Expand description
On-disk state for wire.
Layout:
$XDG_CONFIG_HOME/wire/ (defaults to ~/.config/wire/)
- private.key — 32-byte raw Ed25519 seed (mode 0600)
- agent-card.json — signed self-card (mode 0644, public)
- trust.json — pinned peers + tiers
- config.toml — relay URL, body cap, etc. (created lazily)
$XDG_STATE_HOME/wire/ (defaults to ~/.local/state/wire/)
- inbox/<peer>.jsonl — verified inbound events
- outbox/<peer>.jsonl — agent-appended outbound events (daemon flushes)
- spool/ — daemon-internal staging
All paths are configurable via WIRE_HOME env var (overrides both dirs to
$WIRE_HOME/{config,state}/). Used by the test harness to keep tests
isolated from the operator’s real config.
Structs§
- Display
Overrides - Pending
Push PerPeer - Per-peer breakdown of queued-but-not-pushed events. Populates
the new
daemon.pending_push_breakdownfield inwire statusand the human-readable expansion of the “pending push:” line.
Functions§
- add_
membership - Append an org membership the operator holds (org_did / org_pubkey / member_cert) for card-emit to attach. Replaces any existing entry for the same org_did (re-issued certs supersede).
- agent_
card_ path - append_
outbox_ record - append_
pushed_ log - Append a single JSONL record to the outbox for
peer, holding the per-path mutex to keep concurrent appenders from interleaving lines. - append_
succession_ record - Append a key-rotation succession record (RFC-001 §T19/§T20 audit trail).
Append-only JSONL at
config/wire/succession.jsonl; one line per rotation carrying theold_did → new_didhandoff + the bridging cert. - compute_
pending_ push_ breakdown - compute_
pending_ push_ count - Total queued-but-not-yet-pushed events across all peers. Walks
each per-peer outbox file, counts event_ids missing from the
per-peer pushed log. Cheap (one disk read per peer) and bounded by
trust.agents. - config_
dir - Root configuration directory. Honors
WIRE_HOMEfor testing. - config_
toml_ path - display_
overrides_ path - Path to
display.json— operator-chosen character nickname + emoji override. Sidecar to agent-card. NOT signed (display-only, local-only). - ensure_
dirs - Create directory tree with restrictive permissions on the config dir.
- inbox_
dir - is_
initialized - Whether
wire inithas already been run (private key + card both present). - memberships_
path - op_
key_ path - op_
meta_ path - org_
key_ path - outbox_
dir - private_
key_ path - read_
agent_ card - read_
display_ overrides - read_
display_ overrides_ at - read_
memberships - Read the operator’s stored org memberships (empty if none/malformed).
- read_
op_ handle - read_
op_ key - read_
org_ key - read_
private_ key - Read the saved private key seed (32 bytes).
- read_
pushed_ event_ ids - Read the set of event_ids already recorded as pushed for
peer. Cheap (single file read + parse); callers that need bulk lifecycle data should read the file directly. Returns an empty set on missing/unreadable file. - read_
relay_ state - read_
stream_ state - Read
$WIRE_HOME/state/wire/stream_state.jsonwritten by the daemon’s SSE subscriber.Value::Nullwhen the file is absent or unreadable — callers should treat that as “stream subscriber hasn’t reported in yet” (cold start, or daemon predates #168). - read_
trust - relay_
state_ path - Path to
relay.json— holds our own slot binding and pinned peer slots. Contains slot-tokens, so always written mode 0600. - stale_
sync - True when no sync has happened within the freshness window. None (= never synced here) is treated as stale. Shared between MCP + CLI so the boolean flips at the same moment in both surfaces.
- state_
dir - Root state directory (rotating data — inbox/outbox/spool).
- succession_
log_ path - trust_
path - update_
relay_ state - Atomic read-modify-write against
relay.json. Holds an exclusivefs2::FileExt::lock_exclusivefor the whole transaction so concurrentwireprocesses (multiple daemons, CLI vs daemon, CLI vs MCP) cannot race the cursor or peer-pin entries. - write_
agent_ card - write_
display_ overrides - write_
op_ handle - Persist the operator handle chosen at
wire enroll op. The op_did derives from handle + op key; card-emit re-derives it at card-build time. - write_
op_ key - write_
org_ key - write_
private_ key - Write a private key file with mode 0600.
- write_
relay_ state - Atomic, lock-serialized write of the full relay-state. Every direct caller
(foreground
wire dial, the background daemon, MCP) funnels through here, so a foreground write can neither TEAR nor lost-update against the daemon. Holds the samerelay.lockflock asupdate_relay_stateand writes via tmp+rename. - write_
trust