feat(agentos): native actor plugin cdylib (dylib-actor-plugin)#1501
Merged
NathanFlurry merged 3 commits intoJun 22, 2026
Merged
Conversation
NathanFlurry
force-pushed
the
agentos-dylib-plugin
branch
7 times, most recently
from
8222803 to
aacc5f8
Compare
…warder + tests
Rust plugin (crates/agentos-actor-plugin, cdylib): plugin side of
rivet-actor-plugin-abi; imports the UNMODIFIED agent-os-client, drives the
sidecar on its own tokio runtime, calls back into the host vtable for durable
storage + events. ABI exports + HostCtx bridge (incl. the required startup_ready
handshake), run loop + lazy VM lifecycle, full 24-op fs persistence + session
events, ~40-action dispatch (abi codec + encode_json_compat), config_json
deserializer, HTTP /preview proxy. Built end-to-end as a cdylib against the real
client + secure-exec.
Persistence e2e test (src/persistence_e2e.rs): drives the REAL handle_fs_call
dispatch (the VM's sqlite_vfs storage callback) through a mock HostVtable backed
by an in-memory rusqlite Connection, speaking the exact CBOR db_* wire contract
— migrate + mkdir/writeFile/exists/readFile/stat/readDir/removeFile round-trip.
Proves the durable-storage core against real SQLite, no VM/sidecar needed.
cargo test -p agentos-actor-plugin
TS forwarder (packages/agentos, @rivet-dev/agentos): agentOs(config) ->
ActorDefinition whose nativeFactoryBuilder calls createNativePluginFactory
({pluginPath,configJson,sidecarPath}); buildConfigJson (lock-step with
config.rs), schema, nodeModulesMount, getPluginPath(), types.
Gated on infra (spec phases 2,5-7): publish abi + rivetkit + secure-exec; CI
dylib matrix; npm platform packages; live-VM e2e (needs the built sidecar).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry
force-pushed
the
agentos-dylib-plugin
branch
5 times, most recently
from
e0355d3 to
fb469a4
Compare
…odules
- session.rs: resolve renamed @rivet-dev/agentos-* agent packages (acpAdapter/agentPackage), fixing createSession("pi") on a verbatim install
- default network egress is now a deny-by-default allowlist of LLM provider hosts (anthropic/openai/gemini/openrouter) instead of allow-all; quickstart needs no permissions block
- forwarder auto-derives the /root/node_modules host_dir mount from agent descriptors' packageDir; quickstart needs no manual nodeModulesMount
- retains rivetkit preview c44621f + rivet-actor-plugin-abi 2.3.2
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@rivet-dev/agentos now depends on @agent-os-pkgs/common and the forwarder auto-injects it into the software list (deduped against explicit entries) so the quickstart is just software: [pi]. Opt out with options.defaultSoftware: false. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry
force-pushed
the
agentos-dylib-plugin
branch
from
fb469a4 to
8391565
Compare
NathanFlurry
added a commit
that referenced
this pull request
Jun 22, 2026
Merges the dylib actor-plugin feature (codex/session-resume-architecture-docs, PR #1501) onto main. Unifies naming on agentos-* + @agentos-software/*. Examples/docs taken from the dylib branch. Re-ported main's #1491 (cron/OPFS security — survived auto-merge) and #1497 (shell local-mode) where applicable. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry
added a commit
that referenced
this pull request
Jun 22, 2026
Merges the dylib actor-plugin feature (codex/session-resume-architecture-docs, PR #1501) onto main. Unifies naming on agentos-* + @agentos-software/*. Examples/docs taken from the dylib branch. Re-ported main's #1491 (cron/OPFS security — survived auto-merge) and #1497 (shell local-mode) where applicable. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
NathanFlurry
added a commit
that referenced
this pull request
Jun 22, 2026
Merges the dylib actor-plugin feature (codex/session-resume-architecture-docs, PR #1501) onto main. Unifies naming on agentos-* + @agentos-software/*. Examples/docs taken from the dylib branch. Re-ported main's #1491 (cron/OPFS security — survived auto-merge) and #1497 (shell local-mode) where applicable. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Moves the Agent OS actor out of the RivetKit (r6) tree into this repo, shipped as a dynamically-loaded native plugin that RivetKit `dlopen`s at runtime. RivetKit knows only the generic `rivet-actor-plugin-abi` C ABI — no agent-os symbols, types, or config schema. The storage hot path stays in-process Rust. Implements spec `~/.agents/specs/dylib-actor-plugin.md` phases 3–4 (plugin side).
Companion r6 PR: rivet-dev/rivet#5311 (the ABI crate + generic codec + host `dlopen` loader + napi cut).
What's here (
crates/agentos-actor-plugin, cdylib)db_*/next_event/reply/broadcastover the host vtable; each async op is a sync submit + oneshot completion; refcounted ctx for detached callbacks. Panic-firewalledextern "C"boundaries.AgentOson first action, tears down on Sleep/Destroy, grace on cancel. The unmodifiedagent-os-clientis imported and driven on the plugin's own tokio runtime.HostCtx.db_*.encode_json_compat(byte-exact with rivetkit'sActionCall::ok, incl. the["$Uint8Array", base64]wrapping).AgentOsConfigwithdeny_unknown_fields, and uses a per-plugin-runtime sidecar pool (never the globaldefaultpool)./preview/{token}proxy →vm.fetch.Verification
Build-verified end-to-end as a cdylib against the real
agent-os-client+ secure-exec; all 10 ABI symbols exported. The shared codec's byte-parity + round-trip is covered by tests in the r6 abi crate.Remaining (infra; out of sandbox — spec phases 2, 5–7)
rivet-actor-plugin-abi, then repin the interim cross-repo path dep to a version.sidecar-browser) so the pinned workspace resolves in CI.🤖 Generated with Claude Code