Configuration (settings.toml) & Profiles
CURD v0.7.1 introduces a hierarchical configuration model designed for organizational governance, safely bringing advanced features to both indie developers and enterprise teams. Configuration is stored in .curd/settings.toml.
Runtime Ceilings
CURD provides runtime ceilings that act as hard bounds on what operations are possible for any agent, regardless of context:
full: Exposes the complete tool surface, including code edits, shell commands, and plugins. Best for mature workflows or human-supervised local use.lite: Intentionally restrictive. Ideal for purely exploratory or read-only agents. It limits tools to:workspace(restricted tostatus,list,dependencies)searchreadeditgraph- protocol basics
[runtime]
ceiling = "full" # or "lite"Profiles
Profiles define actual behavior and capability within the chosen ceiling. A single binary can power multiple agent roles seamlessly:
[profiles.default]
role = "human_core"
capabilities = ["lookup", "traverse", "read", "change.apply", "session.begin", "session.verify", "session.commit"]
promotion = "user_only"
[profiles.assist]
role = "assist_agent"
capabilities = ["lookup", "traverse", "read", "change.prepare", "session.begin", "session.verify", "review.run"]
promotion = "forbidden"
[profiles.supervised]
role = "supervised_agent"
capabilities = ["lookup", "traverse", "read", "change.apply", "session.begin", "session.verify", "exec.task", "plan.execute", "review.run"]
session_required_for_change = true
promotion = "approval_required"
[profiles.autonomous]
role = "autonomous_agent"
capabilities = ["lookup", "traverse", "read", "change.apply", "session.begin", "session.verify", "session.commit", "exec.task", "plan.execute", "plan.parallel", "review.run", "hook.run"]
session_required_for_change = true
promotion = "policy_gated"- Ceiling gates what is physically possible.
- Profile gates what the actor is allowed to do via capability atoms (e.g.
searchmaps tolookup,editmaps tochange.apply). - Policy (defined below) can still deny a valid request.
Organizational Guardrails ([policy])
The [policy] block is the central firewall for all agent interactions, enforcing organizational rules across all interfaces (CLI, REPL, MCP).
| Key | Type | Description |
|---|---|---|
mode | string | strict (default-deny), permissive (default-allow), or audit (log only). |
block_files | array<glob> | Explicit list of files/directories agents can never touch. |
allow_files | array<glob> | Explicit safe zones. In strict mode, ONLY these are accessible. |
allowed_binaries | array<string> | List of binaries permitted via the shell tool. |
block_shell_metachars | bool | If true, blocks command chaining (;, &, ` |
require_plan_for_mutations | bool | If true, agents must register a plan before calling edit or shell. |
protected_symbols | array<uri> | List of symbol IDs (e.g., main.rs::init) that cannot be modified. |
Build Tasks
You can define pixi-style hooks for standard project operations directly within settings:
[build.tasks]
build = "cargo build"
test = "pytest tests/"
release = "make release"CURD’s new adapter coverage allows automatic execution via curd build or curd test across poetry, pip, conda, mamba, cargo, npm, uv, and more.
AST Safety Valves ([edit])
Prevents agents from performing non-semantic “oversteering”:
| Key | Type | Description |
|---|---|---|
churn_limit | float | Max percentage of AST nodes modifiable in one call (default: 0.30). |
enforce_transactional | bool | Require a workspace session for all edits. |
Verification Integrity
CURD computes a SHA-256 Config Hash of these settings. This hash is provided to front-ends during authentication to ensure the agent is adhering to the verifiable human-defined policy.