Manifest and Environment

The DPU runtime is intentionally small. Most of its operational behavior comes from a short manifest and a few storage-related environment variables.

Why Configuration Matters

The agent only works correctly if it can find the workspace boundary, the DPU storage root, and the master key used to encrypt secrets and confidential content. In Ploinky, {{generatedSecret:DPU_MASTER_KEY}} is resolved before launch, so the agent receives a stable per-agent encryption key without manual secret configuration or workspace master-key access.

Manifest

manifest.json declares a single default profile on top of docker.io/assistos/ploinky-node:24-bookworm-tools. Runtime resources provide persistent storage and derive the DPU key:

{
  "container": "docker.io/assistos/ploinky-node:24-bookworm-tools",
  "lite-sandbox": true,
  "runtime": {
    "resources": {
      "persistentStorage": { "key": "dpu-data", "containerPath": "/dpu-data" },
      "env": {
        "DPU_DATA_ROOT": "{{STORAGE_CONTAINER_PATH}}",
        "DPU_WORKSPACE_ROOT": "{{WORKSPACE_ROOT}}",
        "DPU_MASTER_KEY": "{{generatedSecret:DPU_MASTER_KEY}}"
      }
    }
  },
  "profiles": {
    "default": {
      "env": [
        "ASSISTOS_FS_ROOT",
        "WORKSPACE_ROOT"
      ]
    }
  }
}

Environment Variables

Variable Role
DPU_MASTER_KEY Encryption root for secret values and confidential file content, resolved before launch from the manifest {{generatedSecret:DPU_MASTER_KEY}} runtime-resource template.
DPU_DATA_ROOT Optional explicit storage root. If missing, storage falls back next to the resolved workspace root.
DPU_WORKSPACE_ROOT Preferred workspace root for DPU resolution.
ASSISTOS_FS_ROOT, WORKSPACE_ROOT Fallback workspace-root inputs used when DPU_WORKSPACE_ROOT is not set.

Ploinky Runtime

dpuAgent is MCP-first and runs through the bundled Ploinky AgentServer.mjs. The agent does not expose a standalone HTTP MCP server; Ploinky owns POST /mcp, GET /health, secure-wire verification, and tool registration from mcp-config.json.