Module daemon_runtime 

Daemon runtime — orchestration shell for the ai-memory binary.

W6 lifted serve() and the top-level dispatch out of main.rs so the production HTTP daemon, the integration test harness, and the coverage-instrumented tests in this module all share one source of truth. main.rs keeps its #[tokio::main] entry point but immediately delegates here for every subcommand.

Public surface (post-W6)

• run — top-level CLI dispatch (called from main()).
• serve — full HTTP daemon body (TLS or plain).
• bootstrap_serve — testable struct-returning state builder.
• build_router — composition wrapper around lib::build_router.
• build_embedder, build_vector_index — single canonical builders used by both serve() and cli::recall::run.
• spawn_gc_loop, spawn_wal_checkpoint_loop — daemon background tasks, returning a JoinHandle so callers can abort on shutdown.
• is_write_command — write-command predicate driving the post-write WAL checkpoint.
• passphrase_from_file, apply_anonymize_default — startup helpers.

Pre-W6 helpers retained

• serve_http_with_shutdown, serve_http_with_shutdown_future — the in-process HTTP harness the integration suite drives.
• run_sync_daemon_with_shutdown, run_sync_daemon_with_shutdown_using_client, sync_cycle_once — the sync-daemon body.
• run_curator_daemon_with_shutdown, run_curator_daemon_with_primitives — the curator-daemon body.

Structs

BenchArgs

Cli

CompletionsArgs

DoctorCliArgs

Arguments for the doctor subcommand. Lives next to Cli so clap derives them automatically; the actual report logic lives in cli::doctor::run.

GovernanceCliArgs

ai-memory governance parent argument struct.

ServeArgs

ServeBootstrap

Aggregated state produced by bootstrap_serve.

Enums

Command

GovernanceAction

ai-memory governance sub-subcommands. K11 migrator + 7th-form install-defaults (issue #760) bulk-activator for seed rules R001-R004 live here; future K-track work may add more verbs (lint, explain, …) so the surface is shaped as an enum from day one.

Functions

apply_anonymize_default

Apply the configured anonymize_default to the runtime env: when the config asks for anonymization but the user hasn’t already set AI_MEMORY_ANONYMIZE, set it to "1". Idempotent — repeated calls are a no-op once the env var is set.

bootstrap_serve

Build all daemon state and spawn background tasks. Returns the aggregated state without binding any sockets — testable in isolation.

build_embedder

Construct the Embedder for a given tier. Returns None for the keyword tier (no embedder requested) and on load failure (caller degrades to keyword fallback). On failure the diagnostic is emitted via tracing::error! so operators see it in journalctl.

build_llm_client

v0.7.0 L5 — construct the LLM [OllamaClient] for autonomy-hook capable feature tiers (smart / autonomous). Returns None for the keyword / semantic tiers (no llm_model declared in the [TierConfig]) and on Ollama unreachability (caller degrades to non-LLM behaviour). On failure the diagnostic is emitted via tracing::warn! so operators see it in journalctl without killing the daemon — autonomy hooks are best-effort and the store path must keep working when Ollama is offline.

build_router

Compose the production HTTP router. Thin wrapper around crate::build_router (the W3-vintage source of truth for the route table). daemon_runtime::build_router exists so test code in this module can build the router without naming crate::build_router directly, and so future router-composition logic (e.g. middleware reorder, custom layers) lives in one place.

build_vector_index

Build the in-memory VectorIndex from conn. When embedder_present is false, returns None (the keyword-only path doesn’t need an index). When the embedder is present but the DB is empty (or query errors), returns Some(VectorIndex::empty()) so write paths can populate it in-place.

is_write_command

Returns true if cmd is a write-class subcommand. The post-run WAL checkpoint in run runs only when this returns true.

passphrase_from_file

Read the SQLCipher passphrase from path. Strips a single trailing newline / CRLF; rejects an empty passphrase (post-strip) with an error; preserves all other internal whitespace.

resolve_admin_agent_ids

#976 (2026-05-20) — resolve the admin-allowlist with env-var precedence over the config-file [admin].agent_ids block.

run

Top-level CLI dispatch. Called from main() after Cli::parse().

run_curator_daemon_with_primitives

Curator-daemon loop body, primitive-arg flavour for the binary.

run_curator_daemon_with_shutdown

Run the curator daemon with a programmable shutdown.

run_sync_daemon_with_shutdown

Run the sync-daemon main loop with a programmable shutdown.

run_sync_daemon_with_shutdown_using_client

Variant of run_sync_daemon_with_shutdown that takes a caller-built reqwest::Client. The production cmd_sync_daemon() constructs an mTLS-aware client (via build_rustls_client_config) and threads it in here so the helper drives the same loop body the test version drives — keeping daemon_runtime as the single source of truth for the sync-daemon loop while preserving the production TLS contract.

serve

Run the HTTP memory daemon. Loads TLS state, builds AppState, spawns the GC + WAL-checkpoint loops, and binds a listener (TLS or plain HTTP).

serve_http_with_shutdown

Run the HTTP daemon (plain HTTP, no TLS) with a programmable shutdown.

serve_http_with_shutdown_future

Variant of serve_http_with_shutdown that takes an arbitrary shutdown future. The production serve() needs to run a WAL checkpoint after the OS signal but before tearing down the listener; that cleanup work is awkward to express through a Notify alone. Accepting a Future lets the caller embed any async cleanup into the shutdown future itself, while the helper keeps the build_router + TcpListener::bind + axum::serve body it already owns.

serve_http_with_shutdown_future_and_timeout

v0.7.0 H7 (round-2) — variant of serve_http_with_shutdown_future that accepts an explicit per-request timeout. Used by tests to drive the slow-POST edge directly.

spawn_agent_quota_reset_loop

v0.7.0 K8 — spawn the periodic agent-quota daily-counter reset sweeper.

spawn_gc_loop

Spawn the periodic GC loop. Sleeps interval, then runs db::gc, db::auto_purge_archive, and (Cluster G, #767) the shadow- observation retention sweep against the daemon’s shared connection. The returned JoinHandle is owned by the caller; serve() aborts it on shutdown.

spawn_gc_loop_with_shadow_retention

Cluster G (#767) — spawn_gc_loop variant that takes an explicit shadow-observation retention window. Used by bootstrap_serve so the operator-tunable [confidence] shadow_retention_days from config.toml flows through. spawn_gc_loop is the no-arg wrapper that picks the compiled default for legacy call sites (tests).

spawn_pending_timeout_sweep_loop

v0.7.0 K2 — spawn the periodic pending_actions timeout sweeper.

spawn_transcript_lifecycle_sweep_loop

v0.7.0 I3 — spawn the periodic transcript archive→prune sweeper.

spawn_vector_index_boot_load

#1579 B3 — async boot HNSW warm-up for serve.

spawn_wal_checkpoint_loop

Spawn the periodic WAL checkpoint loop. First checkpoint runs interval / 2 after start (staggered from the GC loop to avoid lock-contention bursts on cold start), then on a fixed cadence.

sync_cycle_once

Run a single sync cycle against one peer — pull then push.