| name | gini |
| description | Gini's self-knowledge: how Gini configures, extends, and operates on its own state via /api/* and registered tools. Load when the user asks Gini about its own capabilities or asks Gini to modify its own configuration. |
| license | MIT |
| metadata | {"gini":{"version":"1.0.0","author":"Gini"}} |
Gini Agent
Gini is a personal agent. The gateway owns durable state and
tool execution. Gini itself operates through /api/* and its registered
tool catalog. The CLI exists for human operators — it's a thin wrapper
around the same /api/* endpoints — but Gini should never call it. The
Next.js BFF, mobile clients, and other front-ends are also /api/*
consumers. This skill is a recipe book for the most common configuration
tasks; every recipe leads with the API call Gini should use.
Load this skill before claiming a limitation. Common false denials to
inoculate against: the interactive browser (Playwright with persistent
sign-ins), scheduled jobs (interval or cron), Telegram or other
messaging bridges, MCP servers, delegated subagents, and Gini's own
provider / model / agent / skill / MCP / connector inventory — all
visible and mutable through the self-config tools described below. Do not
claim "I can't see my model" or "I can't change my settings"; you can.
Self-knowledge — what Gini is and how to change it
When the user asks about Gini itself — "what model are you using",
"what's your config", "what can you do", "what skills do you have",
"switch to deepseek" — the answer comes from the self-config tools,
not from guessing or from "no visibility" disclaimers.
These tools are DEFERRED: their names appear in the system prompt's
"Tools available on demand" list, but you must load_tools a tool before
calling it. The flow is always two steps — load on one turn, call on the
next:
load_tools({ names: ["get_self"] }) (or several at once, e.g.
["list_providers", "set_provider"]).
- On the next turn, call the tool directly by name with its args at the
TOP LEVEL — e.g.
get_self({}), set_provider({ provider: "deepseek" }).
Do NOT wrap args in a { name, args } envelope and do NOT pass a
tool's arguments to load_tools.
The self-config tools (load the ones you need), grouped by surface:
Snapshot
get_self (query) — one-call snapshot: provider, model, active
agent, approval mode, instance, version, counts, plus
approvalSettings (approvalMode, autoApproveCommands,
dangerousTerminalPatterns). Start here for broad
"what / who are you?" questions and before any approval-list replace.
Toolsets
list_toolsets (query) — instance toolsets with status, description,
and the tools each gates. Use before enabling/disabling one.
enable_toolset (mutate) — turn a toolset on so its tools become
available.
disable_toolset (mutate) — turn a toolset off. Self-config tools
bypass toolset gating, so this never locks you out of your own config;
reverse with enable_toolset.
Agents
list_agents (query) — agents + each agent's provider/model
override + the active id. Use before use_agent / delete_agent.
use_agent (mutate) — switch the active agent. Provider/model/
SOUL.md/toolset filter follow the new active row on the next turn.
create_agent (mutate) — create a new agent row. The new agent is
NOT activated; follow up with use_agent.
delete_agent (mutate) — hard-delete an agent and its memory bank.
Refuses the default and the active agent — switch away first.
Providers
list_providers (query) — provider catalog with configured and
isActive per row. Check a target here before set_provider.
set_provider (mutate) — switch provider and/or model. Confirm the
target is configured: true via list_providers first. If it isn't
and the user wants to wire one up, ask for credentials (or run
request_connector for connector-backed providers); do not fabricate
an apiKey.
remove_provider (mutate) — disconnect an env-keyed provider (scrub
its key). Codex and local can't be removed this way.
Approvals
set_approval_mode (mutate) — set the runtime approval mode (strict
/ auto / yolo). Use when the user says "set permissions to yolo",
"stop asking me to approve", "gate everything". In strict this change
itself requires approval.
set_auto_approve_commands (mutate) — REPLACE the auto-approve
command allowlist. Read get_self.approvalSettings.autoApproveCommands
first and include the entries you want to keep.
set_dangerous_patterns (mutate) — REPLACE the dangerous-terminal
pattern list (always-gate substrings). Same replace semantics — read
get_self.approvalSettings.dangerousTerminalPatterns first.
MCP
list_mcp_servers (query) — registered MCP servers.
add_mcp_server (mutate) — register a stdio (command) or http
(url) MCP server.
remove_mcp_server (mutate) — disable a registered MCP server.
