Local storage
Every file Dreadnode writes under ~/.dreadnode/ — config, profiles, transcripts, spans, caches, and auth tokens.
Dreadnode keeps all local state under ~/.dreadnode/. Nothing ships to the platform that isn’t explicitly sent; nothing sensitive sits outside this directory. Back it up and you back up every session, every profile, every cached artifact.
~/.dreadnode/├── config.yaml profiles and identity├── prompt-history.jsonl composer history (last 500 entries)├── runtimes.json cached runtime tokens├── mcp-auth.json OAuth tokens for MCP servers (0600)├── capabilities/ installed capabilities├── packages/ pulled artifacts (datasets, models, agents, environments)├── cas/ content-addressed blob store├── artifacts/ log outputs from runs├── reports/ saved deliverables from the `report` tool├── tool-output/ offloaded tool output (large results spilled to disk)├── projects/│ └── <project_key>/│ └── <run_id>/│ ├── spans.jsonl│ └── metrics.jsonl└── sessions/ ├── sessions.sqlite3 └── <session_id>/ └── spans_<session_id>.jsonlWhat each file is for
Section titled “What each file is for”| Path | Owner | What’s in it |
|---|---|---|
config.yaml | CLI / TUI | Saved profiles (server URL, API key, default org/workspace/project), active profile pointer |
prompt-history.jsonl | TUI composer | Last 500 unique prompts you typed. Deduped, appended, rotated |
runtimes.json | TUI | Cached sandbox tokens so a workspace reuses its runtime across restarts |
mcp-auth.json | MCP client | OAuth access/refresh tokens for MCP servers. File mode 0600 |
capabilities/<name>/ | Capability loader | Installed capability bundles, one directory per capability |
packages/{datasets,models,agents,environments}/ | dn pull / SDK | Hub artifacts pulled into local cache |
cas/sha256/ | Storage layer | Content-addressed blobs backing packages + artifacts |
artifacts/ | Run exports | Structured outputs from agent runs (CAS-backed) |
reports/ | report tool | Saved deliverables (markdown / text). Filenames derive from the report title |
tool-output/ | Agent runtime | Offloaded tool output when a single tool call exceeds the in-context threshold |
projects/<project>/<run>/spans.jsonl | Tracing | OpenTelemetry spans per run |
projects/<project>/<run>/metrics.jsonl | Tracing | Metrics per run |
sessions/sessions.sqlite3 | Session store | Local index of sessions, transcripts, runtime state |
sessions/<id>/spans_<id>.jsonl | Tracing | Trace spans for the session (local mirror) |
Safe to delete?
Section titled “Safe to delete?”| Path | Effect of deletion |
|---|---|
prompt-history.jsonl | Composer history resets. No other effect |
runtimes.json | Next session provisions a fresh runtime instead of reusing the cached one |
mcp-auth.json | Every MCP server re-prompts for OAuth |
cas/, packages/ | Artifacts re-download on next use |
sessions/<id>/ | That session becomes unrecoverable locally. If synced to the platform, still on the server |
config.yaml | All saved profiles gone. Log in again with /login |
cas/ and packages/ can grow large — they’re the only directories worth periodically clearing for disk space.
Sandbox mount
Section titled “Sandbox mount”When a Dreadnode-managed sandbox runs, ~/.dreadnode/ inside the sandbox is mounted via s3fs to the workspace’s storage bucket — scoped to {org_id}/workspaces/{workspace_id}/. Writes from the sandbox land in the same logical tree, but the physical storage is the platform, not the sandbox’s disk.
This is what lets a session’s transcripts and artifacts survive when the sandbox is reset or replaced.