Context
Canonical spec: SourceOS-Linux/sourceos-spec specs/local-agent-runtime.md.
The node-commander incident showed that local agents need an operator-facing surface. Users should not have to inspect launchd plists, Nix store wrappers, Podman sockets, and credential-helper configs manually.
Deliverables
Add SourceOS shell affordances for:
sourceos-agent status <name>sourceos-agent logs <name>sourceos-agent doctor <name>sourceos-agent repair <name>sourceos-agent quarantine <name>sourceos doctor local-runtime
UX requirements
Status output should show:
- service scope and backend
- installed plist/unit path
- launchd/systemd state
- PID and run/restart count
- runtime backend
- Podman machine and socket state
- container state
- image ID/tag/provenance
- auth mode
- log paths
- warnings and recommended action
Acceptance criteria
- A user can understand why a local agent is running without reading Nix store paths.
- Suspicious persistence patterns are explained in plain language.
- Repair/quarantine paths are surfaced as copy-paste-safe commands.
Context
Canonical spec: SourceOS-Linux/sourceos-spec
specs/local-agent-runtime.md.The
node-commanderincident showed that local agents need an operator-facing surface. Users should not have to inspect launchd plists, Nix store wrappers, Podman sockets, and credential-helper configs manually.Deliverables
Add SourceOS shell affordances for:
sourceos-agent status <name>sourceos-agent logs <name>sourceos-agent doctor <name>sourceos-agent repair <name>sourceos-agent quarantine <name>sourceos doctor local-runtimeUX requirements
Status output should show:
Acceptance criteria