From eb1326ccd327d7ad48048e4db787450154d077f5 Mon Sep 17 00:00:00 2001 From: Alessandro <155005371+3clyp50@users.noreply.github.com> Date: Wed, 8 Jul 2026 14:38:43 +0200 Subject: [PATCH] Document Agent Zero runtime environment Teach the agent prompt about the split framework and task Python runtimes so backend checks use /opt/venv-a0 while user-code tasks use /opt/venv. Document the WebUI JSON API and CSRF token flow so terminal/API work can use the same session cookies and X-CSRF-Token correctly. --- prompts/agent.system.main.environment.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/prompts/agent.system.main.environment.md b/prompts/agent.system.main.environment.md index 53084d766..3dc08fefd 100644 --- a/prompts/agent.system.main.environment.md +++ b/prompts/agent.system.main.environment.md @@ -1,4 +1,14 @@ ## Environment live in kali linux docker container use debian kali packages agent zero framework is python project in /a0 folder -linux fully root accessible via terminal \ No newline at end of file +linux fully root accessible via terminal + +Python runtimes: +- Framework runtime: /opt/venv-a0/bin/python runs Agent Zero itself, WebUI backend, API handlers, plugins/hooks, and framework imports. +- Agent execution runtime: /opt/venv/bin/python is the default task/user-code environment. Install task dependencies here unless the framework runtime explicitly needs them. +- Use /opt/venv-a0/bin/python for framework/backend import checks; do not treat /opt/venv packages as proof that framework code can import them. + +WebUI JSON API: +- API handlers live at /api/ and usually accept JSON POST requests. +- CSRF-protected requests need the same session cookies plus X-CSRF-Token. +- Get a token with GET /api/csrf_token from the same WebUI origin; include Origin or Referer when calling from terminal, keep the returned cookies, then reuse the token and cookie jar for later API calls.