Roost

A roost is the per-host process that accepts dispatches from the gateway and runs the agent’s CLI under a configured isolation class. You run one roost per machine; the gateway sees each as a node.

Lifecycle

Enroll

The roost boots, generates an Ed25519 keypair, and posts a join token to the gateway’s /v1/enroll. The gateway signs an enrollment receipt that encodes role + capabilities + isolation classes.

Heartbeat

The roost reports liveness over the configured transport.

Dispatch

The gateway picks the roost, hands it a signed grant, and the roost spawns the agent under the requested isolation class.

Stream

Output streams back over SSE; the roost journals the run; on exit, the grant is rotated.

Isolation

Process / Jail / MicroVM. The roost picks the strongest the host supports and fails closed if the floor isn’t met. See isolation classes.

DriverA thin trait that turns any CLI into a Flocks runtime.

Lifecycle
Isolation

Get started

Install

Concepts

Architecture

Modes

Drivers

Connect (desktop)

Security

Contributing

Lifecycle

Isolation

Get started

Install

Concepts

Architecture

Modes

Drivers

Connect (desktop)

Security

Contributing

​Lifecycle

​Isolation

Lifecycle

Isolation