Last week’s post was about giving OneCamp’s agents a place in the room, an agent becomes a real, @mentionable member of a channel or DM, you can hand it a task on a durable engine, and there’s governance (approvals, spend caps, an audit chain, an eval harness) that makes trusting it a responsible choice instead of a leap.
That answered where the agent lives. This week answered a different question: what can it actually sense and do?
A coworker who can only read text and take instructions is useful. A coworker who can look at the screenshot you pasted, do the arithmetic on your data and hand you a chart, run a quick script to check something, follow your PR through CI, and remember the house rule you told it last Tuesday, that’s a different kind of help. So the last week of OneCamp was about turning the teammate from articulate into capable.
Everything below rests on one unglamorous change: agents now do native function calling, the structured tool-calling protocol modern models are actually trained for, with an automatic text-protocol fallback for models that don’t support it. Before, the agent coaxed tools out of the model by parsing text; now it asks the model the way the model expects to be asked, and only falls back when it has to.
That one shift made the rest of the week possible, because reliable tool use is the floor everything stands on. Around it I hardened the parts that break on self-hosted, modest hardware:
None of that is a headline feature. All of it is the difference between an agent that demos and an agent you leave running.
Two grounding gaps quietly made agents dumber than they needed to be. Both are closed.
Vision. Paste a screenshot of a broken dashboard, a design mock, an error trace, and @mention an agent, and it now sees the image as part of the conversation, in channels, DMs, and group chats alike. “What’s wrong with this chart?” stops being a question you have to transcribe into words first.
Time. The agent’s system prompt now carries the current date and time, so “what’s overdue?”, “schedule this for next Friday”, and “summarize this week” resolve against reality instead of the model’s frozen sense of “now”. A teammate that doesn’t know what day it is can’t be trusted with a deadline.
This is my favorite part of the week. A workspace is full of structured data, OneCamp’s Notion-style Tables, and until now an agent could read rows but couldn’t really reason over them. Now it can:
query_table (Analyze a table): the agent runs a safe, bounded aggregation over a table, count, sum, group-by, and answers the actual question (“how many bugs per assignee this week?”) from the data instead of guessing from a few rows it happened to see.The whole thing is careful where it counts: the aggregation engine caps how many filters a single query can carry, and there’s a locked test pinning exactly what the model is allowed to see, because “let the AI touch the data” is only safe if the data path is boring and bounded.
Some questions can’t be answered by aggregation, they need a few lines of actual code. So OneCamp now has a code-execution sandbox: an agent can run a snippet of Python (via a run_analysis tool) to compute something or produce a chart from the result.
The interesting engineering is entirely in the containment, because running model-written code is exactly as dangerous as it sounds:
run_analysis when the sandbox is enabled. Operators get today’s-usage visibility and a written playbook.Because it’s self-hosted, “the AI ran some code” doesn’t mean your data took a trip to someone else’s servers. The powerful capability and the contained one are the same capability.
Security note: code execution is powerful and off by default for a reason. It requires deploying the runner sidecar and an explicit admin opt-in, and it stays bounded by resource limits and per-agent/per-channel budgets. Turn it on when you’ve read the operator doc, not before.
Last week’s durable engine drove assigned tasks. This week that same durability reached ordinary @mentions: a mention that turns into real work can hand off to a background run (opt-in), survive a restart, and resume the moment you reply in the thread, in channels, DMs, and group chats. Agents reply in-thread as comments on the triggering message now, so a conversation with an agent reads like a conversation, not a wall of top-level posts.
To make that legible, there’s a live “In progress” work feed, queued, working, blocked, so you can see what your agents are doing right now and what’s waiting on a human. And to make it trustworthy, a run that makes a claim (“done, tests pass”) goes through a deterministic claim-verification gate and an optional self-critique pass before it declares victory, and it proactively pings whoever triggered it on every terminal outcome, success, block, or failure, instead of going quiet.
The engineering-agent story got real depth:
list_commits, let a coding agent actually look at your code and recent history to ground its answer, all strictly read-only. Anything that writes code still stays behind a confirmation and an admin-registered MCP server. The agent reasons about your repo freely; the act of writing stays your explicit choice.Agents picked up conversational remember/forget: tell an agent “always post release notes in #announcements” or “stop pinging me on weekends” in plain language, and it keeps that as a standing instruction for the channel or DM, no settings screen. And forget genuinely forgets, it purges the semantic and graph projections, not just the Postgres row, so a retracted instruction doesn’t linger in retrieval.
Scheduled check-ins were already a thing. Routines make the monitoring case first-class and conversational: you just tell an agent what to keep an eye on and how often, and it sets up a routine, create_routine / list_routines / cancel_routine are things you say, not forms you fill. Cadences run from daily and weekly all the way down to hourly intervals for genuine monitoring, on the same durable, claim-based scheduler, with management endpoints and a Notion-style routines panel in the agent dialog to pause or cancel them.
Every capability this week is one people usually only get by shipping their data to a vendor: an AI that reads your tables, an AI that runs code, an AI that sees your screenshots, an AI that reads your private repo. In OneCamp all of it, the model, the sandbox, the data it aggregates, the images it sees, the code it runs, executes on infrastructure you own, checked against the same permissions the requesting user has, and bounded by the same budgets you set. The most capable version of the teammate is also the most contained one. That’s the trade I keep optimizing for: maximum capability, zero “wait, where did that just go?”
Give an agent data skills. In Admin → AI → Agents, open an agent and add Analyze a table (query_table) to its tools. Ask it a question about a table in a channel/DM (“bugs per assignee this week”) and it answers from the data, with a chart inline when the answer has a shape. For tables directly, add a Chart view from the table’s view switcher.
Turn on code analysis (optional, admin). Deploy the runner sidecar, then enable it from Admin → AI → Code analysis sandbox. Once on, add run_analysis to an agent’s tools. Watch per-agent/channel usage from the reliability panel; read the operator doc first.
Let it see and stay grounded. Just paste an image into a channel/DM/thread and @mention the agent, it sees it. Temporal grounding is automatic.
Run work in the background. In the builder, flip “Run tasks in the background” so long mentions hand off to the durable engine; watch the live “In progress” panel, and reply in-thread to unblock a paused run.
Follow your PRs. Add a GitHub event trigger to an agent and give it the read-only code tools; it’ll follow PRs and report a clean “CI finished” per PR.
Set standing rules and routines. Just tell the agent in chat, “always summarize standups in #eng”, “check the Bugs table every hour and flag P0s.” Manage routines from the routines panel in the agent dialog.
Round it out. Enable ambient replies (with keywords) in the builder for a specialist that speaks up on its topic; install connectors from the MCP catalog; set a channel’s default model in its AI settings; and on a meeting recap, hit Create tasks to file the call’s action items.
OneCamp is an open-source, self-hosted, AI-era workspace: chat, docs, tasks, projects, calls, boards, tables, a programmable API, and AI teammates that can now see, calculate, run code, and watch your work, all on your own infrastructure.