📋 Prerequisites
📝 Feature Summary
Allow AgentHarness users to customize OpenClaw/Hermes backend configuration beyond what the CRD currently exposes (extra config, bootstrap files, env valueFrom).
❓ Problem Statement / Motivation
I'm deploying AgentHarness with the openclaw/hermes backend + Slack, it works, but I hit a wall when trying to customize things that OpenClaw and Hermes natively support.
The problem is that kagent generates a minimal openclaw.json (code) or config.yaml for hermes (code) with hardcoded values and writes it to the sandbox with cat >, overwriting everything. There's no way to:
- Set agent identity files (
SOUL.md, AGENTS.md), OpenClaw reads these from ~/.openclaw/ but there's no path to inject them.
- Change agent behavior. Stuff like
thinkingDefault, skills, plugins, heartbeat, compaction are all hardcoded in Go. For example hermes always gets max_turns: 60 and reasoning_effort: medium.
- Use
$include, OpenClaw supports modular config with $include directives but the generated json doesn't use it.
- Use
spec.env with valueFrom. It's accepted by the CRD but silently dropped for OpenShell runtime, so you can't reference K8s secrets safely.
And since OpenShell sandboxes aren't regular K8s pods, you can't mount ConfigMaps/Volumes either, the only way to get files in is via the image or ExecSandbox.
💡 Proposed Solution
I'm not sure if these ideas are feasible, but here's what I have in mind:
- Add
spec.extraConfig , a field that accepts a raw JSON/YAML map that gets deep-merged into the generated bootstrap document before writing it to the sandbox. This way kagent still owns the base config but users can override/extend specific sections.
- Support
spec.env[].valueFrom for OpenShell runtime, resolve secretKeyRef/configMapKeyRef server-side before passing to ExecSandbox.
🔄 Alternatives Considered
- The
spec.env with literal values, in theory this should work for settings that have env var equivalents, but we haven't validated it. Also, no valueFrom support means secrets must be plaintext.
- Custom image with
modelConfigRef doesn't work, kagent overwrites the config file completely
🎯 Affected Service(s)
None
📚 Additional Context
kagent version: v0.9.5
runtime: openshell
🙋 Are you willing to contribute?
📋 Prerequisites
📝 Feature Summary
Allow AgentHarness users to customize OpenClaw/Hermes backend configuration beyond what the CRD currently exposes (extra config, bootstrap files, env valueFrom).
❓ Problem Statement / Motivation
I'm deploying AgentHarness with the
openclaw/hermesbackend + Slack, it works, but I hit a wall when trying to customize things that OpenClaw and Hermes natively support.The problem is that kagent generates a minimal
openclaw.json(code) orconfig.yamlfor hermes (code) with hardcoded values and writes it to the sandbox withcat >, overwriting everything. There's no way to:SOUL.md,AGENTS.md), OpenClaw reads these from~/.openclaw/but there's no path to inject them.thinkingDefault,skills,plugins,heartbeat, compaction are all hardcoded in Go. For example hermes always getsmax_turns: 60andreasoning_effort: medium.$include, OpenClaw supports modular config with$includedirectives but the generated json doesn't use it.spec.envwithvalueFrom. It's accepted by the CRD but silently dropped for OpenShell runtime, so you can't reference K8s secrets safely.And since OpenShell sandboxes aren't regular K8s pods, you can't mount ConfigMaps/Volumes either, the only way to get files in is via the
imageorExecSandbox.💡 Proposed Solution
I'm not sure if these ideas are feasible, but here's what I have in mind:
spec.extraConfig, a field that accepts a raw JSON/YAML map that gets deep-merged into the generated bootstrap document before writing it to the sandbox. This way kagent still owns the base config but users can override/extend specific sections.spec.env[].valueFromfor OpenShell runtime, resolve secretKeyRef/configMapKeyRef server-side before passing to ExecSandbox.🔄 Alternatives Considered
spec.envwith literal values, in theory this should work for settings that have env var equivalents, but we haven't validated it. Also, novalueFromsupport means secrets must be plaintext.modelConfigRefdoesn't work, kagent overwrites the config file completely🎯 Affected Service(s)
None
📚 Additional Context
kagent version:
v0.9.5runtime:
openshell🙋 Are you willing to contribute?