docs/book/src/agents/operating.md
Because there is no privileged "the agent," every command that drives an agent names which one. Agents coexist; you address one by its alias.
On the CLI, the agent alias is required, there is no default agent:
<div class="os-tabs-src">zeroclaw agent -a <alias> -m "hello"
The alias is the <alias> half of an [agents.<alias>] block. For the full CLI
surface and every flag, see the generated
CLI reference.
Agents run side by side from one install. Each one keeps its own workspace, memory, and identity (see Filesystem components), so by default nothing one agent does leaks into another. They share only what their config references share, a provider, a channel, a bundle.
There are two ways one agent reaches another, each separately gated:
delegation_policy.mode is allow
(the default is forbidden), and the target agent shares the same risk
profile. Delegation never crosses trust tiers, an agent on a hardened
profile cannot delegate to one on a permissive profile. The shared risk
profile is itself the allow-list: the delegate roster offered to the model is
exactly the other agents on the caller's profile, and only when delegation is
permitted. See Delegation & SubAgents for the full gate
behavior and the exact refusal messages.When an agent needs a one-off helper instead of an existing peer, it spawns an ephemeral SubAgent that inherits its identity and security policy for a single task, then disappears.
zerocode is the terminal UI for driving agents. Two panes put an agent in front of you:
Both panes drive a specific agent, and zerocode can give each agent its own colour palette so you can tell them apart at a glance, see Per-agent themes. The Config pane is the preferred place to add and wire agents without editing files by hand.
zeroclaw daemon brings up every enabled agent together, each answering on its
own channels. Adding an agent is additive: define a new [agents.<alias>]
block, wire its references, and it joins the running set, the existing agents
are untouched.
For the runtime internals, the permission model, the memory model, and the agent loop, see Runtime internals.