Thor

Cloud execution agent. Thor runs scripts, executes code, and interacts with cloud infrastructure - all within a sandboxed environment that keeps your credentials and resources safe.

What Thor Does

Thor bridges the gap between planning and execution. When a task requires running code - a migration script, a data export, a deployment step, a test suite - Thor handles it in an isolated cloud environment and reports the results back to the task thread.

Thor does not operate on your local machine. All execution happens in Momental's sandboxed cloud environment. Files, secrets, and credentials that Thor needs must be explicitly provided in the task - it cannot access your local filesystem or environment variables.

Use Cases

Data migrations - Run a migration script against a staging database and report row counts
Report generation - Execute a data pipeline and attach the output as an artifact
Validation scripts - Run a suite of integration checks after a deployment
Scheduled tasks - Execute cron-style jobs on a defined schedule
Infra health checks - Query cloud provider APIs and summarize resource status
Batch processing - Process large datasets in parallel and aggregate results

Capabilities

Executes TypeScript, JavaScript, Python, and shell scripts
Installs npm/pip packages as needed within the sandbox
Reads and writes files within the task's isolated workspace
Makes outbound HTTPS requests (subject to allow-list configuration)
Attaches execution output and generated files as task artifacts
Streams logs to the task thread in real time
Enforces a 15-minute execution timeout per task

Access Model

Thor is available on Pro and Enterprise plans. Each execution uses compute credits from your monthly allocation. Pro plan includes 100 execution-hours per month. Enterprise plans include custom allocation with priority queue access.

Assigning Work to Thor

Tasks for Thor must include the script to run (or a clear description of what to build and run), any required input data, and the expected output format. Thor will execute the script and attach the results as an artifact on the task.

// Ask Thor to run a data validation script
const execTask = await momental_task_create({
  statement: "Run validation: verify all user records have valid email format",
  parentId: "epic_data_quality",
  description: `
Script to run:
\`\`\`typescript
import postgres from 'postgres';

const sql = postgres(process.env.DATABASE_URL!);
const invalid = await sql\`
  SELECT id, email FROM users
  WHERE email !~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}$'
  AND deleted_at IS NULL
\`;
console.log(JSON.stringify({ invalidCount: invalid.length, samples: invalid.slice(0, 5) }));
await sql.end();
\`\`\`

Required env: DATABASE_URL (staging connection string - stored in workspace secrets)
Expected output: JSON with invalidCount and sample records
  `
});

await momental_task_assign_agent({
  taskId: execTask.id,
  agentId: "thor"
});

Security Model

Thor executes in an ephemeral sandbox that is destroyed after each task:

No persistent filesystem between tasks
No access to other workspaces or shared infrastructure
Outbound requests limited to HTTPS on port 443 (configurable allow-list)
Workspace secrets are injected as environment variables - never visible in task content
Execution logs are stored for 30 days and accessible only to workspace members

Production access requires explicit approval
Thor does not connect to production databases or services by default. To grant production access, add the connection string as a workspace secret and explicitly reference it in the task description. A team admin must approve the first use of each production secret.

Setup

Thor is available immediately on Pro and Enterprise plans - no configuration required for basic script execution. To use workspace secrets (database URLs, API keys), add them via Workspace Settings → Secrets before assigning a task that needs them.