Skip to content

docs(roadmap): pre-1.0 island PID-1 unification (retire "primary")#118

Merged
aoos merged 2 commits into
masterfrom
docs/roadmap-pid1-unification
Jun 24, 2026
Merged

docs(roadmap): pre-1.0 island PID-1 unification (retire "primary")#118
aoos merged 2 commits into
masterfrom
docs/roadmap-pid1-unification

Conversation

@aoos

@aoos aoos commented Jun 24, 2026

Copy link
Copy Markdown
Owner

Records the outcome of the "remove primary entirely" discussion as a roadmap item + design doc — pre-1.0, not launch-blocking.

  • Path A (shipped in feat(tui): Enter on an island opens a contained shell at /workspace #117 + planned follow-ups): the TUI/CLI no longer have a privileged "primary" — Enter on an island opens a contained /workspace shell; agents are explicit. Interactive islands can be agent-less and freely reordered.
  • Path B (this doc): removes the last coupling — a headless-first island still runs its first agent as PID 1 (the container is that command), so it can't be agent-less and that agent can't be freely removed. B always uses the keepalive (tail -f /dev/null) entrypoint and launches every agent — interactive and headless — through the supervised docker exec path that already exists for non-primary agents (ensureAgentSession/reconcileAgentsAsync). So B deletes a special case rather than adding capability.
  • Migration is lazy-on-recreate: interactive islands convert for free (already keepalive + idempotent reconcile); headless-first islands flip on their next upgrade/reset to avoid double-launching the PID-1 agent. No flag-day, no data loss.

Doc: docs/island-pid1-unification.md. Roadmap entry under "🔭 Later / exploratory (NOT launch-blocking)" tagged target pre-1.0.

🤖 Generated with Claude Code

Captures the research from the primary-removal discussion. Path A (the
shipped TUI/CLI change: Enter opens a contained shell, no privileged
primary) leaves one structural wart — a headless-first island runs its
first agent as PID 1, so it can't be agent-less or freely reordered.
Path B removes it by always using the keepalive entrypoint and launching
every agent (incl. headless) through the supervised docker-exec path that
already exists for non-primary agents. Includes the lazy-on-recreate A→B
migration plan. Pre-1.0, not launch-blocking.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@aoos aoos merged commit ee36726 into master Jun 24, 2026
4 checks passed
@aoos aoos deleted the docs/roadmap-pid1-unification branch June 24, 2026 21:28
aoos added a commit that referenced this pull request Jul 1, 2026
docs(design): daemon scheduled-wake — design for a3 review (#118.2)
aoos added a commit that referenced this pull request Jul 1, 2026
…252)

The durable fix for the ambient-agent reliability gap (a3-approved design, #143):
hibernate-BETWEEN-runs instead of the interim never-hibernate pin (#244). The
always-on daemon holds a per-island schedule and wakes the island on cadence; it
does its work and hibernates again — no host timer, no resident container.

Composes existing seams, no new subsystems:
- STORE: project.Schedules in config.toml — survives daemon restart AND
  `dejima upgrade` (outside the container), unlike an in-island cron.
- TICK: RunScheduler (1-min, always on) → scanSchedules fires due schedules.
  Catch-up-not-stack: an overdue recurring schedule fires once and re-anchors
  NextDue forward; a fired one-shot is deleted.
- WAKE: startIslandIfStopped mirrors the wake path (StartContainer/recreate +
  reconcileAgentsAsync); no-op if already running.
- RUN-TASK (the crux d6/a3 flagged): after wake + readiness, injectFn the
  schedule's task into the target agent (the proven mail-nudge inject path), so
  the agent actually runs its work rather than cold-starting into an idle prompt.
  Waits (bounded) for the agent to reach a turn boundary; warns if not delivered.
  Inject-first per a3 ruling — composes with resume-on-wake (#28) later, doesn't
  block on it.
- EVENT: island.woken reason=scheduled (ledgered via the existing audit path).

Surface (a3 ruled dedicated routes): 3 operator-only routes (POST/GET/DELETE
/v1/islands/{name}/schedules[/{id}], capOperate, denied to island tokens) +
openapi + client. CLI: `dejima wake <island> --at/--every/--task/--agent`
registers a schedule; `dejima schedule list|rm`.

Fixes an omitempty trap along the way: go-toml/v2 drops a non-zero time.Time under
`omitempty`, which would silently lose LastRun across save/load.

Tests: schedule model (due/advance/add/remove); create/list/delete handlers +
validation; scanSchedules fires a due one-shot (removed) and advances a due
recurring; CLI wiring. Full suite + vet + lint + 106-route parity + coverage gate
green. Needs a daemon rebuild (the scheduler runs in dejimad).

This + the pin (#244) fully solve the watchtower "don't shut off": pin to stay
resident now, schedule to hibernate-between-runs.


Claude-Session: https://claude.ai/code/session_01QtGTf7anGr5S1zjCD61hwC

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
aoos added a commit that referenced this pull request Jul 1, 2026
feat(monitor): operator alert when a running agent goes silent (#118.3)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant