Skip to content

feat: coordinate concurrent CBM sessions#1139

Draft
DeusData wants to merge 7 commits into
mainfrom
feat/shared-coordination-daemon
Draft

feat: coordinate concurrent CBM sessions#1139
DeusData wants to merge 7 commits into
mainfrom
feat/shared-coordination-daemon

Conversation

@DeusData

@DeusData DeusData commented Jul 16, 2026

Copy link
Copy Markdown
Owner

Summary

Adds one mandatory per-account coordination daemon for long-lived MCP and hook sessions.

  • The first daemon-backed session starts the daemon; the final session shuts it down.
  • Watchers, indexing jobs, resource state, and the optional UI are shared across Claude Code, Codex, OpenCode, and other clients.
  • Work remains session-owned: disconnecting one session cancels its exclusive work while shared work continues.
  • One-shot CLI commands stay local and leave no daemon behind. They use coordinated admission and per-project locks, and can be cancelled safely during maintenance.
  • Interactive CLI commands show progress on stderr; stdout remains machine-safe.

Coordination and activation

All concurrent CBM processes must agree on the exact version, executable build, coordination ABI, and canonical CBM_CACHE_DIR. Conflicting processes fail before doing work, report the conflict to the launching session, and record it in daemon-conflicts.ndjson.

Native install, update, and uninstall commands:

  1. download, verify, and stage the candidate;
  2. publish account-wide maintenance intent;
  3. cancel daemon sessions and temporary CLI operations;
  4. wait for coordinated processes to exit;
  5. activate atomically while holding exclusive admission barriers;
  6. log the outcome and tell the user to restart open coding-agent sessions.

Windows uses a permanent launcher with an atomically replaceable payload, allowing the same lifecycle guarantees despite executable-file locking. npm, PyPI, and Go wrappers verify and publish their private cached binaries safely.

Security and observability

  • Local IPC authenticates the connecting OS account using Unix peer credentials or Windows access-token checks.
  • Coordination state, locks, logs, and activation files use private permissions and fail closed when ownership, ACLs, path identity, or namespace validation is unsafe.
  • MCP stdout remains reserved for JSON-RPC; immediate session failures use stderr.
  • Durable daemon, conflict, and activation logs are written beneath the canonical cache root.
  • No third-party runtime dependency or external coordination service is introduced.

Verification

  • Full C ASan/UBSan suite: 6,723 passed, 2 skipped
  • Daemon frontend tests: 12/12 passed
  • CLI tests: 255/255 passed
  • Main-sync affected suites: 365/365 passed
  • npm wrapper tests: 10/10 passed
  • Python wrapper tests: 3/3 passed
  • Go wrapper tests and Windows amd64 cross-compilation passed
  • Windows launcher/bundle contracts passed
  • Parent and worker watchdog tests passed
  • Production smoke: all phases passed
  • MCP robustness fuzzing: 23/23 passed, including harness anti-false-positive checks
  • Static security audit, vendored integrity, formatting, cppcheck, and lint passed
  • End-to-end daemon lifecycle smoke passed for shared startup/shutdown, bidirectional version conflicts, coordinated maintenance, CLI cancellation, and per-session cancellation

DeusData added 7 commits July 16, 2026 19:20
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant