Roles & Sessions

PILSO OS uses a role-based session model that gives you fine-grained control over how LLM agents behave, what tools they can access, and how long they maintain state.

Each agent session is scoped to a single role, which acts like a secure sandbox:

“You are this type of agent. Here are your tools. Stay within these boundaries.”

What is a Role?

A role in PILSO defines an agent’s identity, capabilities, and behavioral limits. Think of it like an AI-powered user account with a job description.

Defined in your pilso-roles.json, each role includes:

Field

Description

name

The role identifier (e.g. "signer", "developer")

description

Human-readable explanation of what the agent is for

tools

A list of MCP tool methods the role is allowed to use

goals

Natural-language prompts describing what the role should achieve

guardrails

Explicit behavioral constraints injected into the system prompt

Example: Role definition

{
  "signer": {
    "description": "An agent responsible for signing transactions using MetaMask.",
    "tools": ["metamask.sign"],
    "goals": [
      "Sign prepared transactions securely",
      "Ensure all transactions are reviewed before submission"
    ],
    "guardrails": [
      "Never initiate token transfers",
      "Always explain what you're signing",
      "Never deploy contracts"
    ]
  }
}

Starting a Role Session

Once your role is defined in pilso-roles.json, you can start a session using:

npx pilso start -r signer

This launches a live agent CLI with:

The specified role (signer)
All scoped tools loaded
Your selected LLM connected
Memory initialized for that session

What is a Session?

A session is a live runtime context between:

An LLM (agent)
A set of tools (MCP servers)
A defined role
The user's active prompt stream

Sessions track:

Prompt history
Tool call logs
Agent decisions
CLI environment state

All session data is saved inside:

.pilso/session-logs/{timestamp}.json

This makes your workflows auditable and debuggable.

Switching Between Roles

Want to try a different agent configuration?

npx pilso start -r developer

To list available roles:

npx pilso roles list

To add a new one:

npx pilso roles add deployer

Each session is completely sandboxed per role — no cross-contamination, no memory bleed.

Persistent vs Ephemeral Sessions

Mode

Behavior

Ephemeral

Default. Memory is wiped when the session ends.

Persistent

Coming soon. Agent memory (e.g. seen tools, known chains) persists across sessions.

Security via Role Boundaries

Roles are your first line of defense against LLM misuse. They:

Scope the agent's available tools
Shape the system prompt to guide intent
Prevent actions like signing, deploying, or transferring unless explicitly allowed

Well-structured roles = safer agents.

Debugging Sessions

Every agent session is logged. You can inspect session histories with:

npx pilso sessions list
npx pilso sessions view <session-id>

Or just open the .json file in ./.pilso/session-logs/.

These logs include:

All prompts + replies
All MCP tool calls and responses
Any signing events

This helps with auditing, testing, and fine-tuning roles.

Roles give your agents structure. Sessions bring them to life — safely, repeatably, and with full visibility.

PreviousConfiguration Guide NextCLI Reference & Commands

Last updated 8 months ago

hashtagWhat is a Role?

hashtagExample: Role definition

hashtagStarting a Role Session

hashtagWhat is a Session?

hashtagSwitching Between Roles

hashtagPersistent vs Ephemeral Sessions

hashtagSecurity via Role Boundaries

hashtagDebugging Sessions