Connectors
list_connectors (query) — registered connectors (claude-code,
codex, linear, …).
remove_connector (mutate) — disconnect a connector (wipe its
secrets, or tombstone an auto-detected one).
rotate_connector (mutate) — write a new token into a connector's
secret slot. Pass purpose when it has more than one slot.
Runtime
update_self (mutate) — pull the latest commit and RESTART the
gateway to run the new code. Only works from the installer-managed
runtime. Warn the user the runtime will restart.
Skills
list_skills (query) — installed skills with status. Distinct from
read_skill, which fetches one skill's body.
test_skill (query) — validate one skill's record and report
pass/fail. Diagnostic, no approval.
rollback_skill (mutate) — roll a skill back to its previous saved
version.
Query tools resolve immediately; mutate tools may require user approval.
Recipe — answering "what model are you using"
load_tools({ names: ["get_self"] }), then call get_self({}).
- Quote
activeAgent.resolvedProvider.name + .model and
approvalMode. If activeAgent.providerSource is agent the
override lives on the agent row; if config it falls through from
the instance default — mention which.
Never invent provider names or version numbers. If get_self returns
something you don't recognize, report it verbatim.
Recipe — answering "what providers do you have"
load_tools({ names: ["list_providers"] }), then call
list_providers({}).
- Group the response: "active" (
isActive: true), "configured" (key
present, ready to switch), "available" (catalog rows where
configured: false — the user would need to sign in or paste a
key to use them).
Recipe — "set provider to deepseek"
load_tools({ names: ["list_providers", "set_provider"] }), then call
list_providers({}). Find the deepseek row.
- If
configured: true, call
set_provider({ provider: "deepseek" }) — or add
model: "deepseek-v4-pro" when the user named a model. The next turn
runs on the new provider; plistRefreshNeeded in the response tells
you whether launchd will pick up new env on the next respawn.
- If
configured: false, ask the user for the DEEPSEEK_API_KEY
first, then call
set_provider({ provider: "deepseek", apiKey: "<key>" }).
The same shape works for openai, openrouter, local, codex,
and echo — see list_providers for the full catalog.
Recipe — "switch to agent X" / "be Athena now"
load_tools({ names: ["list_agents", "use_agent"] }), then call
list_agents({}) and find the row matching the name or id.
- Call
use_agent({ agentId: "<id or name>" }).
- The new agent's SOUL.md and provider override take effect on the
next turn.
Recipe — "set permissions to yolo" / "stop asking for approval"
load_tools({ names: ["set_approval_mode"] }), then call
set_approval_mode({ mode: "yolo" }) (or "auto" / "strict").
- Never shell out to
curl/the settings API for this — that bypasses
the registered tool and fails on auth.
Recipe — "what skills do you have"
load_tools({ names: ["list_skills"] }), then call list_skills({})
(default returns all statuses). For "what skills can you use right
now", pass { status: "enabled" }.
- Reply with names + brief descriptions. If the user asks for
detail on one, call
read_skill with that id.
Recipe — "disable browser tools"
load_tools({ names: ["list_toolsets", "disable_toolset"] }), then
call list_toolsets({}) to confirm the browser toolset name.
- Call
disable_toolset({ toolset: "browser" }). The browser tools
stop being offered next turn; your self-config tools are unaffected.
Re-enable any time with enable_toolset({ toolset: "browser" }).
Recipe — "always auto-approve git commands"
load_tools({ names: ["get_self", "set_auto_approve_commands"] }),
then call get_self({}) and read
approvalSettings.autoApproveCommands — the current allowlist.
set_auto_approve_commands REPLACES the list, so pass the existing
entries plus the new one:
set_auto_approve_commands({ patterns: [...existing, "git "] }).
Dropping the existing entries here would silently un-approve them.
API and registered tools — not the CLI
Gini itself operates through /api/* and the registered tool catalog.
Shelling out to gini ... via terminal_exec is a layering inversion —
the CLI is a thin wrapper that posts to the same /api/* endpoints Gini
already calls directly. The agent should never use its own CLI to drive
its own runtime.
CLI examples appear later in this skill so Gini recognizes what a human
operator might type at a terminal — they document the parallel
human-facing surface, not Gini's path. When you see gini foo bar in a
recipe, treat it as descriptive context for what the user might do
manually; reach for the API call or registered tool above it.
Never read ~/.gini/instances/<inst>/*.json directly — hit /api/status
and friends. The API is the source of runtime truth.
Where State Lives
Runtime state belongs to /api/*; reach for the paths below only when a
user-facing answer requires naming the on-disk location (where sign-ins
persist, where a skill ends up).
