Single-host backend rebuild (remove multi-host; server runs agents)#96
Draft
SawyerHood wants to merge 10 commits into
Draft
Single-host backend rebuild (remove multi-host; server runs agents)#96SawyerHood wants to merge 10 commits into
SawyerHood wants to merge 10 commits into
Conversation
Install bb apps from a git repo (or local path) that version-controls
them and updates them via an explicit manual sync — no background
auto-update. Inspired by Claude Code / Codex plugin marketplaces.
App data moves out of the app folder to {dataDir}/app-data/<id>/ so app
code (author-owned, replaceable by source syncs) and runtime data
(user-owned) have independent lifecycles. A one-time idempotent boot
migration relocates legacy apps/<id>/data dirs; the daemon now watches
the app-data root so window.bb.data.onChange keeps receiving live updates.
- Sync engine (apps/server/src/services/app-sources/): git fetch +
detached checkout per source, manifest discovery, sha-based provenance
markers with content-hash divergence detection, atomic whole-dir
materialize, local-wins conflict rules, upstream-removal handling that
never destroys user data or local edits, coalesced one-in-flight sync.
- Routes: GET/POST /api/v1/app-sources, POST /:name/sync {force},
DELETE /:name, POST /api/v1/apps/:id/detach; delete-guard for managed
apps; source field on AppSummary; .bb-app-source.json never served.
- CLI: bb app source add/list/sync(--force)/detach/remove; source column.
- UI: App sources settings section; managed-app badge in the sidebar.
- Docs: building-bb-apps skill + bb guide app updated.
Security/correctness hardening from review:
- git ref/origin can no longer inject options: `--` end-of-options guard
in fetch/remote-add plus schema rejection of leading-dash values.
- runCoalescedSync re-checks the in-flight map after awaiting so
concurrent force syncs can't run two materializes on one source.
- shared app-storage staging (nonce + .tmp-/.delete- prefixes) and
fs-errors (type guard + directoryExists) replace duplicated helpers.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Remove multi-host + the host-daemon process; one server runs the coding agents directly. Frontend/desktop frozen except a 3-item allowlist. Decisions locked via owner interview; plan adversarially verified against the codebase (61 findings applied). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Pin the frozen frontend-facing surfaces before the backend rebuild: /system/config desktop-probe shape, full hostSchema on /hosts, local-API /status value round-trip + install ndjson framing, terminal WS literal schemas, change-kind inventory. Local-API tests resolve through the new harness.localApiBaseUrl() accessor - the single Phase 1 retarget point. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds apps/server/src/engine/ (52 files): runtime manager, lane-preserving command router, command handlers, terminals, local-API handlers, codex proxy, runtime env aux — adapted copies of the host-daemon's living code with the transport shell (spool/server-client/enroll) replaced by ports.ts seams. New direct event-append module with the daemon's ordering invariants and unit tests. Runtime-inert: nothing constructs the engine yet; apps/host-daemon untouched and still authoritative. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The server constructs the engine at boot and owns the full runtime path: - EngineCommandDispatcher + in-flight registry replace the durable queue; every queueCommand/AndWait/online-RPC call site re-pointed; settlement runs the owners registry against fabricated command rows - synthetic host 'local' emitted/accepted across the contract; the four host-mutation routes stay typed, stubbed 410/422 - former :38887 local API served at root paths before the SPA catch-all; /system/config answers hostDaemonPort with the server's own port - migrations 0013/0014: FK detachment from hosts/host_daemon_*, drop pending_interactions.resolving_command_id + terminal_sessions.daemon_session_id - integration harness boots merged-server-only with the fake provider adapter; recovery suite + wire-protocol suites quarantined for P2/P1c - /internal + daemon WS unmounted (code orphaned, deleted in P1c) Phase 0 contract tripwires pass against the single-process server. Full typecheck, @bb/server+db+dev-env units, integration suite green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Deletes apps/host-daemon (~200 files; its four dispatch-handler test suites ported wholesale into engine tests first — 86 tests, zero transport-specific content), apps/server/src/internal/* (15 route groups), daemon WS protocol + hub daemon halves, machine-auth + enrollment, queue/lease/expiry sweeps, and migration 0015 dropping