When an agent deploys an app, it creates a manifest, a description of everything the app needs to run. This is what you see during the approval flow, and understanding it helps you make good decisions about what to approve.

Reading a manifest

Here's an annotated example of a service app manifest:

# Basic info
name: Sales Dashboard
description: Interactive dashboard showing quarterly sales data
kind: service                    # 'service' (running process) or 'static' (files only)

# How to run it
command: node server.js          # The start command (services only)
# static_dir: dist/             # Directory to serve (static sites only)

# Network access
expose: true                     # Accessible through the platform UI
network_destinations:            # External hosts the app can reach
  - host: api.example.com
    port: 443

# Filesystem access
read_paths:                      # Directories the app can read
  - /data/reports
write_paths:                     # Directories the app can write
  - /tmp/cache

# Resource limits
memory_mb: 256                   # Max memory (megabytes)
cpu_shares: 512                  # CPU allocation weight
max_pids: 50                     # Max number of processes

# Credentials
credentials:                     # Secrets the app needs
  - query: OpenAI API key
    reason: Used for generating chart descriptions
    env_var_prefix: OPENAI       # Creates OPENAI_USERNAME, OPENAI_PASSWORD, etc.

# Health checks (services only)
health_check:
  path: /health                  # Endpoint to check
  interval_secs: 10              # How often to check
  timeout_secs: 2                # How long to wait for response
  initial_delay_secs: 5          # Wait before first check
  failure_threshold: 3           # Failures before marking unhealthy

# Restart and hibernation
restart_policy: on_failure       # 'on_failure' or 'always'
hibernate: true                  # Auto-sleep after inactivity

What to look for when approving

When reviewing a manifest, pay attention to:

• command. What program will run? Does it look reasonable for what you asked?
• network_destinations. Does the app need to reach external services? If you asked for a simple dashboard, it probably shouldn't need network access.
• credentials. Is the app requesting API keys or passwords? Make sure the reason is legitimate.
• read_paths / write_paths. What files can the app access? It shouldn't need access beyond its own directory unless there's a specific reason.

Common manifest patterns

Simple static site (no network, no credentials)

A data visualization page built from a CSV you uploaded:

• kind: static, network_destinations: none, credentials: none
• This is the safest kind of app. It's just serving files.

API-connected service

A dashboard that fetches live data from an external API:

• kind: service, network_destinations: [api.example.com:443], credentials: [API key]
• Review that the API destination and credentials match what you expect.

Internal tool

A service that processes workspace files:

• kind: service, network_destinations: none, read_paths: [workspace]
• No external access, just reading your files. Relatively safe.

Managing deployed apps

Stopping an app

Stops the running process but keeps the app configuration. You can restart it later.

Restarting an app

Stops and immediately restarts. Useful to pick up environment changes or clear a bad state.

Destroying an app

Permanently removes the app. The source code remains in the agent's workspace, but the app configuration and process are deleted. To run it again, the agent would need to redeploy.

Server-level settings

These settings control app behavior across your entire instance:

Setting	Default	Description
FRONA_APP_PORT_RANGE_START	4000	First port available for apps
FRONA_APP_PORT_RANGE_END	4100	Last port available for apps
FRONA_APP_HEALTH_CHECK_TIMEOUT_SECS	30	Timeout for health checks
FRONA_APP_MAX_RESTART_ATTEMPTS	2	How many times to restart a crashed app
FRONA_APP_HIBERNATE_AFTER_SECS	259200	Inactivity before hibernation (default: 3 days)

Tips

• Simpler manifests are safer. A static site with no network access is always safer than a service with external connections.
• Don't over-provision resources. Most simple apps work fine with default memory and CPU settings.
• Check credentials carefully. If an app requests credentials, make sure you understand why and that the env_var_prefix makes sense.

Next steps

• Building & Deploying Apps. The full app deployment workflow.
• Managing Secrets & API Keys. How credential requests work.
• Sandbox. How sandboxing protects your system.