~/.gini/instances/<inst>/chrome-profile/ — Playwright Chromium
profile; persistent browser sign-ins land here.
~/.gini/instances/<inst>/skills/<name>/ — user-installed skills (the
agent's own writable skill dir); these land flat, no category subfolder.
skills/<category>/<name>/ (repo root) — built-in skills shipped with
Gini.
~/.gini/instances/<inst>/workspace/ — default workspace root for
file.* tools; file.write lands here unless GINI_WORKSPACE
overrides it.
Browser
By DEFAULT the runtime drives a single per-instance headless Chrome it spawns
itself, against a per-instance profile at ~/.gini/instances/<inst>/chrome-profile/.
It launches lazily on the first browser tool call. Sign-ins land on disk and
survive runtime restarts. When a site needs a sign-in, the user signs in through
a live in-chat screencast of that same headless Chrome (browser_connect), so
the user and the agent act on one browser the whole time. As a power-user
option the user can instead attach the runtime to their OWN already-running
external Chrome over CDP (POST /api/browser/connect with {cdpUrl}); the
runtime drives that Chrome but never starts or stops the process. (The old
visible managed-window mode was removed — issue #420.)
Tool surface, grouped by role:
- Navigation:
browser.navigate, browser.back,
browser.tabs.{list,new,switch,close}.
- Interaction:
browser.click, browser.type, browser.press,
browser.hover, browser.drag, browser.select_option,
browser.scroll.
- Inspection:
browser.snapshot, browser.wait_for,
browser.console, browser.vision.
- Side-effecting (approval-gated):
browser.upload_file. Plus
browser.close to tear down the session.
Interactive actions skip the approval gate because the snapshot itself
is the trace evidence; uploads are gated because they egress local
bytes.
Recipe — authenticated workflow on a new site
When a site needs a sign-in the user hasn't completed:
- Navigate with
browser.navigate (headless). If the page is a sign-in /
OAuth / auth wall, call the browser_connect tool with the target URL —
do NOT report "sign-in needed" as a blocker.
- The user gets a Connect button in chat. Clicking it opens a live
screencast of the agent's headless Chrome at that page; they sign in once
and click "I've signed in". The cookies persist on disk.
- The agent continues against the now-signed-in profile — no relaunch, no
visible window. The sign-in survives later tasks and runtime restarts.
Human-operator CLI mirror (the same calls a person might run from a
terminal — not Gini's path): gini browser {status | connect [--url WSURL] | disconnect}. A bare connect is a no-op for the default spawned browser
(sign-in is the in-chat screencast, not a CLI flow); connect --url ws://...
attaches to the user's own external Chrome over CDP. To clear saved logins from
the spawned profile, rm -rf the per-instance profile dir.
Scheduled Jobs
Jobs run on an interval or a cron expression. When created from inside a
chat, the runtime mints a dedicated chat session named after the job and
binds chatSessionId to it, so each fire lands in its own thread rather
than burying the originating conversation.
Create an interval job:
POST /api/jobs
Content-Type: application/json
{
"name": "audible-renewal-check",
"intervalSeconds": 86400,
"prompt": "Open audible.com and confirm my subscription is still active."
}
Create a cron job:
POST /api/jobs
{
"name": "morning-summary",
"cronExpression": "0 9 * * *",
"cronTimezone": "America/Los_Angeles",
"prompt": "Summarize new email and Slack pings since yesterday 9am."
}
Exactly one of intervalSeconds and cronExpression is the active
driver. cronTimezone defaults to UTC.
Other job endpoints: GET/PATCH/DELETE /api/jobs/<id>,
POST /api/jobs/<id>/{run,pause,resume}, GET /api/job-runs,
GET /api/jobs/<id>/runs, POST /api/job-runs/<id>/replay.
The agent reaches these verbs through registered tools — create_job,
list_jobs, update_job, delete_job, and run_job (manual trigger of
an existing job). Use the tools from chat; the API endpoints above are
the same path the tools take under the hood.
Human-operator CLI mirror: gini jobs {add|list|run|pause|resume|remove|runs|replay}.
Recipe — one-shot reminder
The user asks "remind me at 9am on 2026-08-19 to pause my Audible
subscription." From inside a chat, use create_job with a cron expression
pinned to that single minute. The chat-session binding happens
automatically. After the one fire, delete or pause the job — there is no
native one-shot mode.
