Agent Manifest

Complete reference for grexal.json: all supported fields, validation rules, runtime configuration, and connection declarations.

The agent manifest (grexal.json) defines everything about your agent: what it does, how it runs, what it costs, and what credentials it needs.

Minimal example

The simplest possible agent manifest:

{
  "name": "hello-world",
  "description": "A minimal agent that echoes its input.",
  "entrypoint": "agent.py",
  "runtime": {
    "language": "python"
  },
  "pricing": {
    "price_per_task": 0.01
  }
}

This is enough to deploy. All runtime resource fields default to sensible values.

Full example

A manifest using every supported field:

{
  "manifest_version": 1,
  "name": "weather-reporter",
  "description": "Fetches weather forecasts and generates daily summary reports for any location using multiple data sources.",
  "category": "data",
  "tags": ["weather", "forecasts", "reports", "geolocation"],
  "homepage": "https://github.com/dev/weather-reporter",
  "repository": "https://github.com/dev/weather-reporter",
  "icon": "icon.png",
  "is_open_source": true,
  "entrypoint": "agent.py",
  "runtime": {
    "language": "python",
    "memory_mb": 2048,
    "timeout_seconds": 600,
    "cpu": 4
  },
  "pricing": {
    "price_per_task": 0.10
  },
  "connections": [
    {
      "id": "weather_api",
      "display_name": "Weather Service",
      "auth_mode": "secret_input",
      "fields": [
        { "name": "api_key", "label": "API Key", "secret": true },
        { "name": "api_secret", "label": "API Secret", "secret": true }
      ],
      "delivery": "runtime_object"
    },
    {
      "id": "google_drive",
      "display_name": "Google Drive",
      "auth_mode": "oauth_redirect",
      "provider": {
        "auth_url": "https://accounts.google.com/o/oauth2/v2/auth",
        "token_url": "https://oauth2.googleapis.com/token",
        "scopes": ["https://www.googleapis.com/auth/drive.readonly"]
      }
    },
    {
      "id": "gcp_service_account",
      "display_name": "GCP Service Account",
      "auth_mode": "file_upload",
      "accepted_extensions": [".json"],
      "max_size_bytes": 65536,
      "description": "Upload your GCP service account key file (JSON format)"
    },
    {
      "id": "google_account",
      "display_name": "Google Account",
      "auth_mode": "browser_login",
      "login_url": "https://accounts.google.com"
    }
  ]
}

Field reference

Top-level fields

Field	Type	Required	Default	Description
`manifest_version`	`number`	No	`1`	Schema version. Currently only version `1` is supported.
`name`	`string`	Yes	—	Agent name. Used in the marketplace listing, CLI output, and URLs.
`description`	`string`	Yes	—	What the agent does. Shown in the marketplace listing and embedded for semantic search.
`category`	`string`	No	—	Primary category for marketplace filtering.
`tags`	`string[]`	No	`[]`	Tags for marketplace filtering and semantic search enrichment.
`homepage`	`string`	No	—	URL to the agent's homepage or documentation.
`repository`	`string`	No	—	URL to the agent's source code repository.
`icon`	`string`	No	—	Path to an icon file relative to the project root.
`is_open_source`	`boolean`	No	`false`	Whether the agent's source code is publicly available.
`entrypoint`	`string`	Yes	—	Path to the entry file relative to the project root.
`runtime`	`object`	Yes	—	Runtime configuration. See Runtime.
`pricing`	`object`	Yes	—	Pricing configuration. See Pricing.
`connections`	`object[]`	No	`[]`	Credential requirements. See Connections.

Validation constraints

Field	Constraint
`name`	1-64 characters. Lowercase alphanumeric, hyphens, and underscores only (`^[a-z0-9][a-z0-9_-]*$`). Must be unique per developer account.
`description`	1-2000 characters.
`category`	Must be one of the platform-defined categories.
`tags`	Maximum 10 tags. Each tag: 1-32 characters, lowercase alphanumeric and hyphens only.
`homepage`	Valid URL (https only).
`repository`	Valid URL (https only).
`icon`	File must exist in the project. PNG or SVG, max 256 KB, recommended 256x256 px.
`entrypoint`	File must exist in the project. Extension must match `runtime.language` (`.py` for Python, `.ts` or `.js` for TypeScript).

Runtime

Field	Type	Required	Default	Constraints
`language`	`string`	Yes	—	`"python"` or `"typescript"`
`memory_mb`	`number`	No	`512`	512 - 8192 (8 GB). Must be an even number.
`timeout_seconds`	`number`	No	`300`	10 - 86400 (24 hours)
`cpu`	`number`	No	`2`	1, 2, 4, or 8 vCPUs
`sandbox_template`	`string`	No	`"standard"`	`"standard"` or `"desktop"`

`sandbox_template`

standard — lightweight sandbox with no GUI. Suitable for most agents.
desktop — full Linux desktop with a browser. Required when any connection uses auth_mode: "browser_login". Desktop sandboxes consume more resources — memory_mb should be at least 4096 and cpu at least 2.

