An Agent Runner is a persistent automation object. You configure it once — prompt, model, trigger, tools, guardrails, knowledge — and then it runs repeatedly against your MSP stack. Closer to a managed workflow asset than a disposable AI conversation.
Name, description, model, system prompt, trigger mode, scoped tools, runtime caps, and optional reusable knowledge — all versioned on every save.
Fire it on demand, on a cron schedule with timezone support, or from webhook payloads. Each run is tracked with a full execution record.
Explicit tool allow-list, per-agent max runtime, per-run credit cap, dry-run mode, and server-side tenant validation — no implicit trust surface.
Status, summary, token counts, tool-call count, credits consumed, duration, trigger payload, and full transcript — all retrievable after the fact.
StackJack already gives your AI clients scoped MCP access to your MSP stack. Agent Runners add the missing layer — triggers, guardrails, credits, and a run record — that turns a single tool call into a repeatable workflow.
Every Agent Runner moves through two phases: author & deploy, then execute & record. Both phases are inspectable end-to-end.
MaxCreditsPerRun before long-running work begins. BYOK tenants skip this.Each mode is a real system, not a checkbox. Pick per agent based on how you want the workflow to run.
Per-agent webhook secret, configurable payload modes (none / full / selected fields), payload size cap, and 10 hits/minute per-agent rate limit.
MSPs don’t need more autonomy — they need more control. Agent Runners are built for supervised rollout, not magic-button hype.
The runtime filters the agent’s tool access to read-only during dry-run. Not a label — it materially changes what the agent can do.
Agents cannot be created without a concrete tool list. Every requested tool is validated against your connector subscriptions and plan.
Beyond a simple allow-list: tri-state policy (allowed / denied / required), plus optional ordered tool chains for multi-step workflows.
Max runtime and MaxCreditsPerRun are enforced at runtime, not reported after the fact.
Runs are blocked if consent isn’t accepted or the agent’s remote state drifted. Silent failure isn’t an option.
Per-agent signed secret, payload size cap, 10/min rate limit, and payload mode control — full, selected fields, or none.
No platform fee. No seats. Agent Runners are included free for any StackJack user — you just buy credits for execution. Packs never expire.
Before any run, credits are reserved up to the agent’s per-run cap. Complexity and expected runtime inform the estimate.
Token usage, tool calls, and duration are tracked in real time. The estimate tightens as the run progresses.
After the run, actual consumption is finalized. Unused reservation is refunded. Every transaction is in the ledger.
One-time purchase. Credits never expire. Stack as many packs as you want.
MaxCreditsPerRun so a run can’t blow past your budgetEnterprise tenants can supply their own Anthropic API key. BYOK runs bypass managed credit billing entirely — including wizard turns — while the platform still records full audit transactions for every run. Same guardrails, your billing relationship.
No “it ran” mystery. Every execution gets a persistent record with status, timing, tokens, tool calls, credits, summary, and a transcript you can pull on demand.
Real workflows. Not hypotheticals. Each of these fits the Agent Runner shape: recurring, cross-system, judgment-heavy, too messy for a script.
Reviews open priority tickets, pulls cross-system context from PSA + RMM + docs, flags SLA risks, and drops a briefing in the team channel before standup.
When a P1 fires, the agent gathers recent related tickets, client contacts, known assets, and documentation in seconds — posted directly to the ticket.
Generates per-client weekly summaries: ticket trends, SLA hits/misses, recurring issues, and asset changes. No more manual cross-tab assembly.
Checks IT Glue and Hudu for stale configs, missing passwords, expiring certs, and orphaned assets. Flags items before they become client-facing issues.
One click: the agent compiles a client’s ticket trends, asset posture, escalations, and open risks into a QBR-ready narrative with source citations.
On a CIPP alert, the agent looks up the affected tenant, correlates with user activity, recent mailbox changes, and admin actions — then summarizes suspected blast radius.
Traditional automation is great for rigid tasks. Chat is great for exploration. Agent Runners handle the recurring workflows that need context, summarization, and cross-system judgment.
Built-in templates, tenant-shared agents, and a moderated marketplace with versioning, risk badges, and safety scanning. Templates are parameterized, reviewable automation blueprints — not chaotic snippets.
No. Agent Runners are included free for any StackJack user — including Free-tier connector users. You only pay for credits, which cover the actual AI execution and tool calls. Credit packs never expire.
Before every run, credits are reserved based on the agent’s complexity and expected runtime, up to the agent’s MaxCreditsPerRun cap. As the run executes, real token and tool-call usage is tracked. At the end the run finalizes: unused reservation is refunded, and every transaction shows in your ledger.
Only the tools you explicitly pick when authoring the agent — and only if those tools are available via your connector subscriptions and plan. Each agent gets its own scoped MCP credential, so one agent cannot “borrow” another agent’s access surface.
Dry-run is not a label — the runtime filters the agent’s tool access to read-only operations. That lets you verify behavior, review transcripts, and build trust before promoting an agent to live execution with write access.
Scheduled agents run on your configured cron with timezone awareness. If the tenant becomes ineligible (e.g. insufficient credits) or capacity is unavailable, runs are silently skipped rather than piling up failures or double-billing. Startup reconciliation re-registers expected jobs after deploys.
Each webhook-triggered agent gets its own signed secret baked into the URL. There’s a per-agent rate limit (10 / minute), a payload size cap, and three payload modes: none (prompt-driven), full payload, or selected fields. You control exactly what context the agent sees.
Yes. Enterprise BYOK is supported: runs and wizard turns bypass managed credit billing entirely. The platform still records audit transactions for every BYOK run so you have full operational traceability. Talk to us to set it up.
Today, Agent Runners support reusable text snippets and URL-fetched content as knowledge sources. File-based knowledge is on the schema for legacy reasons but is not currently supported as a live runtime feature.
Runs have a MaxCreditsPerRun setting and the runtime enforces it — the run is marked CreditExhausted with whatever summary was produced to that point. If actual consumption exceeds reservation within the cap, the delta is recorded in the ledger rather than hidden. This preserves billing truth.
Yes. Every run has a record with status, timing, token counts, tool-call count, credits consumed, a summary, trigger payload, and a full transcript you can fetch on demand.
Agents can be saved as templates (private, tenant-shared, or submitted to the marketplace). Templates are versioned, parameterized, and go through scanning + admin moderation with risk badges before publishing. So the marketplace is moderated, not a free-for-all.
StackJack is a proxy — your business data passes through during runs and is not stored, cached, or retained. Run records store metadata (status, timing, token counts, summary) and transcripts so you can review what happened, but the underlying MSP data is never retained outside that. See the full security brief.
Agent Runners are available today for every StackJack user. Buy a credit pack to start — packs never expire, and you’ll see real-time usage against your balance as your agents run.