Process Runtime

Manage long-lived remote processes with the agent-native runtime.

The agent-native process runtime lets you spawn, attach to, and manage long-lived remote processes directly on target hosts. Unlike SSH-based nefia exec (which runs one-shot commands), the process runtime provides persistent process handles that survive operator disconnects and support interactive features like PTY allocation and stdin piping.

When to Use the Process Runtime

Scenario	Use
One-shot command (e.g., `uptime`, `df -h`)	`nefia exec`
Long-running build or deployment script	`nefia proc spawn --detach`
Interactive terminal session (TUI apps, editors)	`nefia proc spawn --tty`
Reattach after disconnection	`nefia proc attach --follow`
Scripted stdin interaction (e.g., database prompts)	`nefia proc stdin`

Prerequisites

The process runtime requires nefia-agent with runtime support enabled. The runtime server listens on port 7222 (TCP) on the VPN-local address and is only reachable through the WireGuard tunnel.

CLI Usage

All nefia proc commands require either --host or --session to identify the target.

Spawning a Process

bash

# Run a long build in the background
nefia proc spawn --host build-server --detach -- make -j8 all
 
# Spawn with PTY for interactive use
nefia proc spawn --host dev-box --tty -- bash -l
 
# Set working directory and environment
nefia proc spawn --host web-1 --cwd /var/www/app --detach -- npm run build

Flags:

Flag	Default	Description
`--detach`	`true`	Keep process metadata queryable after spawn returns
`--tty`	`false`	Allocate a PTY (merges stdout/stderr into terminal stream)
`--rows`	`24`	Initial terminal rows (when `--tty`)
`--cols`	`80`	Initial terminal columns (when `--tty`)
`--cwd`	—	Working directory override
`--shell`	—	Shell executable override
`--timeout`	—	Process timeout (e.g., `30m`, `2h`)
`--stdin`	—	Initial stdin content

Listing Processes

bash

# List all processes on a host
nefia proc list --host build-server
 
# Filter by state
nefia proc list --host build-server --state running

Output shows process ID, PID, state, control mode, TTY flag, and command.

Inspecting a Process

bash

nefia proc inspect --host build-server proc_01H...

Returns full metadata including buffered stdout/stderr (last 256 KB per stream), exit code, and timing information.

Attaching to Output

bash

# Read current buffered output
nefia proc attach --host build-server proc_01H...
 
# Follow output in real-time until process exits
nefia proc attach --host build-server --follow proc_01H...
 
# Follow with a timeout
nefia proc attach --host build-server --follow --wait 5m proc_01H...

Sending Input

bash

# Write data to stdin
nefia proc stdin --host dev-box proc_01H... --data "yes\n"
 
# Close stdin (signals EOF to the process)
nefia proc stdin --host dev-box proc_01H... --close

Sending Signals

bash

# Graceful termination
nefia proc signal --host build-server proc_01H... --signal term
 
# Force kill
nefia proc signal --host build-server proc_01H... --signal kill

Supported signals: term, kill, int, hup (Unix); term, kill, int, break (Windows). On Windows, int/break use a 3-stage fallback: CTRL_BREAK_EVENT via console attach, then \x03 to stdin, then error. For ConPTY processes, \x03 is translated to CTRL_C_EVENT natively.

Waiting for Completion

bash

# Block until the process exits
nefia proc wait --host build-server proc_01H...
 
# Wait with timeout
nefia proc wait --host build-server --timeout 10m proc_01H...

Resizing TTY

bash

nefia proc resize --host dev-box proc_01H... --rows 50 --cols 120

Deleting Process Metadata

bash

nefia proc delete --host build-server proc_01H...

Removes metadata for an exited process. Running processes cannot be deleted.

MCP Tools

The process runtime exposes 9 MCP tools for AI agent integration:

Tool	Description
`nefia.proc.spawn`	Spawn a managed process on a target host
`nefia.proc.list`	List managed processes with state and control mode
`nefia.proc.inspect`	Inspect process metadata and buffered output
`nefia.proc.attach`	Read incremental output, optionally following until exit
`nefia.proc.stdin`	Write data to a process's stdin pipe
`nefia.proc.signal`	Send a signal (`term`, `kill`, `int`, `hup`)
`nefia.proc.resize`	Resize a TTY-backed process terminal
`nefia.proc.wait`	Wait for process exit and return final output
`nefia.proc.delete`	Delete exited process metadata