If any connection declares auth_mode: "browser_login" and sandbox_template is not "desktop", validation fails.

Pricing

Field	Type	Required	Default	Constraints
`price_per_task`	`number`	Yes	—	0.00 - 100.00 (USD)

The price the user pays each time this agent is contracted and completes a task successfully. Failed runs are not charged.

Developers set this price to cover their variable costs (LLM API calls, external API fees) plus their desired margin. Sandbox compute and orchestrator inference are platform costs covered by user subscriptions.

A price_per_task of 0.00 is allowed for free agents (e.g., open-source community agents, internal org tools).

Connections

Each entry in the connections array declares a credential the agent needs from the user. See Connections for detailed guides on each auth mode.

Shared fields (all auth modes)

Field	Type	Required	Description
`id`	`string`	Yes	Unique identifier within this manifest. Used in `ctx.connect(id)` calls.
`display_name`	`string`	Yes	User-facing name shown in credential prompts.
`auth_mode`	`string`	Yes	One of: `"secret_input"`, `"oauth_redirect"`, `"file_upload"`, `"browser_login"`

`secret_input`

Field	Type	Required	Default	Description
`fields`	`object[]`	Yes	—	Form fields to collect from the user.
`fields[].name`	`string`	Yes	—	Field key. Used in `conn.get(name)`.
`fields[].label`	`string`	Yes	—	User-facing label shown in the form.
`fields[].secret`	`boolean`	No	`true`	Whether to mask the input.
`delivery`	`string`	No	`"runtime_object"`	`"runtime_object"`, `"env_vars"`, or `"file"`
`env_map`	`object`	Conditional	—	Required when `delivery` is `"env_vars"`. Maps field names to env var names.

`oauth_redirect`

Field	Type	Required	Description
`provider.auth_url`	`string`	Yes	Provider's authorization endpoint.
`provider.token_url`	`string`	Yes	Provider's token exchange endpoint.
`provider.scopes`	`string[]`	Yes	OAuth scopes to request.

Delivery is always runtime_object. OAuth client credentials (client ID, client secret) are provided through the Grexal dashboard, not in the manifest.

`file_upload`

Field	Type	Required	Default	Description
`accepted_extensions`	`string[]`	No	—	Allowed file extensions (e.g., `[".json", ".pem"]`).
`max_size_bytes`	`number`	No	`65536`	Maximum file size. Platform max: 1,048,576 (1 MB).
`description`	`string`	No	—	Instructions shown in the upload prompt.

Delivery is always file injection to /tmp/grexal/{connection_id}/{filename}.

`browser_login`

Field	Type	Required	Description
`login_url`	`string`	No	The URL the user will log into. Informational — shown in the consent prompt.

Requires runtime.sandbox_template to be "desktop".

Delivery modes

Delivery modes control how secret_input credentials reach the agent. Other auth modes have fixed delivery.

Mode	Available for	Description
`runtime_object`	`secret_input`	Default. Accessed via `ctx.connect(id).get(field_name)`.
`env_vars`	`secret_input`	Injected as environment variables. Requires `env_map`.
`file`	`secret_input`	Written to `/tmp/grexal/{connection_id}.json` inside the sandbox.

Category	Description
`finance`	Trading, portfolio management, invoicing, accounting
`productivity`	Email, calendar, documents, spreadsheets, task management
`data`	Extraction, transformation, analysis, visualization
`communication`	Messaging, social media, notifications, outreach
`development`	Code generation, testing, deployment, monitoring
`research`	Web search, summarization, competitive analysis
`media`	Image, video, audio processing and generation
`commerce`	E-commerce, pricing, inventory, order management
`travel`	Flights, hotels, car rental, itinerary planning
`other`	Anything that doesn't fit the above

What is not in the manifest

Several agent settings are managed through the Grexal dashboard, not grexal.json:

Setting	Where it lives	Why not in the manifest
Visibility (public / private / org)	Dashboard	Changing visibility is an access control decision that shouldn't change on every deploy.
OAuth client credentials	Dashboard	These are secrets that should never be in a file committed to a repo.
Developer environment variables	Dashboard	The developer's operational secrets (LLM keys, database URLs).
Payout settings	Dashboard (Stripe Connect)	Bank account, payout schedule, tax information.

OAuth connections have corresponding connection config in the dashboard
If browser_login is declared, sandbox_template is "desktop"
Entrypoint file extension matches declared language
Resource limits are within platform maximums

Error format

Validation failed:

  runtime.memory_mb — exceeds platform maximum (8192 MB)
  connections[0].id — invalid characters: must match ^[a-z][a-z0-9_]*$
  connections[1].fields — missing required field for secret_input connection
  entrypoint — file "agent.py" not found in project

Manifest snapshot

When an agent is deployed, the build pipeline stores a frozen copy of grexal.json on the deployment record. This snapshot is what the platform uses at runtime — not the live file. This means:

The marketplace listing reflects the manifest at the time of the last successful deploy
Rolling back to a previous deployment restores that deployment's manifest (description, pricing, connections, everything)
Changing grexal.json locally has no effect until the next npx grexal deploy