Expand description
Process execution for the commands capability.
One-shot: run_oneshot spawns, bounds wall-clock and output, kills
the whole process group on timeout, and shapes stdout per the
declared CommandOutput mode.
Persistent: SessionProcs keeps long-running children (a dev
server, a watcher) alive across VM rebuilds. It lives in the durable
session tier, so Drop (idle-TTL reap / explicit close / shutdown)
SIGKILLs every process group — a session can never leak a server.
Every child is its own process group (setsid in pre_exec) so a
shell pipeline dies whole, not just its leader. The environment is
scrubbed to PATH plus the spec’s declared passthrough names — a
command never inherits ambient server secrets.
Structs§
- Session
Procs - Per-session persistent-process registry. Owned by the durable
session tier;
Dropkills every process group.
Functions§
- run_
oneshot - Run a one-shot command to completion. Errors on non-zero exit (message carries stderr), timeout, or output past the cap.