hosts, host_daemon_sessions/commands/command_attempts, user, apikey. Live plumbing relocated rather than deleted: command-wait/online-rpc -> services/engine/, daemon-ingress scheduling -> scheduleDetachedWork. host-daemon-contract slimmed to the FE-facing local contract + the engine-facing command types (Phase 4 finishes it). bb-app launcher daemon paths removed (packaged path restored in Phase 3). Full typecheck, 5 package unit suites, integration + contract tripwires green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Five new modules under services/lifecycle/ replace the queue-era thread-provisioning*/thread-lifecycle/environment-*/project-deletion families: in-memory provision/start/stop task maps with AbortController cancellation, environment lifecycle with durable cleanupRequestedAt intent and normalized write-then-execute destroy, project deletion via durable projects.deleteRequestedAt, boot reconciliation (runs before serve(); interrupts with the new server-restarted reason — fixing a live regression: crash recovery had no caller since P1c), and product sweeps split from the dead lifecycle re-drives. Migration 0016 drops thread/environment/project_operations and the client_turn_requests command columns; settlement keys off (threadId, requestId). Interruption union swaps host-daemon-restarted for server-restarted with the one sanctioned thread-view case edit. Recovery suite reborn as a real kill-9 matrix (child-process server, on-disk SQLite, 5 scenarios); thread-lifecycle.test.ts replaced by 5 lifecycle suites; the new tests caught and fixed a cancel-task dedupe bug. Full typecheck, 1106 server tests, 54 integration tests green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…odel CLI/SDK: bb host commands, --host flags, fetchLocalHostId, and daemon probing deleted; CLI sends the 'local' constant where the frozen contract requires hostId; BB_HOST_DAEMON_PORT config reads deleted as accepted-but-ignored. Guide templates reworked (hosts chapter deleted, manager instructions de-hosted with their feeder chain). Launcher: packaged single-child path restored — server dist now bundles the bridges + bb CLI; BB_BRIDGE_DIR/BB_CLI_DIR repoint there (the engine's createRequire default fails packaged — launcher env is load-bearing); bb-server bin deleted (no spawners); daemon dev ports and BB_PROD_HOST_DAEMON_PORT deleted. Frontend allowlist (§5.8): Hosts settings section removed; desktop 'Server & Daemon Logs' copy → 'Server Logs' (4 sites). Docs rewritten for one process; additional-hosts.md deleted. tests/qa rewritten single-pid. Bugs found by validation: missing @parcel/watcher direct dep crashed packaged boot; CLI spawn --environment path validation. Full typecheck, 6 package suites, integration, qa, packaged smoke green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Per the re-verified merge map (plan §7): five vestige dirs removed (workflow-runtime, agent-provider-auth, host-runtime-material, sandbox-host, sandbox-image — untracked dist residue); secret-storage deleted (orphaned since machine-auth died); host-workspace and host-watcher folded into apps/server/src/engine/; host-daemon-contract slimmed to its frontend-facing surface (local.ts minus /health, workspaceResolutionFailure, HOST_DAEMON_PROTOCOL_VERSION) with the server-only command/RPC vocabulary rehomed to apps/server/src/engine/contract/ (75 dead exports deleted); agent-fixtures kept standalone (capture/promote CLI per Decision 12). Frontend-reachable closure byte-untouched; apps/app zero diffs. Full typecheck, server suite, integration + contract tripwires, packaged smoke green. Reviewed post-hoc after 529 outage; both reviewer fixes applied. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Live gate: 28/28 items pass on claude-code + codex (real sessions), SIGKILL reconciliation verified, tarball smoke green. Remaining work is owner-only (desktop GUI verification on a signed build, the ~/.bb switch itself). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rebuilds the bb backend from first principles around a single-host server/client model, removing the multi-host/distributed architecture. Frontend (
apps/app) and desktop (apps/desktop) are kept as-is by design; no backwards compatibility. Branch was built in one session on 2026-06-07/08.What changed
apps/host-daemonremoved — folded intoapps/server, which now boots the agent engine directly (server runs the coding agents; clients just issue commands).572 files changed, 33678 insertions(+), 59769 deletions(-).Execution (per
plans/single-host-rebuild.md)See
plans/single-host-rebuild.mdon this branch for the full spec.main(untouched since 2026-06-08) and will conflict heavily. Opened to review the approach and decide whether to revive + rebase, not to merge as-is.🤖 Generated with Claude Code