What is a reefpod?

A reefpod is a portable, versioned AI-agent package. It bundles the directive, model, inputs, tools, budget, and definition of “done” needed to run an AI workflow safely and repeatably — and it produces a verifiable record of what happened.

Prompt vs. script vs. reefpod

A prompt tells an AI what to say. A script tells a computer what to do. A reefpod declares an AI workflow: which runtime and model it uses, what inputs it accepts, what it may spend, what counts as success, and what proof it should leave behind. It is a directory anchored by a pod.toml manifest plus its prompt files and assets.

What a reefpod contains

my-pod/
  pod.toml          # identity, runtime, model, inputs, directive, output, budget
  prompts/
    system.md       # the directive template
  README.md

The pod.toml manifest ties it together:

See the pod.toml reference for every field.

Where a reefpod runs

Reefpods execute on a reef-core deployment — the authoritative runtime. konareef, the CLI, is how you author, validate, publish, install, and verify pods. Because the pod declares its own boundaries, the same pod behaves the same way wherever it runs.

Why budgets are in satoshis

Runs are metered and paid over Bitcoin SV rails (via PayGate), so [budget] caps are denominated in satoshis, not dollars. A budget is a hard ceiling: the run stops rather than overspending, which makes a pod safe to hand to a teammate or a customer.

Why permissions live in the pod

A reefpod names the secrets it needs (by name only — values come from the reef-core vault at spawn) and can restrict which tools the directive may call with tools_allowed / tools_denied. The trust boundary travels with the pod, so a reviewer can read pod.toml and know exactly what it can touch and spend. The Security & trust page covers this in depth.

Why proof matters

Every run on reef-core yields a signed custody proof — cryptographic evidence of what the pod did, what it cost, and that it stayed within its declared boundaries. Proofs can be re-verified offline with konareef verify, so a buyer never has to take a publisher’s word for it. This is what makes reefpods safe to share and, eventually, to sell.

How reefpods are shared

Once a pod validates, you create a publisher identity, sign it, and publish it. Buyers install it, verify the publisher’s attestation, and run it — with the same budget and boundary guarantees the author declared. That path is covered in the developer authoring docs; the Quickstart gets you to a validated pod first.