents/shared/ — cross-agent shared knowledge
/projects/{project-slug}/ — project-scoped knowledge
Lifecycle Strategy
Memory without expiry becomes noise. For every storage location, decide:
- Who writes? Which agents create and update this knowledge.
- Who reads? Which agents query it and when (job start? on demand?).
- When does it expire? Tag with creation dates. Build periodic cleanup jobs.
- How does it stay current? Search before writing. Update beats create.
Event-Driven Coordination
The Event Spine
Events are the nervous system of an agentic app. Use them for reactive automation — things that should happen in response to other things.
Trigger Patterns
| Trigger | Event | Response |
|---|---|---|
| Code pushed to main | github.push |
Run CI pipeline |
| PR opened | github.pull_request |
Run review council |
| Deploy pipeline failed | system.pipeline.failed |
Run self-healing workflow |
| Job failed | system.job.failed |
Run diagnostic agent |
| Org doc created | system.doc.created |
Notify subscribers, update indexes |
| Scheduled maintenance | cron.tick |
Run audit, cleanup, reporting |
| Custom app event | app.* |
Application-specific automation |
Self-Healing Pattern
Wire system failure events to recovery pipelines:
pipelines:
self-heal:
trigger:
system:
event: job.failed
pipeline: deploy
steps:
- name: diagnose
agent:
prompt: "Diagnose the failed deploy and suggest a fix"
Custom App Events
Emit application-specific events from your services:
eve event emit --type app.invoice.created --source app --payload '{"invoice_id":"inv_123"}'
Wire these to workflows or pipelines in the manifest. Design your app's event vocabulary intentionally — events are the API between your app logic and your agent automation.
Chat and Human-Agent Interface
Gateway Architecture
Eve supports multiple chat providers through a unified gateway:
| Provider | Transport | Best For |
|---|---|---|
| Slack | Webhook | Team collaboration, existing Slack workspaces |
| Nostr | Subscription | Decentralized, privacy-focused, censorship-resistant |
| WebChat | WebSocket | Browser-native, embedded in your app |
Routing Design
Define routes in chat.yaml to map inbound messages to agents or teams:
version: 1
default_route: route_default
routes:
- id: deploy-route
match: "deploy|release|ship"
target: agent:deploy-agent
- id: review-route
match: "review|PR|pull request"
target: team:review-council
- id: route_default
match: ".*"
target: agent:mission-control
Route targets can be agent:<key>, team:<key>, workflow:<name>, or pipeline:<name>.
Gateway vs Backend-Proxied Chat
| Approach | When to Use |
|---|---|
| Gateway provider (WebSocket to Eve) | Simple chat widgets, admin consoles, no backend needed |
Backend-proxied (POST /internal/orgs/:id/chat/route) |
Production SaaS, when you need to intercept, enrich, or store conversations |
If your app needs to add context, filter messages, or maintain its own chat history — proxy through your backend.
Thread Continuity
Chat threads maintain context across messages. Thread keys are scoped to the integration account. Design your chat UX to preserve thread context — agents are dramatically more effective when they can reference conversation history.
Jobs as Coordination Primitive
Parent-Child Orchestration
Jobs are the fundamental unit of agent work. Design complex workflows as job trees:
Parent (orchestrator)
├── Child A (research)
├── Child B (implementation)
└── Child C (testing)
The parent dispatches, waits, resumes, synthesizes. Children execute independently. Use waits_for relations to express dependencies. See eve-orchestration for full patterns.
Structured Context via Attachments
Pass structured data between agents using job attachments, not giant description strings:
# Child stores findings
eve job attach $EVE_JOB_ID --name findings.json --content '{"patterns": [...]}'
# Parent reads on resume
eve job attachment $CHILD_JOB_ID findings.json --out ./child-findings.json
Resource Refs for Document Mounting
Pin specific org document versions as job inputs:
eve job create \
--description "Review the approved plan" \
--resource-refs='[{"uri":"org_docs:/pm/features/FEAT-123.md@v3","label":"Plan","mount_path":"pm/plan.md"}]'
The document is hydrated into the workspace at the mount path. Events track hydration success or failure.
