Manifest and Environment
The DPU runtime is intentionally small. Most of its operational behavior comes from a short manifest and a few storage-related environment variables.
Why Configuration Matters
The agent only works correctly if it can find the workspace boundary, the DPU storage root, and the master key used to encrypt secrets and confidential content. In Ploinky, {{generatedSecret:DPU_MASTER_KEY}} is resolved before launch, so the agent receives a stable per-agent encryption key without manual secret configuration or workspace master-key access.
Manifest
manifest.json declares a single default profile on top of docker.io/assistos/ploinky-node:24-bookworm-tools. Runtime resources provide persistent storage and derive the DPU key:
{
"container": "docker.io/assistos/ploinky-node:24-bookworm-tools",
"lite-sandbox": true,
"runtime": {
"resources": {
"persistentStorage": { "key": "dpu-data", "containerPath": "/dpu-data" },
"env": {
"DPU_DATA_ROOT": "{{STORAGE_CONTAINER_PATH}}",
"DPU_WORKSPACE_ROOT": "{{WORKSPACE_ROOT}}",
"DPU_MASTER_KEY": "{{generatedSecret:DPU_MASTER_KEY}}"
}
}
},
"profiles": {
"default": {
"env": [
"ASSISTOS_FS_ROOT",
"WORKSPACE_ROOT"
]
}
}
}
Environment Variables
| Variable | Role |
|---|---|
DPU_MASTER_KEY |
Encryption root for secret values and confidential file content, resolved before launch from the manifest {{generatedSecret:DPU_MASTER_KEY}} runtime-resource template. |
DPU_DATA_ROOT |
Optional explicit storage root. If missing, storage falls back next to the resolved workspace root. |
DPU_WORKSPACE_ROOT |
Preferred workspace root for DPU resolution. |
ASSISTOS_FS_ROOT, WORKSPACE_ROOT |
Fallback workspace-root inputs used when DPU_WORKSPACE_ROOT is not set. |
Ploinky Runtime
dpuAgent is MCP-first and runs through the bundled Ploinky AgentServer.mjs. The agent does not expose a standalone HTTP MCP server; Ploinky owns POST /mcp, GET /health, secure-wire verification, and tool registration from mcp-config.json.