Configure a Coworker Agent
Adjust an agent's model, triggers, tools, secrets, and sandbox from its detail page in MintMCP or by editing agent.yml directly.
The agent.yml file in the agent's directory is the source of truth. The Settings tab edits it for you, the Update Agent button lets you describe a change in plain language and review it as a proposed change, and editing the file in git works too — all three end up in the same place. MintMCP validates the configuration and surfaces warnings on the agent's page (for example, a secret referenced but never declared), each with a one-click fix.
Harness and model
The Harness card on the Settings tab picks the runtime that drives the agent.
| Harness | Provider | Models | Credential |
|---|---|---|---|
| Claude Agent | Anthropic API | Claude Opus, Sonnet, Haiku, or Fable | Anthropic API key, or a Claude subscription token from claude setup-token |
| Claude Agent | Amazon Bedrock | Claude models via Bedrock | Bedrock API key, region, and model ID |
| Claude Agent | Claude-compatible API | Any compatible model (e.g. GLM-5.2 via Fireworks) | API key for your provider |
| Codex | OpenAI | GPT-5.5 (default) and other OpenAI models | OpenAI API key or Codex auth file |
Claude Agent and Codex harnesses support a thinking-effort setting (low, medium, high, or xhigh — default high) to trade depth for speed.
Triggers
triggers:
schedule:
- "0 13 * * *" # daily at 1:00 PM UTC
workflow_dispatch: true
| Trigger | Configuration |
|---|---|
| Schedule | One or more cron expressions under triggers.schedule, evaluated in UTC |
| Manual | The Run button collects a prompt and model; add custom inputs under triggers.workflow_dispatch_inputs |
| Slack mention | Set up on the Connectors tab — see Connect a Coworker Agent to Slack |
By default, messages from other bots don't trigger the agent. To let a specific bot (like another agent) trigger this one, list its bot ID under triggers.slack_allowed_bot_ids.
Setting concurrency: true keeps one run per Slack conversation, so a burst of mentions in a thread doesn't fan out into parallel runs.
Runtime limits
Runs default to a 20-minute timeout. Raise or lower it with runtime.timeout_minutes, and cap the number of agent turns per run with runtime.max_turns — generous enough limits let an agent finish one task well, while tight limits keep scheduled runs cheap.
Tools and connectors
Connect a vMCP from the Connectors tab to give the agent access to your MCP tools. MintMCP mints a dedicated API key for the agent, adds the server to agent.yml, and adds its tools to the agent's allowlist — every call the agent makes flows through the gateway under the agent's own identity, so it shows up in your audit log like any other gateway traffic.
allowed_tools is a real allowlist: a tool not in the list is not callable, even if its server is configured. Trim it to just what the agent needs.
You can also declare MCP servers directly in agent.yml (stdio commands or HTTP endpoints, with {{secrets.KEY}} templating for credentials). Direct servers don't pass through the gateway, so prefer vMCP connections when you want gateway-level audit and rules.
Secrets
Secrets are stored in MintMCP (encrypted at rest) and injected at run time — never written into agent.yml.
| Scope | Field | Use for |
|---|---|---|
| Agent | secret_keys | Credentials specific to one agent, like its vMCP key |
| Repository | repo_secret_keys | Credentials shared by all agents in the repo, like a Claude token |
The Secrets tab shows every declared secret with its set/unset status and lets you add or replace values. Reference secrets in agent.yml as {{secrets.MY_KEY}} — the validator rejects hardcoded credentials, so a pasted API key never lands in git.
For secrets the agent shouldn't see in plaintext, configure secret brokering per secret with a domain allowlist: the run gets a placeholder, and MintMCP injects the real value only into requests to the allowed domains.
Sandbox
Each run executes in a sandbox with restricted network egress. GitHub, Anthropic, and package-registry endpoints are reachable by default; add anything else the agent needs under sandbox.allowed_domains:
sandbox:
enabled: true
allowed_domains:
- api.stripe.com
The allowlist only adds domains — you can't remove the defaults the agent needs to function. See Coworker Agents security for what the sandbox does and doesn't guarantee.
Workspaces
The Workspaces tab checks additional repositories out alongside the agent's own, which suits agents whose definition lives in one repo but whose work targets others. Click Add workspace and enter a name and the repository's owner/repo. MintMCP detects access automatically: repositories the GitHub App can reach are checked out with authentication, and public repositories work without it. The agent's definition repository is marked Primary.
Sub-agents and skills
- Sub-agents — Markdown files in the agent directory's
.claude/agents/folder define focused helpers the agent can delegate to. They appear on the Sub-agents tab. - Skills — reusable automations shared across agents in the repository, invoked like slash commands. Browse your organization's skills on the Skills page under Coworker Agents.
Example agent.yml
name: Bella Billing Agent
harness: claude
runtime:
model: opus
timeout_minutes: 30
triggers:
schedule: "0 13 * * *"
workflow_dispatch: true
concurrency: true
secret_keys:
- VMCP_KEY_BILLING
allowed_tools:
- stripe_list_invoices
- stripe_get_customer
sandbox:
enabled: true
allowed_domains:
- api.stripe.com
hooks:
mintmcp_monitor: true
The mintmcp_monitor hook is on by default and worth keeping — it streams the session into Agent Monitor so you can watch what the agent does turn by turn.