Skip to content
Kindo Kindo Docs

Prompt and Agent Configuration Management

Your Kindo agents — Chatbots, Workflow Agents, and Trigger Agents — are only as reliable as the prompts, instructions, knowledge files, and integration configurations behind them. As usage grows, these assets become operational infrastructure. They should be managed with the same discipline you apply to application code or business process documentation.

This guide covers practical patterns for the full lifecycle of agent configuration management: creation, organization, version control, documentation, backup, recovery, testing, and governance.

1. Create Effective Prompts

Write Prompts Like Instructions for a New Team Member

A strong prompt is specific, structured, and testable. Treat agent instructions like a Standard Operating Procedure for a new hire.

Do:

  • State the agent’s role explicitly
  • Define the expected output format
  • Specify boundaries and constraints
  • Include examples when the task is nuanced

Avoid:

  • Vague requests like “analyze this and give me insights”
  • Conflicting directives like “be thorough” and “keep it under 2 sentences”
  • Embedding credentials or sensitive values directly in prompt text

Example Prompt

You are a vulnerability triage analyst for our security operations team.


ROLE:
- Analyze vulnerability scan results from CrowdStrike
- Classify each finding by severity and business impact
- Recommend remediation priority


OUTPUT FORMAT:
For each vulnerability, produce a row with these columns:
| CVE ID | Severity | Affected Asset | Business Impact | Recommended Action | Priority |


RULES:
- Only report Critical and High severity findings
- If a CVE has a known exploit in the wild, escalate Priority to "Immediate"
- If the affected asset is in the DMZ, increase Business Impact by one level
- Do not speculate about vulnerabilities not present in the scan data

Structure Multi-Step Agents Deliberately

For Workflow and Trigger Agents:

  • Give each step one job. If a step analyzes, prioritizes, writes a report, and files a ticket, it is doing too much.
  • Name steps descriptively. “Fetch Open Vulnerabilities” is more maintainable than “Step 1”.
  • Use the right step type. Use LLM Steps for reasoning, API Action Steps for deterministic reads/writes, and Action Steps for integrated product actions.

Use Knowledge Store Files Strategically

  • Attach only files that are relevant to the agent’s task
  • Keep reference files current with a regular review cadence
  • Prefer structured formats like Markdown, CSV, or JSON when possible

2. Organize Your Agent Portfolio

Use Consistent Naming Conventions

A simple pattern works well:

[Team/Domain] - [Function] - [Scope]

Examples:

  • SecOps - Vulnerability Triage - CrowdStrike
  • IAM - Access Review Summary - SailPoint
  • NetOps - Firewall Audit - Cisco FMC
  • IT Helpdesk - Laptop Setup Guide - General

Use Descriptions as Real Documentation

A good description should answer:

  1. What does this agent do?
  2. When should someone use it?
  3. What integrations does it require?
  4. Who owns it?

Example:

Performs first-order root cause analysis when a P1/P2 incident is created in ServiceNow. Requires ServiceNow and Splunk integrations. Owned by the Platform Engineering team. Last reviewed: 2026-02-15.

Group by Function, Not by Creator

As your agent library grows, organize by business function rather than by the person who built the agent. Pair shared visibility with clear ownership.

3. Version Control

Why Version Control Matters

Prompts are fragile. Small wording changes can create meaningful behavior changes. Without version history, you cannot reliably:

  • Roll back a change that broke a production workflow
  • Explain why a prompt was written a certain way
  • Audit which version of an agent was active on a specific date
  • Coordinate edits across a team

Until Kindo ships first-class prompt versioning, store agent configurations in Git.

A practical structure:

kindo-agents/
├── README.md
├── secops/
│   └── vulnerability-triage/
│       ├── agent.yaml
│       ├── CHANGELOG.md
│       ├── DESIGN.md
│       ├── knowledge/
│       └── tests/
├── iam/
│   └── access-review/
│       ├── agent.yaml
│       └── CHANGELOG.md
└── templates/

What to Capture

At minimum, track:

  • Agent name and type
  • Description
  • Prompt / instructions
  • Per-step prompts
  • Model selections
  • Integration dependencies
  • Knowledge file references
  • Trigger conditions
  • Sharing and access settings
  • Owner and last-reviewed date

4. Documentation

Document the “Why,” Not Just the “What”

The config explains what the agent does. Documentation should explain why it was designed that way.