Messaging — Telegram
The Telegram bridge speaks the Bot API over fetch and ingests messages
via long-polling getUpdates. No webhook URL is required. A local
instance behind NAT works the same as one on a public host.
Setup
-
Create a bot. Open Telegram, DM @BotFather, run /newbot, pick a
name and username, copy the HTTP API token.
-
Register the bridge with the bot token:
POST /api/messaging
Content-Type: application/json
{
"name": "my-bot",
"kind": "telegram",
"deliveryTargets": [],
"botToken": "<BOT_TOKEN>"
}
The response carries the bridge id and an initial status. The bot's
username isn't resolved yet — run the health probe next to learn the
actual handle.
Human-operator CLI mirror: gini messaging add my-bot telegram --bot-token <BOT_TOKEN>.
-
Probe health to resolve the bot handle. This calls Telegram's
getMe and writes metadata.botUsername onto the bridge so later
prompts can say @<bot> instead of "your bot":
POST /api/messaging/my-bot/health
A successful response reports Connected as @<bot>. and the bridge
status flips to configured. Fix any token error before continuing.
Human-operator CLI mirror: gini messaging health my-bot.
-
Enroll the user's chat. Have the user DM the bot anything
(including /start). The runtime mints a short verification code
(F971-8261 format, 10-minute TTL), records it on
bridge.metadata.recentDeniedChats[].verificationCode for the
originating chat, and DMs the same code back to the user. Fetch the
pending list with GET /api/messaging/my-bot/chats, confirm the
verificationCode matches what the user reports receiving, then
allow-list the chat in the next step. A DM after the code expires
mints a fresh one and replaces the row.
-
Allow-list the chat ID so the bridge will deliver messages there:
POST /api/messaging/my-bot/allow
{ "chatId": 123456789, "expectedCode": "F971-8261" }
Pass the expectedCode you confirmed in step 4. The server re-checks
that it still matches the live verificationCode on the pending row
and hasn't expired, so a code that rotated (the user re-DM'd and
minted a new one) or aged past its TTL between fetch and approve
returns 409 Conflict instead of silently allow-listing the chat.
Group chat IDs are negative integers — that is correct, not an
error. Group chats have no verificationCode (no per-user channel
to deliver one through), so omit expectedCode when allow-listing a
negative chat ID.
Human-operator CLI mirror: gini messaging allow my-bot <chatId>.
The CLI omits the code because the explicit invocation on the
operator's machine already proves intent; the API path is the one
that needs the code-rotation check.
-
Send a message to confirm round-trip:
POST /api/messaging/my-bot/send
{ "text": "Hello from Gini.", "target": "local" }
Human-operator CLI mirror: gini messaging send my-bot "Hello from Gini.".
Bridge kind supports telegram and demo today; future messengers
slot into the same /api/messaging shape.
The agent's tool for sending is send_message. messaging.send is
high-risk by classification, so it flows through the approval seam
exactly like file.write and terminal.exec — see the Approvals
section below for the three-mode contract (strict blocks, auto
auto-approves with a full audit trail, yolo skips the queue).
Inspecting state
API: GET /api/messaging, GET /api/messaging/<id>/{chats,messages},
POST /api/messaging (create), POST /api/messaging/<id>/{health,disable,remove,allow,deny,reject-pending,send,receive}.
Human-operator CLI mirror: gini messaging {list|add|health|disable|remove|receive|send|messages|allow|deny|reject-pending|chats}. disable keeps the bridge row with status "disabled"; remove drops it. Telegram per-chat enrollment uses allow/deny/reject-pending/chats; Discord uses channel-as-auth via deliveryTargets (no per-chat allowlist).
MCP Servers
Register a local MCP server by command:
POST /api/mcp
Content-Type: application/json
{ "name": "fs-mcp", "command": "node", "args": ["/path/to/server.js"], "exposedTools": [] }
Health probe and tool invocation:
POST /api/mcp/fs-mcp/health
POST /api/mcp/fs-mcp/invoke
{ "tool": "read_file", "args": { "path": "/tmp/x" } }
Listing: GET /api/mcp.
exposedTools defaults to [], which exposes everything the server
advertises.
The agent's tool for calling registered MCP tools is mcp_call
(args: server, tool, arguments). It auto-executes — invocations
are NOT gated through the approval queue (the MCP server itself is
operator-registered so the agent can't reach arbitrary code). Each
call writes a mcp.tool.invoked audit row.
