agentvfs 0.1.6

Virtual filesystem CLI backed by embedded databases for AI agents
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

# Core Concepts

These concepts define the intended operating model for agentvfs.

## Vaults

A **vault** is the durable root of a workspace. It stores files, directories, versions, metadata, tags, snapshots, and audit history.

Use vaults for:

- project roots
- long-lived agent workspaces
- durable state you may want to revisit later

## Forks

A **fork** is a cheap workspace derived from a vault.

Forks are the right unit for:

- one agent task
- one risky experiment
- one isolated command session

The important design point is that agents should usually mutate a fork, not the long-lived root vault directly.

## Checkpoints

A **checkpoint** is a rollback point inside a vault or fork.

Checkpoints are useful when:

- a command may rewrite many files
- the agent is about to run a risky tool
- you want a simple undo point before an experiment

## Mounts

A **mount** exposes a vault or fork as a real directory.

That matters because most developer tools expect:

- normal paths
- normal current working directories
- normal file APIs

Mounts are therefore the bridge between the virtual workspace and ordinary CLI tools.

## Proxy Boundary

The main architectural direction is a **proxy boundary** between the agent and shell execution.

```text
agent -> proxy boundary -> mounted forked workspace -> cli tools
```

The proxy boundary should own:

- top-level command policy
- fork selection
- checkpoint creation
- mount lifecycle
- execution
- audit and change summaries

## Top-Level Command Control

The boundary is intentionally cheap. It should govern the command the agent requested, not every subprocess or syscall underneath it.

That means:

- good at mediating shell work at low cost
- not a deep process sandbox

This is a deliberate trade-off.

## Durable vs Task State

Think in two layers:

- **durable state**
  - vault roots
- **task state**
  - forks and checkpoints

This lets you keep a stable project root while giving each agent task an isolated working area with rollback.

## Recommended Mental Model

1. Create a durable vault for the project.
2. Fork it for a task.
3. Checkpoint before risky work.
4. Mount the fork for tool compatibility.
5. Run the task through the proxy boundary.
6. Inspect, keep, or discard the fork.

## Related Guides

- [Quick Start](quickstart.md)
- [Vault Management](../user-guide/vaults.md)
- [Agent Integration](../advanced/agent-integration.md)
- [Proxy Boundary](../advanced/proxy-boundary.md)