AI Agent Workflow Example

Spawn a long-running build:

json

{
  "tool": "nefia.proc.spawn",
  "arguments": {
    "host_id": "build-server",
    "command": "make -j8 release",
    "cwd": "/home/deploy/app",
    "detach": true
  }
}

Response: { "process": { "process_id": "proc_01H...", "pid": 12345, "state": "running" } }

Periodically check progress:

json

{
  "tool": "nefia.proc.attach",
  "arguments": {
    "host_id": "build-server",
    "process_id": "proc_01H...",
    "stdout_offset": 0
  }
}

Wait for completion:

json

{
  "tool": "nefia.proc.wait",
  "arguments": {
    "host_id": "build-server",
    "process_id": "proc_01H..."
  }
}

Clean up:

json

{
  "tool": "nefia.proc.delete",
  "arguments": {
    "host_id": "build-server",
    "process_id": "proc_01H..."
  }
}

Process States

Each process transitions through these states:

State	Description
`starting`	Process is initializing
`running`	Process is executing
`exited`	Process exited normally (check `exit_code`)
`failed`	Process lost control (e.g., after agent restart with PID gone)
`killed`	Process was terminated by a signal

Control Modes

After an agent restart, processes may transition to a reduced control mode:

Mode	Available Operations	When
`live`	All (stdin, signal, resize, wait)	Freshly spawned process
`pid`	Signal, wait only	Restored after agent restart (process still running)
`metadata`	Inspect only	Process has exited

Output Buffering

The runtime retains the last 256 KB of stdout and stderr per process in a ring buffer. When the buffer overflows, older data is dropped and the dropped_bytes field in attach responses indicates how much was lost.

Use offset-based reading to avoid re-reading data:

json

{
  "tool": "nefia.proc.attach",
  "arguments": {
    "host_id": "build-server",
    "process_id": "proc_01H...",
    "stdout_offset": 65536,
    "stderr_offset": 0
  }
}

For TTY-backed processes, stdout contains the merged terminal stream and stderr is empty.

Spool File Caps

Process output is written to spool files on disk (separate from the in-memory ring buffer). The max_spool_bytes parameter limits spool growth per stream:

Value	Behavior
Omitted / `0`	Use agent default (1 GiB)
`-1`	Unlimited
`> 0`	Use specified value

When a spool file exceeds the cap, the runtime compacts it by keeping the most recent 75% of data. Compaction is best-effort — the file may briefly exceed the limit between writes.

Resource Limits

Spawned processes can be constrained with OS-level resource limits via the limits parameter on proc.spawn. Limits are enforced using setrlimit on Unix and Job Objects on Windows.

Limit	Unix	Windows	Default
`max_memory_bytes`	`RLIMIT_AS`	Job Object memory	No limit
`max_cpu_seconds`	`RLIMIT_CPU`	Job Object CPU time	No limit
`max_open_files`	`RLIMIT_NOFILE`	Not enforced	65536
`max_processes`	`RLIMIT_NPROC` (Linux only)	Job Object process count	4096

Merge semantics: 0 = use agent default, -1 = explicitly unlimited (overrides agent default), > 0 = use specified value.

bash

# CLI: resource limits are configured at the agent level
# MCP: per-spawn override via the limits parameter

json

{
  "tool": "nefia.proc.spawn",
  "arguments": {
    "host_id": "build-server",
    "command": "make -j8",
    "limits": {
      "max_memory_bytes": 1073741824,
      "max_cpu_seconds": 300
    },
    "max_spool_bytes": 536870912
  }
}

Process Retention

Exited process metadata is retained for 24 hours by default. After the retention window, the garbage collector removes the process and its buffered output. Running processes are never garbage collected.

Security

Network isolation — The runtime listener binds only to the VPN-local address. It is never reachable from LAN or public networks.
HMAC-SHA256 authentication — Each connection performs a nonce-based handshake using a shared key derived from the VPN trust relationship.
Policy enforcement — proc.spawn, proc.stdin, proc.signal, and proc.delete are subject to the operator-side policy engine. Role-based rules can allow proc.list but deny proc.spawn.
Audit logging — All process operations (proc_spawn, proc_attach, proc_stdin, proc_signal, proc_wait, proc_exit) are recorded in the append-only audit log.
Approval workflow — When MCP approval is enabled, proc.spawn, proc.stdin, proc.signal, proc.resize, and proc.delete require human approval.

Remote Execution

One-shot command execution with nefia exec.

MCP Integration

Connect AI agents to the process runtime via MCP tools.

Agent Reference

Agent configuration including runtime server settings.

Agent Patterns

Best practices for AI agents using process runtime tools.