To enumerate the registered servers from chat, load_tools({ names: ["list_mcp_servers"] }) then call list_mcp_servers({}).
Human-operator CLI mirror:
gini mcp add fs-mcp node /path/to/server.js
gini mcp health fs-mcp
gini mcp invoke fs-mcp read_file '{"path":"/tmp/x"}'
gini mcp list
Connectors
Connectors register external coding/issue services so subagents and
related skills can call them. Built-in providers: claude-code, codex,
linear, demo, generic.
API:
GET /api/connectors/providers — discover what's installable.
POST /api/connectors { provider, name, token } — register one.
GET /api/connectors — list registered connectors.
POST /api/connectors/<id>/health — health probe.
PATCH /api/connectors/<id> { token } — rotate the credential.
DELETE /api/connectors/<id> — remove.
POST /api/connectors/detect — auto-detect locally installed CLIs.
From chat, load_tools({ names: ["list_connectors"] }) then call
list_connectors({}) for inventory, and request_connector to drive a
user-mediated add when one is missing.
Human-operator CLI mirror:
gini connectors providers
gini connectors add --provider claude-code --name claude-main --token <T>
gini connectors list
gini connectors health <id>
gini connectors remove <id>
gini connectors rotate <id> --token <T>
gini connectors detect
Subagents (Delegated Coding)
Spawn a registered coder (Claude Code, Codex) to execute a delegated
prompt. From inside chat the agent should use the spawn_subagent tool;
the same call reaches the API path below.
API: POST /api/subagents { name, prompt }, GET /api/subagents.
Human-operator CLI mirror:
gini subagents spawn <connector-name> "Implement and commit the fix."
gini subagents list
For depth on prompting and tmux/PTY patterns, load skills/agents/claude-code/SKILL.md
or skills/agents/codex/SKILL.md — those skills cover --allowedTools,
--max-turns, --full-auto, worktree layout, and dialog handling.
Memory
Three surfaces, no fourth:
USER.md (instance-scoped, always-inject) — user identity, preferences,
recurring goals. Edits go through edit_user_profile, which
auto-approves: writes land at the approved file and ride the system
prompt on the next turn. Cross-agent — switching agents preserves
the user profile.
SOUL.md (per-agent, always-inject) — agent persona and behavior
rules. edit_soul auto-approves a clean body (lands at the approved
file, rides the prompt next turn); the injection scanner routes a body
that trips a threat pattern through SOUL.md.proposed until approved.
- Hindsight (per-agent SQLite bank, recall-on-demand) — long-term
memory populated by auto-retain at task end. Recall surfaces relevant
units automatically;
recall_memory is the on-demand lookup tool.
The legacy state.memories pinned-memory store, add_memory,
update_memory, the /api/memory CRUD routes, and
gini memory list|add|approve|reject were removed in the
memory-surface consolidation. The only API surfaces are the Hindsight
endpoints (/api/memory/retain, /api/memory/recall,
/api/memory/reflect, /api/memory/units, /api/memory/banks) plus
the identity-file approve endpoint for SOUL.md
(POST /api/identity-files/soul/approve).
Human-operator CLI mirror: gini memory {retain|recall|reflect|units|banks|migrate}.
Skills
Built-in skills live under the repo at skills/<category>/<name>/SKILL.md.
User-installed skills land flat at
~/.gini/instances/<inst>/skills/<name>/SKILL.md (no category subfolder).
The runtime loads both on boot.
To enumerate skills from chat, load_tools({ names: ["list_skills"] })
then call list_skills({}) (filter via { status, nameContains }). To
load a specific skill's body use read_skill.
For lifecycle operations the agent has three tools: install_skill
(lands a raw SKILL.md body), enable_skill, and disable_skill. The
meta/install-skill skill still drives the full install UX (parsing
pasted descriptions, drafting frontmatter); these tools are the fast
path when the SKILL.md text is already in hand.
API: GET /api/skills[/<id>], POST /api/skills,
POST /api/skills/<id>/{enable,disable,test,rollback},
PATCH /api/skills/<id>, GET /api/skills/validate.
Human-operator CLI mirror: gini skills {list|show|enable|disable|test|rollback|validate|search}.
To draft a new SKILL.md interactively, use meta/create-skill.
