Optional projects mode is on in Settings. Projects are hidden from the sidebar; this page stays available for direct access and bookmarks.

All Projects
KB
Kortex Backend
~/dev/kortex-backend
Sections
Overview
Summary & project settings
Skills
Agent capabilities
3
MCP Servers
Tool connections
2
Knowledge
RAG & vector stores
1
Secrets & Tokens
Credentials & integrations
3
Filesystem
Paths, mounts & access rules
Network Policy
Outbound access rules

Overview

Running Agents
3
JWT Auth Refactor 12m
Dark Mode Toggle 4m
Update Dependencies queued
Total Tasks
127
18 completed today
Project Details
Git Status
Current branch: main
Last commit: a3f82d1 — "Fix auth middleware token refresh" (2 hours ago)
Clean working tree

Skills

Attached Skills

3 skills
Code Review
Custom · Best practices & security analysis
Hummingbird Containers
Pre-built · Distroless container images
Kubernetes
Pre-built · Cluster operations & deployment

MCP Servers

Attached MCP Servers

2 servers
GitHub MCP
12 tools · v1.2.0 · Active
OpenShift MCP
18 tools · v2.1.0 · Active

Knowledge Bases

Attached Knowledge Bases

1 knowledge base
API Documentation
42 sources · Milvus · Active

Secrets & Tokens

Project-scoped secrets. These credentials are only available to agents running within this project. They are stored encrypted and never exposed in logs or agent output.
GitHub
Repository access, pull requests, and issue tracking
Connected
Personal Access Token
ghp_••••••••••••••••
6 permissions granted
repo:read repo:write read:org workflow read:packages write:discussion
Set
Organization
acme-corp
Instance URL
https://github.com
JIRA
Issue tracking, sprint management, and project boards
Connected
API Token
ATATT3x••••••••••
4 permissions granted
read:jira-work write:jira-work read:jira-user manage:jira-webhook
Set
Email
john.doe@acme-corp.com
Instance URL
https://acme-corp.atlassian.net
Default Project Key
KBE
Slack
Notifications, status updates, and agent alerts
Not connected
Bot Token
Not configured
3 permissions required
chat:write channels:read files:write
Missing
Default Channel
Not configured
Missing

Filesystem

Project-scoped filesystem policy. Defines which paths agents can read and write inside the sandboxed environment. This limits the blast radius of mistakes by constraining filesystem access to only declared paths.
Access Mode

Choose the default behavior for filesystem operations inside agent sandboxes.

Strict Mode
Only explicitly declared paths are accessible. All unlisted paths are blocked. Recommended for production.
Permissive Mode
Agents can access most paths except explicitly blocked ones. Better for development environments.
Allowed Operations
Read declared paths
Write to read-write paths
Access /sandbox scratch space
Write to /tmp
Blocked Operations
Access unlisted paths
Traverse with .. (path traversal)
Write to read-only paths
Follow symlinks outside sandbox

Declared Paths

6 paths
~/dev/kortex-backend
Project working directory
read-write
/sandbox
Agent scratch workspace
read-write
/tmp
Temporary files
read-write
/usr/local/go
Go toolchain
read-only
/usr/local/bin
System binaries (make, git, etc.)
read-only
~/.ssh
SSH keys — explicitly blocked
blocked
Workspace File Sync

Filesystem policy settings are synced to the agentdev-workspace.yaml file under agentConfig.permissions.filesystem.

agentdev-workspace.yaml Synced 
agentConfig:
  permissions:
    filesystem:
      mode: strict
      readWrite:
        - "~/dev/kortex-backend"
        - "/sandbox"
        - "/tmp"
      readOnly:
        - "/usr/local/go"
        - "/usr/local/bin"
      blocked:
        - "~/.ssh"

Network Policy

Project-scoped network policy. Controls what external hosts agents can reach when running tasks in this project. Agents operating inside sandboxed workspaces will have their HTTP/HTTPS traffic filtered according to these rules.
Policy Mode

Choose the default behavior for outbound network requests from agent sandboxes.

Allow Mode
Permit all traffic except explicitly blocked hosts. Best for development environments.
Deny Mode
Block all traffic except explicitly allowed hosts. Recommended for production or sensitive projects.

Allowed Hosts

5 hosts
github.com
Git operations, API access
default
pkg.go.dev
Go package documentation
default
registry.npmjs.org
npm package registry
default
proxy.golang.org
Go module proxy
custom
sum.golang.org
Go checksum database
custom

Blocked CIDR Ranges

4 ranges
10.0.0.0/8
Private network (Class A)
default
172.16.0.0/12
Private network (Class B)
default
192.168.0.0/16
Private network (Class C)
default
169.254.0.0/16
Link-local addresses
default