For business-critical agents, maintain a companion design note covering:

  • Purpose
  • Key design decisions
  • Known limitations
  • Dependencies
  • Change history

Maintain a Central Agent Catalog

For teams with many agents, keep an index like this:

AgentTypeOwnerIntegrationsStatusLast Reviewed
Vulnerability TriageTriggerSOC TeamCrowdStrikeActive2026-02-28
Access Review SummaryWorkflowIAM TeamSailPointActive2026-02-15
Firewall AuditWorkflowNetOpsCisco FMCDraft

5. Backup and Recovery

Backup Strategy

If you follow the Git-based workflow above, your repository becomes your configuration backup.

Recommended cadence:

Agent CriticalityBackup FrequencyMethod
Business-criticalAfter every change + weekly snapshotGit repository
StandardAfter significant changes + monthly snapshotGit repository or shared document store
ExperimentalBefore promoting to productionGit repository

Back up:

  • Agent configurations
  • Knowledge Store files referenced by the agent
  • Integration configuration details (not credentials)
  • Design notes and changelogs

Do not store credentials, API keys, or tokens in the repo.

Recovery Process

If an agent needs to be restored:

  1. Identify the last known good version from version control
  2. Recreate or update the agent in Kindo
  3. Reconnect integrations as needed
  4. Re-upload Knowledge Store files
  5. Run a known-good test case before returning it to production
  6. Document the recovery action

Self-Managed Deployments

For self-managed Kindo deployments, include these in your backup strategy:

  • PostgreSQL backups for agent configuration, history, and audit data
  • Object storage backups for Knowledge Store files
  • Secrets-manager backups and rotation procedures
  • Periodic restore tests

6. Testing and Validation

Build an Evaluation Habit

Before deploying an agent change:

  • Run a golden-path test with known input and expected output
  • Run edge-case tests for empty, malformed, or unusually large input
  • Re-run golden-path tests after every prompt change to catch regressions

Store Test Cases Alongside the Agent

secops/vulnerability-triage/
├── agent.yaml
├── knowledge/
└── tests/
    ├── golden-path-input.json
    ├── golden-path-expected.md
    └── edge-case-empty-findings.json

7. Collaboration and Governance

Establish Ownership

Every production agent should have a clearly assigned owner or owning team responsible for:

  • Keeping prompts and knowledge files current
  • Reviewing and approving changes
  • Responding when the agent behaves unexpectedly
  • Running periodic reviews

Use Kindo’s Governance Controls

Use Kindo’s built-in controls intentionally:

  • RBAC to control who can create, edit, and run agents
  • DLP filters to reduce sensitive-data exposure
  • Audit logs for compliance and investigation
  • Tool access controls to limit what integrations and actions agents can use
  • Model access controls to align capability, cost, and risk

8. Security Considerations

Secrets Management

  • Never embed credentials in prompt text
  • Use Kindo integrations to manage external authentication
  • Rotate credentials on your standard schedule

Prompt Injection Awareness

If an agent consumes data from external systems, treat that data as untrusted input. Design prompts and tool access around defense in depth.

Data Classification

Be intentional about what documents you attach to agents. If a Knowledge Store contains restricted data, the agent’s sharing model and access settings should match that classification.

Summary Checklist

Use this checklist when creating or reviewing an agent:

  • Prompts are specific, structured, and testable
  • Naming follows a consistent convention
  • Description includes purpose, use case, dependencies, and owner
  • Steps have clear responsibilities and names
  • Knowledge files are relevant and current
  • Configuration is version controlled
  • Design decisions and limitations are documented
  • Backups exist independently of the live environment
  • Golden-path and edge-case tests exist
  • Access controls match the agent’s risk profile
  • A person or team owns the agent
  • Review cadence is defined

This guide reflects recommended practices as of March 2026 and should evolve as Kindo adds more first-class agent management capabilities.