Approvals
The runtime classifies browser.upload_file (hard-coded) plus any tool
whose name contains write, exec, or send as high risk.
file.write, terminal.exec, messaging.send, and similar all run
through the approval seam. Browser interactive actions
(browser.click, browser.type, browser.drag, browser.select_option,
browser.tabs.{new,switch,close}) are medium and trace via snapshot
evidence — they do not block on approval. The agent should propose
high-risk actions and surface them to the queue — not refuse them.
approvalMode lives on the runtime config and decides how the seam
treats each high-risk call: strict | auto | yolo. Set via
PATCH /api/settings/auto-approve.
- strict — the side effect blocks until a human approves the row
via
POST /api/authorizations/<id>/approve (or denies it).
- auto — the approval row is created with
status: "pending",
then the runtime auto-resolves it (status: "approved") and runs
the side effect without waiting for a human. The audit trail is
complete: the resolution audit row carries
evidence.autoApproved: true plus autoApprovedReason: "approval-mode-auto".
- yolo — the approval row is still written and resolved
through the same auto-approve path, but the policy seam skips its
per-action gate check entirely. The resolution audit row carries
evidence.autoApproved: true plus autoApprovedReason: "approval-mode-yolo", so the audit trail stays complete; only the
wait disappears. This is the install default; operators can switch
to strict or auto via PATCH /api/settings/auto-approve.
GET /api/authorizations
POST /api/authorizations/<id>/approve
POST /api/authorizations/<id>/deny
Human-operator CLI mirror:
gini approval list
gini approval approve <id>
gini approval deny <id>
Troubleshooting
Telegram bridge stuck in error after health probe — re-probe via
POST /api/messaging/<id>/health; the response is the updated bridge
record with its message field set. Telegram bot token is missing — recreate the bridge with a botToken. means the token never landed;
recreate the bridge with the real token via POST /api/messaging
({ name, kind: "telegram", deliveryTargets: [], botToken: "<BOT_TOKEN>" }).
Any other message is the raw Telegram error from getMe(); the most
common is Unauthorized from a bad or revoked token — re-copy the token
from BotFather and recreate the bridge. (Human-operator CLI mirror:
gini messaging health, then
gini messaging add my-bot telegram --bot-token <BOT_TOKEN>.)
Spawned browser launch fails with "Failed to launch Chromium" — the
error names what to do (Confirm Chrome / Chromium is installed (or set GINI_CHROME_PATH), or run \bunx playwright install chromium`). The runtime auto-installs Playwright's Chromium when no browser is on disk; if that fails, install Chrome or set GINI_CHROME_PATHto a Chromium-compatible executable and retry the browser tool call. (This applies to the default spawned transport; acdp` attach instead fails with a "Failed to attach over CDP"
message — disconnect and let the agent use its own spawned browser.)
Sign-in screencast won't open ("The agent's browser isn't running") —
the spawned Chrome wasn't live when Connect was clicked (e.g. after a gateway
restart). With a recorded page URL the runtime relaunches headless and
navigates there automatically; if it still can't, navigate to the page again
(browser.navigate) and re-call browser_connect.
User says a high-risk action is "stuck" — it is sitting in the
approval queue. Fetch GET /api/authorizations to see pending items, then
POST /api/authorizations/<id>/approve or /deny. (Human-operator CLI mirror:
gini approval list, then approve <id> or deny <id>.) The agent
should never refuse a high-risk action up front — propose it, let it
land in the queue, and wait for the user's decision.
Rules
- Do not refuse a capability without first checking this skill and the
approval queue. Propose the action; let the user approve.
- Gini operates through
/api/* and registered tools — never shells
out to its own CLI. Calling gini ... via terminal_exec is a
layering inversion: the CLI is just a wrapper that posts to the same
endpoints. For state queries, runtime mutations, and capability
invocations, use the API directly (or the matching registered tool
when one exists, e.g. create_job, list_jobs, update_job,
delete_job, run_job, spawn_subagent, read_skill, and the
self-config tools (load_tools them first: get_self, list_providers,
set_provider, use_agent, …)).
- Never read
~/.gini/instances/<inst>/*.json directly — call /api/*.
- Persistent browser cookies are a feature. For sign-in, call
browser_connect once (the in-chat screencast); do not ask the user to
re-authenticate on every run.
- When the user asks Gini to remember to do something later, create a
scheduled job — the runtime auto-binds it to a dedicated thread so
future fires don't bury the current conversation.
- For durable identity facts ("my name is X", "I prefer Y") call
edit_user_profile so they ride the prompt every turn across agents.
For ephemeral facts let auto-retain land them in Hindsight — never
narrate "I'll remember that" without actually calling a tool.