Skip to main content
Subdirectory: hosts/ · Body: host knowledge (free-form text, optional) The MDX body becomes the host’s knowledge — free-form notes the agent reads before working on this host. Keep it operator-facing: installed tools, quirks, where credentials live, exact software versions.

Frontmatter

FieldTypeRequiredDefaultDescription
orgstringYesOrganization name. Hosts are always org-scoped — every host belongs to an organization.
namestringYesPrimary identifier. Typically the machine’s hostname or a descriptive name.
public_ipstring | nullNonullExternally accessible IP. At least one of public_ip or private_ip is required at create time.
private_ipstring | nullNonullInternal IP.
additional_namesstring[]No[]Free-form aliases for recognition and search — not structured tags.
target_typessh | winrmNosshConnection protocol.
target_portinteger | nullNonull (defaults to 22 / 5985)Override only for non-standard ports.
skip_tls_verifybooleanNofalseAccept self-signed certs on WinRM-over-HTTPS targets.
tagsstring[]No[]Vocab-validated tags: os:*, shell:*, type:*, tech:*, plus open app:*.
is_jump_hostbooleanNofalseMarks this host as an SSH bastion relay — set target_type: ssh, since bastions are reached over SSH.
jump_hoststringNoReference an existing host by its name to route this host’s SSH connections through that bastion.
jump_host_credentialstringNoReference a Credential by its name for the bastion’s password or PEM private key.
jump_host_user_credentialstringNoReference a Credential by its name for the bastion’s SSH username.
eligible_subnetsstring[]No[]IPv4 CIDRs whose hosts are reasonable to route through this bastion (UX hint only — not enforced by the executor).
Jump hosts are applied before the hosts that reference them during resources sync, so forward references within the same sync are safe.

Fields NOT supported

These come from later forms or other resources and are not yet declarable in MDX:
  • knowledge field — comes from the MDX body, not frontmatter
  • description — set in the UI for now
  • id, tenant_id, org_id, created_at, updated_at — system-set
Any extra key in frontmatter fails strict validation.

Example

hosts/web-01.mdx
---
org: platform-team
name: web-01
public_ip: 203.0.113.10
private_ip: 10.0.0.10
target_type: ssh
target_port: 22
additional_names:
  - web-front-01
tags:
  - os:linux
  - os:ubuntu
  - shell:posix
  - type:web
  - tech:nginx
---
Nginx serves the public site; vhosts live in /etc/nginx/sites-enabled.
Deploys land in /var/www/releases with a `current` symlink.
The PostgreSQL client is installed but `psql` should be invoked with
`--no-psqlrc` because the system one has a hard-coded pager.

Gotchas

  • Tags are vocab-validated. Free-text tags are rejected. See the tag vocabulary for the closed list.
  • additional_names are not the structured tags. They’re free-form aliases for search. Real tags go in tags.
  • Re-syncing the body replaces host knowledge wholesale. Editing the body in MDX and re-syncing overwrites what’s in Command Center.
  • At least one IP is required. Either public_ip or private_ip must resolve to a non-null value before the host can be created.