Object Model
The core concepts of the Hoziron platform and how they relate to each other.
Concept Hierarchy
Agent
The execution context. An agent is an autonomous AI worker that responds to triggers — cron schedules, workflow steps, channel messages, or system events.
Key rule: An agent without a competency is a general-purpose conversational entity. It can reason and respond but cannot take any action (no tool access).
Lifecycle
What an Agent Owns
| Component | Description |
|---|---|
| Identity | UUID, name, creation timestamp |
| Model config | Provider, model ID, temperature, max tokens |
| Competency | 0 or 1 equipped competency (defines what tools are available) |
| Permissions | What resources the agent can access |
| Memory | Private KV store, semantic memory, knowledge graph |
| Triggers | What events wake the agent up |
| PII pipeline | Per-agent tokenization/hydration rules |
| Trust policy | Which destinations see real vs tokenized data |
Competency
The unit of capability. A competency gives an agent the ability to act — it bundles domain knowledge, operational procedures, required tools, configuration, and metrics into a single installable package.
Three Layers
| Layer | Content | Purpose |
|---|---|---|
| Manifest | COMPETENCY.toml | Declares identity, required skills, settings, schedule, metrics |
| System Prompt | Embedded in manifest | Multi-phase operational procedures, decision trees, error recovery |
| Knowledge | Optional files in payload/ | Domain expertise injected into agent context |
Equip Operation
Constraint: One competency per agent (enforced at equip time).
Skill
A tool bundle that provides one or more tools along with their implementation. A skill is nothing without a competency — it cannot be used directly by an agent.
Structure
| Component | Description |
|---|---|
| Name | Unique identifier (e.g., postgresql-connector) |
| Tools | 1..N tool definitions (must have at least 1) |
| Runtime | Implementation type: Python, WASM, Node.js, Shell, Native |
| Requirements | Dependencies, capabilities, environment variables |
Relationship to Integrations
Some skills are backed by integration servers — MCP-compatible processes that implement the tools at runtime:
Tool
An atomic action that a skill provides. A single function an agent can invoke during execution.
Tools are never accessed directly. The path is always:
Agent → (equipped) Competency → (requires) Skill → (provides) Tool
At runtime, the agent's tool_allowlist contains only the tools provided by its equipped competency's required skills. All other tools are invisible.
Workflow
A multi-step pipeline that routes work through multiple agents:
Each agent maintains its own memory scope. Data passes between agents only through step outputs with PII tokenization applied at each boundary.
Trigger
What wakes an agent up. Every agent is autonomous — the trigger defines when it acts.
| Type | Fires When |
|---|---|
| Cron | Scheduled time (cron expression) |
| Channel | Message received from Slack, Teams, etc. |
| Workflow | Step in a multi-agent pipeline |
| Event | System/lifecycle event matching a pattern |
| API | Direct invocation (always accepted implicitly) |
Permission
A grant of access to a resource or action. Declared in agent configuration, enforced at runtime.
| Category | Example | Meaning |
|---|---|---|
| File access | FileRead("/data/claims/*") | Can read files matching pattern |
| Network | NetworkConnect("*.company.com") | Can connect to matching hosts |
| Memory | MemoryRead("self") | Can read own memory scope |
| Shell | ShellExec("python3 *") | Can execute matching commands |
| Agent interaction | AgentSpawn | Can create child agents |
| Cost limits | CostLimitHourly(10.0) | Max $10/hour in LLM costs |
Inheritance rule: A child agent can never have more permissions than its parent.
Memory
Private persistence layer for each agent:
Isolation guarantee: The ScopedMemory wrapper validates caller == scope_owner on every operation. Cross-agent memory access always returns MemoryViolation.
Complete Data Path
End-to-end flow when an operator sends a message to an agent: