Documentation
¶
Index ¶
- Constants
- Variables
- func AcquirePIDFile(path string) error
- func ExecUpgrade(manifestPath, configFile, clientExecPath string) error
- func HandleConnection(ctx context.Context, conn net.Conn, origin ConnOrigin, sm *SessionManager, ...)
- func IsGraithDaemon(pid int) bool
- func IsSystemSession(s *SessionState) bool
- func Listen(sockPath string) (net.Listener, error)
- func ReleasePIDFile(path string)
- func Run(cfg *config.Config, paths config.Paths, configFile, adoptFrom string) error
- func SaveState(path string, state *State) error
- func StopDaemon(pidFile string) error
- func ValidateScenarioName(name string) error
- func ValidateSessionName(name string) error
- func WriteManifest(dir string, m *UpgradeManifest) (string, error)
- type CIStatus
- type ConnOrigin
- type CreationConfig
- type GCOrphan
- type IncludedRepoState
- type MCPManager
- type MCPProcess
- type Message
- type MigrationInfo
- type MsgStore
- func (s *MsgStore) Ack(stream, subscriber string, upToSeq int64) error
- func (s *MsgStore) AckLatest(stream, subscriber string) error
- func (s *MsgStore) AckMessages(stream, subscriber string, seqs []int64) error
- func (s *MsgStore) Cleanup(maxAge time.Duration, maxPerStream int) (int64, error)
- func (s *MsgStore) Close() error
- func (s *MsgStore) Conversation(self string, limit int) ([]Message, error)
- func (s *MsgStore) ListStreams(subscriber string, includeSystem bool) ([]StreamInfo, error)
- func (s *MsgStore) Publish(stream, senderID, senderName, body, threadID, replyTo string) (Message, error)
- func (s *MsgStore) Read(stream, subscriber string, onlyUnread bool, threadID string) ([]Message, error)
- func (s *MsgStore) Subscribe(stream string) (chan Message, func())
- func (s *MsgStore) TotalUnread(subscriber string) int
- type PRStatus
- type PairedDevice
- type RemoteListener
- type ScenarioSession
- type ScenarioState
- type Server
- type SessionManager
- func (sm *SessionManager) AddApprovalSubscriber(conn net.Conn, sendControl func(string, any))
- func (sm *SessionManager) AddPendingPairing(label, pubKey string, id TailnetIdentity, now time.Time) (string, chan pairApproval, error)
- func (sm *SessionManager) AddToScenario(name string, input protocol.ScenarioSessionInput, rows, cols uint16) (*SessionState, error)
- func (sm *SessionManager) AdoptSessions(manifest *UpgradeManifest) error
- func (sm *SessionManager) ApprovePairing(requestID string, readOnly bool, now time.Time) (deviceID, clientToken string, err error)
- func (sm *SessionManager) ClearAttachedClient(sessionID string, conn net.Conn)
- func (sm *SessionManager) ClearSummary(sessionID string) error
- func (sm *SessionManager) Config() *config.Config
- func (sm *SessionManager) Create(name, agentName, repoPath, baseBranch, prompt, model, parentID string, ...) (SessionState, error)
- func (sm *SessionManager) Delete(id string) error
- func (sm *SessionManager) DeleteScenario(name string) ([]string, error)
- func (sm *SessionManager) DeleteWithChildren(id string, excludeRoot bool) ([]string, error)
- func (sm *SessionManager) DeviceForToken(token string) *PairedDevice
- func (sm *SessionManager) Diagnostics() protocol.DiagnosticsMsg
- func (sm *SessionManager) FindOrphans(now time.Time) []GCOrphan
- func (sm *SessionManager) Fork(name, sourceSessionID string, rows, cols uint16) (SessionState, error)
- func (sm *SessionManager) Get(id string) (SessionState, bool)
- func (sm *SessionManager) GetPTY(id string) (*grpty.Session, bool)
- func (sm *SessionManager) HandleHookReport(sr protocol.StatusReportMsg)
- func (sm *SessionManager) HasAttachedClient(sessionID string) bool
- func (sm *SessionManager) InterruptSession(sessionID string) error
- func (sm *SessionManager) IsAttachedClient(sessionID string, conn net.Conn) bool
- func (sm *SessionManager) KickAttachedClient(sessionID string)
- func (sm *SessionManager) List() []SessionState
- func (sm *SessionManager) ListPairings() ([]pendingPairing, []PairedDevice)
- func (sm *SessionManager) ListScenarios() []protocol.ScenarioRecord
- func (sm *SessionManager) LoadState() error
- func (sm *SessionManager) Migrate(id, targetAgent, targetModel string, rows, cols uint16) (SessionState, error)
- func (sm *SessionManager) PendingApprovals() []protocol.ApprovalInfo
- func (sm *SessionManager) PrepareUpgrade(listenerFd uintptr, configFile string) (*UpgradeManifest, error)
- func (sm *SessionManager) RegisterDeviceConn(deviceID string, conn net.Conn)
- func (sm *SessionManager) ReloadConfig() error
- func (sm *SessionManager) RemoveApprovalSubscriber(conn net.Conn)
- func (sm *SessionManager) Rename(id, newName string) error
- func (sm *SessionManager) RespondToApproval(requestID, decision, reason string) error
- func (sm *SessionManager) Restart(id string, rows, cols uint16) (SessionState, error)
- func (sm *SessionManager) RestartWithChildren(rootID string, excludeRoot bool, rows, cols uint16) ([]string, error)
- func (sm *SessionManager) Restore(id string) (SessionState, error)
- func (sm *SessionManager) RestoreWithChildren(rootID string) ([]SessionState, error)
- func (sm *SessionManager) Resume(id string, rows, cols uint16) (SessionState, error)
- func (sm *SessionManager) ResumeScenario(name string, rows, cols uint16) ([]string, error)
- func (sm *SessionManager) RevokeDevice(deviceID string) (int, error)
- func (sm *SessionManager) RunDetectionLoop(ctx context.Context)
- func (sm *SessionManager) RunGC(force bool, now time.Time) []GCOrphan
- func (sm *SessionManager) RunGitPullLoop(ctx context.Context)
- func (sm *SessionManager) RunMessageCleanupLoop(ctx context.Context)
- func (sm *SessionManager) RunPRWatchLoop(ctx context.Context)
- func (sm *SessionManager) RunPurgeLoop(ctx context.Context)
- func (sm *SessionManager) ScenarioStatus(name string) (*protocol.ScenarioRecord, error)
- func (sm *SessionManager) ScenarioTaskDone(scenarioName, sessionID string) error
- func (sm *SessionManager) SessionForToken(token string) string
- func (sm *SessionManager) SetAttachedClient(sessionID string, conn net.Conn, kick func(), sendCtrl func(string, any))
- func (sm *SessionManager) SetMCPManager(mm *MCPManager)
- func (sm *SessionManager) SetMsgStore(ms *MsgStore)
- func (sm *SessionManager) SetSummary(sessionID, text string, ttlSeconds int) error
- func (sm *SessionManager) SoftDelete(id string) (SessionState, error)
- func (sm *SessionManager) SoftDeleteWithChildren(rootID string, excludeRoot bool) ([]string, error)
- func (sm *SessionManager) Star(id string) error
- func (sm *SessionManager) StartScenario(msg protocol.ScenarioStartMsg, rows, cols uint16) (*ScenarioState, error)
- func (sm *SessionManager) Stop(id string) error
- func (sm *SessionManager) StopAll(ctx context.Context)
- func (sm *SessionManager) StopScenario(name string) ([]string, error)
- func (sm *SessionManager) StopWithChildren(rootID string, excludeRoot bool) ([]string, error)
- func (sm *SessionManager) SubmitApproval(ctx context.Context, req protocol.ApprovalRequestMsg) protocol.ApprovalDecisionMsg
- func (sm *SessionManager) UnregisterDeviceConn(deviceID string, conn net.Conn)
- func (sm *SessionManager) Unstar(id string) error
- func (sm *SessionManager) Update(id string, name *string, parentID *string) error
- type SessionState
- type SessionStatus
- type State
- type StateVersionError
- type StreamInfo
- type TailnetIdentity
- type UpgradeManifest
- type UpgradeSession
Constants ¶
const ( GCOrphanWorktree = "worktree" GCOrphanScratch = "scratch" )
GCOrphanType classifies where an orphan directory lives.
const ( StopReasonCrash = "crash" StopReasonIdle = "idle" StopReasonUser = "user" StopReasonShutdown = "shutdown" )
StopReason constants
const CurrentStateVersion = 14
const OrchestratorSessionName = "orchestrator"
const SystemKindOrchestrator = "orchestrator"
Variables ¶
var ErrDaemonRunning = errors.New("daemon already running")
Functions ¶
func AcquirePIDFile ¶
func ExecUpgrade ¶
func HandleConnection ¶
func HandleConnection(ctx context.Context, conn net.Conn, origin ConnOrigin, sm *SessionManager, log *slog.Logger)
HandleConnection processes the frame protocol for a single client connection. origin describes where the connection came from (local Unix socket vs remote tailnet listener) and carries the tailnet identity for remote connections; it is threaded to resolveAuth so authorization is origin-aware. The zero ConnOrigin{} is a local connection, preserving the existing trust model.
func IsGraithDaemon ¶ added in v0.16.5
func IsSystemSession ¶ added in v0.42.0
func IsSystemSession(s *SessionState) bool
func ReleasePIDFile ¶
func ReleasePIDFile(path string)
func Run ¶
Run starts the daemon: acquires PID file, listens on the Unix socket, serves connections, and blocks until SIGTERM/SIGINT or an upgrade signal.
func StopDaemon ¶
func ValidateScenarioName ¶ added in v0.52.0
func ValidateSessionName ¶ added in v0.29.2
ValidateSessionName checks that a session name is safe for use in git branch names, shell commands, osascript, template expansion, and environment variables.
func WriteManifest ¶
func WriteManifest(dir string, m *UpgradeManifest) (string, error)
Types ¶
type CIStatus ¶ added in v0.59.0
type CIStatus struct {
State string // passing | failing | pending | "" (unknown)
FailingChecks []string
}
CIStatus is the runtime-only aggregate CI status for a session's linked PR.
type ConnOrigin ¶ added in v0.66.3
type ConnOrigin struct {
// Remote is false for the local Unix socket, true for a tailnet listener.
Remote bool
// Identity is the WhoIs result for remote connections; nil for local.
Identity *TailnetIdentity
}
ConnOrigin describes where a connection came from. It is threaded into HandleConnection so authorization can distinguish the local Unix socket (the 0700 trust boundary) from a remote tailnet connection, and recover the tailnet identity for the latter.
The zero value (Remote: false, Identity: nil) is a local Unix-socket connection — the existing trust model — so existing callers that pass ConnOrigin{} keep today's behaviour.
type CreationConfig ¶ added in v0.27.0
type CreationConfig struct {
Agent config.Agent `json:"agent"`
SandboxConfig config.SandboxConfig `json:"sandbox_config"`
}
CreationConfig captures the agent and sandbox configuration at session creation time so the overlay can detect when the live config has diverged.
type GCOrphan ¶ added in v0.66.16
type GCOrphan struct {
Type string `json:"type"`
Path string `json:"path"`
ID string `json:"id"`
IsGitWorktree bool `json:"is_git_worktree,omitempty"`
HasDirtyFiles bool `json:"has_dirty_files,omitempty"`
Removed bool `json:"removed,omitempty"`
Skipped bool `json:"skipped,omitempty"`
Reason string `json:"reason,omitempty"`
// contains filtered or unexported fields
}
GCOrphan describes a directory under the data dir that has no matching session. When RunGC runs with force=true, Removed/Skipped/Reason record the outcome of the cleanup attempt.
type IncludedRepoState ¶ added in v0.19.0
type MCPManager ¶ added in v0.23.0
type MCPManager struct {
// contains filtered or unexported fields
}
MCPManager manages MCP server processes. Each proxy connection gets its own dedicated MCP server process, started lazily on connect.
func NewMCPManager ¶ added in v0.23.0
func NewMCPManager(cfg *config.Config, extraServers []config.MCPServerConfig, logDir string, log *slog.Logger) *MCPManager
NewMCPManager creates an MCPManager. extraServers are auto-injected servers (like the graith MCP server) that aren't in the config file but must be available for proxy connections.
func (*MCPManager) Connect ¶ added in v0.23.0
func (m *MCPManager) Connect(serverName, proxyID string, vars config.TemplateVars) (*MCPProcess, error)
Connect starts a new MCP server process for the given proxy and returns the process's stdin (for writing JSON-RPC) and stdout reader (for reading JSON-RPC). The caller owns the I/O loop. vars supplies the per-session template values ({session_id}, {session_name}, {worktree_path}) expanded in the server's args and env, giving each session an isolated process — e.g. a per-session Chrome profile dir for chrome-devtools-mcp.
func (*MCPManager) Disconnect ¶ added in v0.23.0
func (m *MCPManager) Disconnect(proxyID string)
Disconnect kills the MCP server process for the given proxy.
func (*MCPManager) HasServer ¶ added in v0.23.0
func (m *MCPManager) HasServer(name string) bool
HasServer returns true if the named MCP server is configured.
func (*MCPManager) Reload ¶ added in v0.23.0
func (m *MCPManager) Reload(cfg *config.Config)
Reload updates the server config. Running processes for removed or changed servers are killed so proxies reconnect with the new config.
func (*MCPManager) Shutdown ¶ added in v0.23.0
func (m *MCPManager) Shutdown()
Shutdown kills all running MCP server processes.
type MCPProcess ¶ added in v0.23.0
type MCPProcess struct {
// contains filtered or unexported fields
}
MCPProcess represents a running MCP server process for a single proxy connection.
type Message ¶
type Message struct {
ID string `json:"id"`
Seq int64 `json:"seq"`
Stream string `json:"stream"`
SenderID string `json:"sender_id"`
SenderName string `json:"sender_name,omitempty"`
Body string `json:"body"`
ThreadID string `json:"thread_id,omitempty"`
ReplyTo string `json:"reply_to,omitempty"`
CreatedAt string `json:"created_at"`
// System marks a daemon-authored automated notification (PR/CI notices,
// etc.) as distinct from an LLM/session/human message. It is derived from
// the sender ID rather than stored, so it is set when messages are read or
// published, not persisted as a column. See issue #887.
System bool `json:"system,omitempty"`
}
type MigrationInfo ¶ added in v0.58.0
type MigrationInfo struct {
Agent string `json:"agent"`
Model string `json:"model,omitempty"`
AgentSessionID string `json:"agent_session_id,omitempty"`
RenderedPath string `json:"rendered_path,omitempty"`
At time.Time `json:"at"`
}
MigrationInfo records the agent a session was migrated from, so a failed migration can be reverted and the user can migrate back later.
type MsgStore ¶
type MsgStore struct {
// contains filtered or unexported fields
}
func NewMsgStore ¶
func (*MsgStore) AckMessages ¶ added in v0.16.5
func (*MsgStore) Conversation ¶ added in v0.59.0
Conversation returns every direct message involving `self`, both directions: messages delivered to self's inbox (stream = "inbox:"+self) and messages self sent to any peer's inbox (sender_id = self AND an inbox: stream other than self's own). Topic messages are excluded — a "conversation" is direct messages only. Results are ordered by created_at, with id as a deterministic tie-breaker (seq is per-stream, so it is not a usable cross-stream order key).
When limit > 0, the most recent `limit` messages are returned (still in ascending order). The query reads inbox streams the caller may not own; the daemon authorises the target via checkTarget before calling this, and the sender_id filter ensures the outbound branch only returns messages the target session actually authored.
func (*MsgStore) ListStreams ¶
func (s *MsgStore) ListStreams(subscriber string, includeSystem bool) ([]StreamInfo, error)
func (*MsgStore) TotalUnread ¶ added in v0.3.0
type PRStatus ¶ added in v0.59.0
type PRStatus struct {
Number int
State string // open | draft | merged | closed
URL string
ReviewDecision string
HeadRefOid string // head commit SHA — keys the per-SHA notify cap
Mergeable string // MERGEABLE | CONFLICTING | UNKNOWN
}
PRStatus is the runtime-only linked-PR state for a session, derived by the PR-watch loop. A zero Number means "no PR resolved". The PR-watch loop always assigns a freshly-built value (never mutates in place), so reads from cloned SessionState off-lock are race-free.
type PairedDevice ¶ added in v0.66.3
type PairedDevice struct {
ID string `json:"id"`
Label string `json:"label"`
PubKey string `json:"pub_key"`
TailnetUser string `json:"tailnet_user"`
TailnetNode string `json:"tailnet_node"`
TokenHash string `json:"token_hash"`
// ReadOnly marks a device paired while require_pairing=false (the unsafe,
// WhoIs-only mode): it maps to roleRemoteGuest and gets a read-only subset.
ReadOnly bool `json:"read_only,omitempty"`
CreatedAt time.Time `json:"created_at"`
LastSeenAt time.Time `json:"last_seen_at,omitempty"`
}
PairedDevice is a remote client device authorized via pairing (design §B.2). It is bound to the tailnet identity observed at pairing time; TokenHash is an HMAC of the client token, never the token itself.
type RemoteListener ¶ added in v0.66.3
type RemoteListener interface {
// Listen begins listening and returns the raw net.Listener (TLS is layered
// on by the caller).
Listen() (net.Listener, error)
// WhoIs resolves the tailnet identity behind remoteAddr.
WhoIs(ctx context.Context, remoteAddr string) (*TailnetIdentity, error)
// Close releases the listener's resources.
Close() error
}
RemoteListener is a tailnet-facing listener plus a way to resolve the tailnet identity behind an accepted connection (Gate 1). Two implementations back the two config modes: tsnet (embedded node) and interface (host tailscaled).
type ScenarioSession ¶ added in v0.52.0
type ScenarioState ¶ added in v0.52.0
type ScenarioState struct {
ID string `json:"id"`
Name string `json:"name"`
OrchestratorID string `json:"orchestrator_id"`
Goal string `json:"goal"`
SessionIDs []string `json:"session_ids"`
Sessions []ScenarioSession `json:"sessions"`
CreatedAt time.Time `json:"created_at"`
SourceFileHash string `json:"source_file_hash,omitempty"`
}
type SessionManager ¶
type SessionManager struct {
// contains filtered or unexported fields
}
SessionManager orchestrates PTY sessions, state persistence, and git worktrees.
func NewSessionManager ¶
NewSessionManager creates a SessionManager with the given config and paths.
func (*SessionManager) AddApprovalSubscriber ¶ added in v0.66.3
func (sm *SessionManager) AddApprovalSubscriber(conn net.Conn, sendControl func(string, any))
AddApprovalSubscriber registers a connection to receive approval notifications without attaching to a session (design §C.6), so a remote app browsing the fleet gets approval prompts without kicking a desktop attach.
func (*SessionManager) AddPendingPairing ¶ added in v0.66.3
func (sm *SessionManager) AddPendingPairing(label, pubKey string, id TailnetIdentity, now time.Time) (string, chan pairApproval, error)
AddPendingPairing records a device pairing request, subject to a per-daemon rate limit and a cap on outstanding requests. now is passed for deterministic testing. It does not persist state — pending pairings are in-memory only. The returned channel is the waiter for this request: it is registered under the same lock that creates the pending entry, so an approval can never race ahead of the waiter and drop the delivery. The caller reads it (with its own timeout / disconnect handling) and must unregisterPairWaiter when done.
func (*SessionManager) AddToScenario ¶ added in v0.52.0
func (sm *SessionManager) AddToScenario(name string, input protocol.ScenarioSessionInput, rows, cols uint16) (*SessionState, error)
func (*SessionManager) AdoptSessions ¶
func (sm *SessionManager) AdoptSessions(manifest *UpgradeManifest) error
func (*SessionManager) ApprovePairing ¶ added in v0.66.3
func (sm *SessionManager) ApprovePairing(requestID string, readOnly bool, now time.Time) (deviceID, clientToken string, err error)
ApprovePairing approves a pending pairing, minting and persisting a new paired device. readOnly marks a device paired while require_pairing=false (maps to roleRemoteGuest). It returns the device ID and the one-time client token (only returned here; only its HMAC is stored). now is passed for testability.
func (*SessionManager) ClearAttachedClient ¶
func (sm *SessionManager) ClearAttachedClient(sessionID string, conn net.Conn)
func (*SessionManager) ClearSummary ¶ added in v0.32.0
func (sm *SessionManager) ClearSummary(sessionID string) error
func (*SessionManager) Config ¶ added in v0.47.0
func (sm *SessionManager) Config() *config.Config
Config returns a snapshot of the current config pointer, safe for use outside the lock. The returned *Config must not be modified.
func (*SessionManager) Create ¶
func (sm *SessionManager) Create(name, agentName, repoPath, baseBranch, prompt, model, parentID string, noRepo bool, shareWorktree string, agentHooks bool, inPlace, allowConcurrent, skipModelValidation, yolo bool, rows, cols uint16, envExtra ...map[string]string) (SessionState, error)
Create starts a new agent session, either in a git worktree, in-place in an existing repo, or as a standalone scratch session (when noRepo is true).
The method uses three-phase locking to avoid holding the daemon mutex during potentially blocking git/network operations (fetch, GitHub API calls, PTY spawn):
- Lock: validate, reserve session as StatusCreating, unlock
- Git setup and PTY spawn (no lock held)
- Lock: commit to StatusRunning, unlock
func (*SessionManager) Delete ¶
func (sm *SessionManager) Delete(id string) error
Delete stops a session, removes its worktree/branch, and deletes state. Git teardown is attempted before removing the session from state; if teardown fails the session is kept for retry and the error is returned.
func (*SessionManager) DeleteScenario ¶ added in v0.52.0
func (sm *SessionManager) DeleteScenario(name string) ([]string, error)
func (*SessionManager) DeleteWithChildren ¶ added in v0.20.0
func (sm *SessionManager) DeleteWithChildren(id string, excludeRoot bool) ([]string, error)
DeleteWithChildren deletes a session and all its transitive descendants. Git teardown is attempted before removing each session from state; sessions whose teardown fails are kept for retry. Returns the list of deleted session IDs and an error if any teardowns failed.
func (*SessionManager) DeviceForToken ¶ added in v0.66.3
func (sm *SessionManager) DeviceForToken(token string) *PairedDevice
DeviceForToken resolves a client token to its paired device, or nil. Must be called under at least RLock.
func (*SessionManager) Diagnostics ¶ added in v0.28.0
func (sm *SessionManager) Diagnostics() protocol.DiagnosticsMsg
Diagnostics collects runtime health data for gr doctor.
func (*SessionManager) FindOrphans ¶ added in v0.66.16
func (sm *SessionManager) FindOrphans(now time.Time) []GCOrphan
FindOrphans scans the data dir for worktree and scratch directories with no matching session that are older than gcOrphanMinAge. It reads state under the lock to build the known-session set, then walks the filesystem lock-free.
func (*SessionManager) Fork ¶ added in v0.10.0
func (sm *SessionManager) Fork(name, sourceSessionID string, rows, cols uint16) (SessionState, error)
Fork creates a new session that branches from an existing session's git state and uses the agent's fork_args to carry over the conversation history.
Uses three-phase locking like Create to avoid holding the mutex during git fetch and PTY spawn.
func (*SessionManager) Get ¶
func (sm *SessionManager) Get(id string) (SessionState, bool)
Get returns a copy of a session state by ID.
func (*SessionManager) GetPTY ¶
func (sm *SessionManager) GetPTY(id string) (*grpty.Session, bool)
GetPTY returns the live PTY session by ID.
func (*SessionManager) HandleHookReport ¶ added in v0.11.0
func (sm *SessionManager) HandleHookReport(sr protocol.StatusReportMsg)
HandleHookReport processes a status report from an agent hook, updating the in-memory hookReports map and the session's AgentStatus. This is the authoritative source of agent status when hooks are active.
func (*SessionManager) HasAttachedClient ¶ added in v0.52.0
func (sm *SessionManager) HasAttachedClient(sessionID string) bool
func (*SessionManager) InterruptSession ¶ added in v0.66.2
func (sm *SessionManager) InterruptSession(sessionID string) error
InterruptSession delivers an interrupt (Ctrl-C) to a session's live PTY using the agent's configured interrupt count and delay. Different agent CLIs need different sequences — e.g. Claude's TUI ignores a single Ctrl-C and needs two rapid presses — so delivery is agent-aware rather than a single 0x03 (issue #620). Returns an error if the session has no live PTY.
func (*SessionManager) IsAttachedClient ¶ added in v0.16.5
func (sm *SessionManager) IsAttachedClient(sessionID string, conn net.Conn) bool
func (*SessionManager) KickAttachedClient ¶
func (sm *SessionManager) KickAttachedClient(sessionID string)
func (*SessionManager) List ¶
func (sm *SessionManager) List() []SessionState
List returns copies of all known session states.
func (*SessionManager) ListPairings ¶ added in v0.66.3
func (sm *SessionManager) ListPairings() ([]pendingPairing, []PairedDevice)
ListPairings returns snapshots of the pending pairing requests and the persisted paired devices. Must be called without holding sm.mu.
func (*SessionManager) ListScenarios ¶ added in v0.52.0
func (sm *SessionManager) ListScenarios() []protocol.ScenarioRecord
func (*SessionManager) LoadState ¶
func (sm *SessionManager) LoadState() error
LoadState reads persisted state from disk and reconciles dead processes.
func (*SessionManager) Migrate ¶ added in v0.58.0
func (sm *SessionManager) Migrate(id, targetAgent, targetModel string, rows, cols uint16) (SessionState, error)
Migrate swaps the agent on an existing session in place: it renders the current agent's conversation to a neutral Markdown file, stops the current agent, changes the session's agent type, and restarts it in the *same* worktree seeded with that file. The session keeps its id, name, worktree and branch — only the agent type changes — so all code state (commits and uncommitted edits) carries over with no branching.
Ordering is chosen so a doomed migration aborts before the running agent is touched (read+render happen first and fail fast), and so the context file exists before the new agent starts. If the target agent fails to start, the original agent is restored.
See docs/design/2026-06-24-cross-agent-conversation-migration-design.md.
func (*SessionManager) PendingApprovals ¶ added in v0.13.0
func (sm *SessionManager) PendingApprovals() []protocol.ApprovalInfo
PendingApprovals returns a snapshot of all current pending approvals.
func (*SessionManager) PrepareUpgrade ¶
func (sm *SessionManager) PrepareUpgrade(listenerFd uintptr, configFile string) (*UpgradeManifest, error)
func (*SessionManager) RegisterDeviceConn ¶ added in v0.66.3
func (sm *SessionManager) RegisterDeviceConn(deviceID string, conn net.Conn)
RegisterDeviceConn records a live connection for a device so revocation can force-close it. Called once per connection after successful authentication.
func (*SessionManager) ReloadConfig ¶ added in v0.3.0
func (sm *SessionManager) ReloadConfig() error
ReloadConfig loads the config from disk and swaps it in, logging what changed.
func (*SessionManager) RemoveApprovalSubscriber ¶ added in v0.66.3
func (sm *SessionManager) RemoveApprovalSubscriber(conn net.Conn)
RemoveApprovalSubscriber deregisters an approval subscriber (on disconnect). It is a no-op if the connection was not subscribed.
func (*SessionManager) Rename ¶
func (sm *SessionManager) Rename(id, newName string) error
func (*SessionManager) RespondToApproval ¶ added in v0.13.0
func (sm *SessionManager) RespondToApproval(requestID, decision, reason string) error
RespondToApproval delivers a user decision to a waiting approval request.
func (*SessionManager) Restart ¶ added in v0.26.0
func (sm *SessionManager) Restart(id string, rows, cols uint16) (SessionState, error)
Restart stops a running session (or no-ops if already stopped) and resumes it, picking up the current agent and sandbox configuration.
func (*SessionManager) RestartWithChildren ¶ added in v0.53.0
func (*SessionManager) Restore ¶ added in v0.66.16
func (sm *SessionManager) Restore(id string) (SessionState, error)
Restore un-deletes a soft-deleted session, clearing its deletion marker and leaving it in the stopped state so it can be resumed. Returns an error if the session does not exist, is not soft-deleted, or its recovery window has already elapsed (in which case it is scheduled for purge and must not be resurrected past its advertised deadline).
func (*SessionManager) RestoreWithChildren ¶ added in v0.66.16
func (sm *SessionManager) RestoreWithChildren(rootID string) ([]SessionState, error)
RestoreWithChildren restores a soft-deleted session and every soft-deleted descendant, bringing a subtree hidden by a `--children` delete back at once. Non-deleted or expired descendants are skipped. Returns the restored IDs.
func (*SessionManager) Resume ¶
func (sm *SessionManager) Resume(id string, rows, cols uint16) (SessionState, error)
Resume restarts a stopped session using the agent's resume_args.
Uses two-phase locking: the GitHub username discovery happens before the lock, and the PTY spawn happens after releasing the lock to avoid blocking the daemon.
func (*SessionManager) ResumeScenario ¶ added in v0.52.0
func (sm *SessionManager) ResumeScenario(name string, rows, cols uint16) ([]string, error)
func (*SessionManager) RevokeDevice ¶ added in v0.66.3
func (sm *SessionManager) RevokeDevice(deviceID string) (int, error)
RevokeDevice removes a paired device and force-closes all of its live connections, so a revoked (e.g. lost/stolen) device loses control immediately rather than at next-connection (design §B.5). It returns the number of connections closed.
func (*SessionManager) RunDetectionLoop ¶
func (sm *SessionManager) RunDetectionLoop(ctx context.Context)
RunDetectionLoop periodically scans PTY scrollback to detect low-risk agent status (active/ready) for all running sessions. Approval status comes from hooks or the daemon approval queue, not PTY text.
func (*SessionManager) RunGC ¶ added in v0.66.16
func (sm *SessionManager) RunGC(force bool, now time.Time) []GCOrphan
RunGC finds orphaned directories and, when force is true, removes those that are safe to delete. A worktree with uncommitted changes is never removed (its unreachable work is preserved for manual recovery) and is reported as skipped. When force is false the returned orphans are a dry-run listing with no filesystem changes.
func (*SessionManager) RunGitPullLoop ¶ added in v0.42.0
func (sm *SessionManager) RunGitPullLoop(ctx context.Context)
func (*SessionManager) RunMessageCleanupLoop ¶ added in v0.3.0
func (sm *SessionManager) RunMessageCleanupLoop(ctx context.Context)
func (*SessionManager) RunPRWatchLoop ¶ added in v0.59.0
func (sm *SessionManager) RunPRWatchLoop(ctx context.Context)
RunPRWatchLoop is the daemon-owned PR/CI watcher. Modeled on RunGitPullLoop: config-gated, tolerant of errors, off the request path.
func (*SessionManager) RunPurgeLoop ¶ added in v0.66.16
func (sm *SessionManager) RunPurgeLoop(ctx context.Context)
RunPurgeLoop periodically hard-deletes soft-deleted sessions whose retention window has elapsed. Modeled on RunGitPullLoop: one sweep shortly after startup (to catch windows that elapsed while the daemon was down), then a coarse ticker. Stops cleanly on context cancel.
func (*SessionManager) ScenarioStatus ¶ added in v0.52.0
func (sm *SessionManager) ScenarioStatus(name string) (*protocol.ScenarioRecord, error)
func (*SessionManager) ScenarioTaskDone ¶ added in v0.52.0
func (sm *SessionManager) ScenarioTaskDone(scenarioName, sessionID string) error
func (*SessionManager) SessionForToken ¶ added in v0.52.0
func (sm *SessionManager) SessionForToken(token string) string
SessionForToken returns the session ID that owns the given token, or empty string if the token is not recognized. Must be called under at least RLock.
func (*SessionManager) SetAttachedClient ¶
func (*SessionManager) SetMCPManager ¶ added in v0.23.0
func (sm *SessionManager) SetMCPManager(mm *MCPManager)
func (*SessionManager) SetMsgStore ¶
func (sm *SessionManager) SetMsgStore(ms *MsgStore)
func (*SessionManager) SetSummary ¶ added in v0.32.0
func (sm *SessionManager) SetSummary(sessionID, text string, ttlSeconds int) error
func (*SessionManager) SoftDelete ¶ added in v0.66.16
func (sm *SessionManager) SoftDelete(id string) (SessionState, error)
SoftDelete marks a session as deleted without removing its worktree or state. The agent process is stopped and the session moves to the stopped state, but everything is preserved so `gr restore` can recover it within the configured retention window. The daemon's purge loop hard-deletes it once the window elapses. System and starred sessions are protected, matching Delete. Returns a snapshot of the soft-deleted session so the caller can report the expiry.
func (*SessionManager) SoftDeleteWithChildren ¶ added in v0.66.16
func (sm *SessionManager) SoftDeleteWithChildren(rootID string, excludeRoot bool) ([]string, error)
SoftDeleteWithChildren soft-deletes a session and all of its transitive descendants. If excludeRoot is true, the root session itself is left alone. Sessions that are already soft-deleted, starred, system, or mid-creation are skipped. A lightweight sweep re-marks descendants that appear mid-operation (a child agent spawning a new session) so the subtree stays coherent — it only re-marks, never tears down, since deferring teardown is the whole point. Returns the list of session IDs that were soft-deleted.
func (*SessionManager) Star ¶ added in v0.31.0
func (sm *SessionManager) Star(id string) error
Star marks a session as starred.
func (*SessionManager) StartScenario ¶ added in v0.52.0
func (sm *SessionManager) StartScenario(msg protocol.ScenarioStartMsg, rows, cols uint16) (*ScenarioState, error)
func (*SessionManager) Stop ¶
func (sm *SessionManager) Stop(id string) error
Stop sends SIGTERM to a session's process without removing the session or worktree.
func (*SessionManager) StopAll ¶
func (sm *SessionManager) StopAll(ctx context.Context)
StopAll gracefully terminates all running sessions concurrently. Each session gets up to 5 seconds to exit after SIGTERM before being force-killed. Sessions are waited on in parallel so the total wait time is bounded by the slowest session, not the sum.
func (*SessionManager) StopScenario ¶ added in v0.52.0
func (sm *SessionManager) StopScenario(name string) ([]string, error)
func (*SessionManager) StopWithChildren ¶ added in v0.30.0
func (sm *SessionManager) StopWithChildren(rootID string, excludeRoot bool) ([]string, error)
StopWithChildren stops all descendants of rootID. If excludeRoot is true, the root session itself is not stopped. Already-stopped sessions are skipped. Returns the list of session IDs that were actually stopped.
func (*SessionManager) SubmitApproval ¶ added in v0.13.0
func (sm *SessionManager) SubmitApproval(ctx context.Context, req protocol.ApprovalRequestMsg) protocol.ApprovalDecisionMsg
SubmitApproval registers a pending approval and blocks until a decision is made, the context is cancelled (hook disconnect), or the configured timeout elapses. An automated backend (if configured) is consulted first; a backend that defers, errors, or is absent falls through to the human-queue path.
func (*SessionManager) UnregisterDeviceConn ¶ added in v0.66.3
func (sm *SessionManager) UnregisterDeviceConn(deviceID string, conn net.Conn)
UnregisterDeviceConn removes a connection from a device's live set (on connection close).
func (*SessionManager) Unstar ¶ added in v0.31.0
func (sm *SessionManager) Unstar(id string) error
type SessionState ¶
type SessionState struct {
ID string `json:"id"`
ParentID string `json:"parent_id,omitempty"`
Name string `json:"name"`
RepoPath string `json:"repo_path"`
RepoName string `json:"repo_name"`
WorktreePath string `json:"worktree_path"`
Branch string `json:"branch"`
BaseBranch string `json:"base_branch"`
Agent string `json:"agent"`
AgentSessionID string `json:"agent_session_id,omitempty"`
Model string `json:"model,omitempty"`
Status SessionStatus `json:"status"`
AgentStatus string `json:"agent_status,omitempty"`
StatusChangedAt time.Time `json:"status_changed_at"`
IdleSince *time.Time `json:"-"`
GitDirty bool `json:"-"`
GitUnpushed int `json:"-"`
PullRequest PRStatus `json:"-"`
CI CIStatus `json:"-"`
HookToolName string `json:"-"`
ExitCode *int `json:"exit_code,omitempty"`
ExitSignal string `json:"exit_signal,omitempty"`
PID int `json:"pid,omitempty"`
PIDStartTime int64 `json:"pid_start_time,omitempty"`
Sandboxed bool `json:"sandboxed,omitempty"`
SandboxConfig *config.SandboxConfig `json:"sandbox_config,omitempty"`
InPlace bool `json:"in_place,omitempty"`
Includes []IncludedRepoState `json:"includes,omitempty"`
AgentHooks bool `json:"agent_hooks,omitempty"`
ApprovalsEnabled bool `json:"approvals_enabled,omitempty"` // deprecated: migrated to AgentHooks in v4
// Yolo opts this session into auto-approve ("yolo") mode: the PreToolUse
// approval hook is installed and every request is auto-allowed via the
// "auto" approvals backend, regardless of the global [approvals] backend.
Yolo bool `json:"yolo,omitempty"`
Starred bool `json:"starred,omitempty"`
SystemKind string `json:"system_kind,omitempty"`
StopReason string `json:"stop_reason,omitempty"`
BackoffLevel int `json:"backoff_level,omitempty"`
FreshStart bool `json:"fresh_start,omitempty"`
LastStartedAt time.Time `json:"last_started_at,omitempty"`
SummaryText string `json:"summary_text,omitempty"`
SummarySetAt *time.Time `json:"summary_set_at,omitempty"`
SummaryTTL int `json:"summary_ttl,omitempty"`
LastOutputAt *time.Time `json:"last_output_at,omitempty"`
CreatedAt time.Time `json:"created_at"`
LastAttachedAt *time.Time `json:"last_attached_at,omitempty"`
CreationCfg *CreationConfig `json:"creation_config,omitempty"`
Token string `json:"token,omitempty"`
ScenarioID string `json:"scenario_id,omitempty"`
ScenarioName string `json:"scenario_name,omitempty"`
ScenarioRole string `json:"scenario_role,omitempty"`
ScenarioGoal string `json:"scenario_goal,omitempty"`
MigratedFrom *MigrationInfo `json:"migrated_from,omitempty"`
// DeletedAt marks a session as soft-deleted. When set, the session is
// hidden from the default `gr list` and overlay, its worktree and state are
// preserved until ExpiresAt, and the daemon purges it (hard delete) once the
// window elapses. `gr restore` clears this field.
DeletedAt *time.Time `json:"deleted_at,omitempty"`
// ExpiresAt is the purge deadline, frozen to DeletedAt + retention at delete
// time. It is NOT recomputed from current config on each sweep, so a config
// change only affects future deletes and the "Recoverable until <time>" the
// user was promised never shifts under them. `gr restore` clears this too.
ExpiresAt *time.Time `json:"expires_at,omitempty"`
}
func (*SessionState) IsSoftDeleted ¶ added in v0.66.16
func (s *SessionState) IsSoftDeleted() bool
IsSoftDeleted reports whether the session has been soft-deleted and is awaiting restore or purge.
type SessionStatus ¶
type SessionStatus string
const ( StatusRunning SessionStatus = "running" StatusStopped SessionStatus = "stopped" StatusErrored SessionStatus = "errored" StatusDeleting SessionStatus = "deleting" StatusCreating SessionStatus = "creating" )
type State ¶
type State struct {
Version int `json:"version"`
Sessions map[string]*SessionState `json:"sessions"`
Scenarios map[string]*ScenarioState `json:"scenarios,omitempty"`
// PairedDevices holds remote client devices authorized via pairing for the
// optional network control surface (design §B.2), keyed by device ID.
PairedDevices map[string]*PairedDevice `json:"paired_devices,omitempty"`
// PairingHMACKey is the key used to HMAC client tokens at rest. Generated
// lazily on first pairing via EnsurePairingHMACKey; never the token itself.
PairingHMACKey string `json:"pairing_hmac_key,omitempty"`
}
func (*State) EnsurePairingHMACKey ¶ added in v0.66.3
EnsurePairingHMACKey returns the key used to HMAC client tokens at rest, generating and storing it on first use. The caller must hold the state write lock and persist the state afterward.
type StateVersionError ¶ added in v0.66.16
StateVersionError is returned by LoadState when the on-disk state file is newer than this binary understands. The daemon treats this as fatal (refuses to start) rather than starting with empty state, which would orphan running agents and operate against the wrong picture — see Run.
func (*StateVersionError) Error ¶ added in v0.66.16
func (e *StateVersionError) Error() string
type StreamInfo ¶
type TailnetIdentity ¶ added in v0.66.3
TailnetIdentity is the resolved Tailscale identity behind a remote connection, obtained via the tailnet LocalClient's WhoIs at accept time. User and Node are stable Tailscale identifiers (not display names). For a tagged node WhoIs returns no user, so User is empty and Tags carries the node's tags.
type UpgradeManifest ¶
type UpgradeManifest struct {
ListenerFd int `json:"listener_fd"`
ConfigFile string `json:"config_file"`
Profile string `json:"profile,omitempty"`
Sessions []UpgradeSession `json:"sessions"`
}
func ReadManifest ¶
func ReadManifest(path string) (*UpgradeManifest, error)
type UpgradeSession ¶
Source Files
¶
- agent_prompt.go
- approvals.go
- auth.go
- authmatrix.go
- daemon.go
- gc.go
- ghpr.go
- gitpull.go
- handler.go
- hooks.go
- lifecycle.go
- mcpmanager.go
- migrate.go
- msg_stream_read.go
- msgstore.go
- notify.go
- orchestrator.go
- origin.go
- pairing.go
- pid.go
- prwatch.go
- remote.go
- scenario.go
- server.go
- state.go
- tls.go
- tombstone.go
- upgrade.go
- validate.go
- validate_model.go
- wait.go