refactor(core,client): move agent resolution, command/snapshot/stub and recursive-fs logic into the sidecar#1612
Merged
Merged
Conversation
NathanFlurry
commented
Jul 5, 2026
Member
- Make the AgentOs client npm-agnostic; the sidecar now owns agent resolution and enumeration (listAgents RPC)
- Run exec chmod/stat/exit in the guest instead of emulating them client-side
- Sidecar reports projected command targets; both clients consume them instead of re-reading package dirs
- Sidecar loads the V8 snapshot bundle from the projected package (dropped from the client wire)
- Sidecar synthesizes /bin command + toolkit-shim stubs from forwarded names (removes a host tmp dir + mount)
- Recursive fs ops (copy/move/delete/readdir) collapse to a single sidecar RPC backed by a bounded kernel primitive
- Thin the runtime-compat NativeKernel to use sidecar-reported commands
- Rework agent-session tests onto projected mock packages; migrate moduleAccess to nodeModulesMount; remove dead code
- Bump the secure-exec ref to merged secure-exec feat: add durable storage MVP #267 and align crate pins to 0.3.4-rc.1
The committed .github/refs/secure-exec was bumped (PRs #1598-1600) without re-fitting agentos-client, which was last re-fit (d4cbe82) for the older secure-exec 0bf7dcb. Re-fit against the current wire API: - wire::PackageDescriptor { name, dir, acp_entrypoint } -> { dir } (the sidecar reads name/acpEntrypoint from the package manifest at dir) - READ_DIR entries are now list<GuestDirEntry> -> project each .name - handle new ResponsePayload::{GuestKernelResultResponse, ResourceSnapshotResponse} - JsRuntimeConfig gained high_resolution_time
…op stale website filter - verify the secure-exec crate via the crates.io sparse index (the v1 API now returns 403 under crates.io's data-access policy) - install wasm-pack in the publish-npm job so @rivet-dev/agentos-browser's build:dist-wasm (wasm-pack build agentos-sidecar-browser) works - drop the turbo --filter='!@agentos/website' (website is excluded from the workspace, so the filter matches no package and turbo errors)
…nodeModulesMount mount - Delete the `moduleAccessCwd` TS option and its zod schema field; callers pass `nodeModulesMount(...)` in `mounts` instead - Remove the dead `ModuleAccessOptions` compat shim from runtime-compat - Drop the `moduleAccessCwd` field from the native actor config (TS + Rust) - Remove the `module_access_cwd` field/builder from the Rust client config and stop client-side cwd expansion; add a `node_modules_mount()` helper mirroring the TS helper - Convert Rust e2e tests and the pi-extensions example to the mount-based form
…nifest resolution - Delete the vestigial AGENT_CONFIGS table and the AgentType union from packages/core; AgentType is now `string` (a manifest name), and createSession/resumeSession/listAgents resolve agents purely from configured /opt/agentos package manifests - Drop the AGENT_CONFIGS root export and update the affected core tests + package CLAUDE.md/README - Rust client (crates/client): delete BUILTIN_AGENT_IDS/agent_config and the legacy /root/node_modules adapter lookup; resolve agents dynamically from the configured package manifests (keyed by manifest name, spawned via /opt/agentos/bin/<acpEntrypoint>) for parity with TS - Add a root CLAUDE.md rule that the Rust and TypeScript clients must behave identically
…nt resolution + enumeration - Delete the `adapterEntrypoint` wire field from `AcpCreateSessionRequest`; the client sends only `agentType`. - Move agent resolution (name -> package -> entrypoint/env/launchArgs) and ACP spawn into the sidecar, reading the projected `/opt/agentos/<name>/current/agentos-package.json`. - Make `listAgents()` a sidecar ACP RPC (`AcpListAgentsRequest`/`AcpListAgentsResponse`); the sidecar enumerates the projected `/opt/agentos` packages. The client parses no manifests for discovery. - The client (TS + Rust) no longer scans node_modules, calls require.resolve, reads its own package.json deps, or computes adapter entrypoints; default software is a plain `import common from "@agentos-software/common"`. - Remove the client-side agent-config surface: `AgentConfig`/`agents.ts`, `_resolveAgentConfig`, `resolveDependencyAgents`, `serializedAgentConfigs`, the TS lazy-link path, and the resume adapter-entrypoint env hack. `AgentType` now lives in `types.ts`. - Mirror the resolution+enumeration in the host-free browser core over its filesystem seam. - Update root + core CLAUDE.md and the affected tests to the new contract.
…nt emulation The native-sidecar exec() emulated chmod, stat -c %a, and sh -c 'exit N' client-side (fs RPCs / early returns) — only the TS client did this, and it drifts from real coreutils/shell semantics. Route these through the guest shell/command path like the Rust client already does, so the guest runs the real command. Removes a TS/Rust parity divergence.
…re-reading package dirs Both clients now populate their command map from the projectedCommands returned by configureVm/linkPackage, deleting the host-side package.json/bin derivation (deriveProjectedCommandNames / package_command_names) and the TS/Rust sort/filter divergence it carried.
… loads it Deletes resolveAgentSnapshotBundle and the snapshotUserlandCode wiring — the client no longer reads agentos-package.json or dist/sdk-snapshot.js off the host or ships the bundle over the wire. The sidecar resolves it from the projection, which also gives the Rust client snapshot parity (was hard-coded None).
…client stub writing + shim mount The client no longer writes /bin/<cmd> kernel-command stubs or materializes a host tmp dir of agentos-<toolkit> shims mounted at /usr/local/bin. It forwards bootstrapCommands + toolShimCommands and lets the sidecar create the stubs in its projection, removing the host tmp-dir lifecycle and one host_dir mount.
…t each Replace the per-node client-side copy/move/delete/readdir tree-walks (O(N) round-trips) in both the TS and Rust clients with a single forwarded readdirRecursive/movePath/removePath request, deleting the duplicated walk helpers. The sidecar's kernel walks the tree locally in one hop.
…ted commands NativeKernel.mount() now registers command names from the sidecar's configureVm projectedCommands response instead of re-deriving guest command paths client-side; removes collectGuestCommandPaths / getGuestCommandPaths / commandDirOffsets. Public createKernel/createWasmVmRuntime API + its snapshot and wasm-discovery behavior are preserved (full sidecar-facade migration left as a separate effort).
Replace the 7 tests that monkeypatched the removed _resolveAgentConfig with a shared projected-agent-package helper that stages a real agentos-package.json + bin adapter and passes it via software:[...], so the sidecar resolves the agent the same way production does. Preserves each test's assertions.
…ver moduleAccess
Complete the moduleAccessCwd removal: createNodeDriver now accepts explicit
node_modules mounts (preferred over the process.cwd() fallback), secure-exec
re-exports nodeModulesMount, and the remaining moduleAccess:{cwd} consumers
(secure-exec-typescript integration test + the ai-agent type-check example)
use mounts:[nodeModulesMount(...)] instead.
The legacyManifest field was written but never read (a leftover from the package-ref manifest migration); drop the field, its assignments, and the legacyPackageManifest helper, plus the duplicate write-only path in the actor.
… to 0.3.4-rc.1 Point .github/refs/secure-exec at secure-exec main (78efd873e, which carries the merged sidecar wire changes this branch depends on) and bump the path-dep crate pins from 0.3.0-rc.1 to 0.3.4-rc.1 to match.
…oded-agents # Conflicts: # .github/refs/secure-exec
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.