Coordination Threads
When teams dispatch work, a coordination thread (coord:job:{parent_job_id}) links parent and children. Children read .eve/coordination-inbox.md for sibling context. Post updates via eve thread post. The lead agent can eve supervise to monitor the job tree.
Access and Security
Service Accounts
Backend services need non-user tokens for API calls. Use eve auth mint to create scoped tokens:
eve auth mint --email app-bot@example.com --project proj_xxx --role admin
Design each service account with minimal necessary scope.
Access Groups
Segment data-plane access using groups. Groups control who can read/write org docs, org filesystem paths, and database schemas:
# .eve/access.yaml
version: 2
access:
groups:
eng-team:
name: Engineering
members:
- type: user
id: user_abc
bindings:
- subject: { type: group, id: eng-team }
roles: [data-reader]
scope:
orgdocs: { allow_prefixes: ["/agents/shared/"] }
envdb: { schemas: ["public"] }
Sync with eve access sync --file .eve/access.yaml --org org_xxx.
Agent Permission Policies
| Policy | Use Case |
|---|---|
default |
Interactive agents that need human approval for risky actions |
auto_edit |
Worker agents that edit code and files autonomously |
never |
Read-only agents (auditors, reviewers) |
yolo |
Fully autonomous agents in controlled environments (use carefully) |
Policy-as-Code
Declare all access in .eve/access.yaml and sync declaratively. This ensures access is version-controlled, reviewable, and reproducible. See eve-auth-and-secrets for the full v2 policy schema.
The Agentic Checklist
Agent Architecture:
- Agents defined in
agents.yamlwith clear slug, skill, and profile - Teams defined in
teams.yamlwith appropriate dispatch modes - Gateway policies set intentionally (not everything routable)
- Chat routes defined for inbound message handling
Harness Profiles:
- Harness profiles defined in manifest (agents reference profiles, not harnesses)
- Fallback chains in profiles for resilience
- Model choice matches task complexity
Memory:
- Storage primitive chosen for each information type (see table above)
- Namespace conventions established for org docs
- Lifecycle and expiry strategy defined
- Agents search before writing (update beats create)
Events:
- Trigger patterns wired for key events (push, PR, failures)
- Self-healing pipeline exists for deploy and job failures
- Custom app events defined for domain-specific automation
Chat:
- Gateway provider chosen (Slack, Nostr, WebChat, or multiple)
- Chat routing configured (
chat.yaml) - Gateway vs backend-proxied decision made
- Thread continuity preserved in UX
Coordination:
- Complex work decomposed as job trees (parent-child)
- Attachments used for structured context passing
- Coordination threads used for team communication
- Resource refs used for document mounting
Security:
- Service accounts created for backend services
- Access groups defined for data-plane segmentation
- Agent permission policies appropriate to each agent's role
- Access policy declared as code (
.eve/access.yaml)
The Real Test — Is This App Truly Agent-Native?
- Agents can do everything users can (parity)
- Adding capability means writing prompts, not code (composability)
- Agents coordinate through platform primitives, not custom glue (granularity)
- Agents have surprised you with unexpected solutions (emergent capability)
Cross-References
- Principles:
eve-agent-native-design— parity, granularity, composability, emergent capability - PaaS foundation:
eve-fullstack-app-design— manifest, services, DB, pipelines, deploys - Storage primitives:
eve-agent-memory— detailed guidance on each memory primitive - Job orchestration:
eve-orchestration— depth propagation, parallel decomposition, control signals - Agents and teams reference:
eve-read-eve-docs→references/agents-teams.md - Harness execution:
eve-read-eve-docs→references/harnesses.md - Chat gateway:
eve-read-eve-docs→references/gateways.md - Events and triggers:
eve-read-eve-docs→references/events.md