What is a reefpod?
A reefpod is a portable, versioned AI-agent package. It bundles the directive, model, inputs, tools, budget, and definition of “done” needed to run an AI workflow safely and repeatably — and it produces a verifiable record of what happened.
Prompt vs. script vs. reefpod
A prompt tells an AI what to say. A script tells a computer what to do. A
reefpod declares an AI workflow: which runtime and model
it uses, what inputs it accepts, what it may spend, what counts as
success, and what proof it should leave behind. It is a directory
anchored by a pod.toml manifest plus its prompt files and
assets.
What a reefpod contains
my-pod/
pod.toml # identity, runtime, model, inputs, directive, output, budget
prompts/
system.md # the directive template
README.md
The pod.toml manifest ties it together:
- Identity —
[pod]: name, version, description. - Runtime & model —
[runtime]and[model]: where and with what the pod runs. - Inputs —
[inputs]: typed, validated parameters. - Directive —
[directive]: the task or prompt template. - Definition of done —
[output]: success/failure predicates and deliverables. - Budget —
[budget]: hard caps in satoshis.
See the pod.toml reference for every field.
Where a reefpod runs
Reefpods execute on a reef-core deployment — the authoritative runtime. konareef, the CLI, is how you author, validate, publish, install, and verify pods. Because the pod declares its own boundaries, the same pod behaves the same way wherever it runs.
Why budgets are in satoshis
Runs are metered and paid over Bitcoin SV rails (via PayGate), so
[budget] caps are denominated in satoshis,
not dollars. A budget is a hard ceiling: the run stops rather than
overspending, which makes a pod safe to hand to a teammate or a customer.
Why permissions live in the pod
A reefpod names the secrets it needs (by name only — values
come from the reef-core vault at spawn) and can restrict which tools the
directive may call with tools_allowed / tools_denied.
The trust boundary travels with the pod, so a reviewer can read
pod.toml and know exactly what it can touch and spend. The
Security & trust page covers this in
depth.
Why proof matters
Every run on reef-core yields a signed custody proof —
cryptographic evidence of what the pod did, what it cost, and that it
stayed within its declared boundaries. Proofs can be re-verified offline
with konareef verify, so a buyer never has to take a
publisher’s word for it. This is what makes reefpods safe to share and,
eventually, to sell.
How reefpods are shared
Once a pod validates, you create a publisher identity, sign it, and publish it. Buyers install it, verify the publisher’s attestation, and run it — with the same budget and boundary guarantees the author declared. That path is covered in the developer authoring docs; the Quickstart gets you to a validated pod first.