Skip to content

arch: add baudbot attach and sessions commands#34

Merged
benvinegar merged 3 commits into
mainfrom
benvinegar/attach-sessions
Feb 17, 2026
Merged

arch: add baudbot attach and sessions commands#34
benvinegar merged 3 commits into
mainfrom
benvinegar/attach-sessions

Conversation

@benvinegar
Copy link
Copy Markdown
Member

@benvinegar benvinegar commented Feb 17, 2026

New commands

baudbot sessions

Lists all tmux and pi sessions running under baudbot_agent:

$ sudo baudbot sessions
tmux sessions:
  slack-bridge: 1 windows (created ...)
  baudbot: 1 windows (created ...)

pi sessions:
  control-agent (a1b2c3d4-...) [running]
  dev-agent (e5f6g7h8-...) [stopped]

baudbot attach [name]

Attaches to a tmux session under the agent user. Defaults to the first available session.

$ sudo baudbot attach              # attach to first session
$ sudo baudbot attach slack-bridge # attach to specific session

Prints detach instructions (Ctrl+b, d) before attaching.

@benvinegar
arch: add baudbot attach and sessions commands
5113760 
baudbot sessions — lists all tmux sessions and pi agent sessions
under the baudbot_agent user, with running/stopped status.

baudbot attach [name] — attaches to a tmux session. Defaults to the
first available session if no name given. Useful for inspecting the
slack-bridge or agent output.
@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented Feb 17, 2026

Greptile Summary

This PR adds two new operator-facing subcommands to the bin/baudbot CLI dispatcher: baudbot sessions (lists active tmux and pi sessions for the baudbot_agent user) and baudbot attach [name] (attaches the caller's terminal to a named or auto-selected tmux session). Both commands follow the existing pattern of delegating to sudo -u baudbot_agent but have a few issues that should be addressed before merging.

Key findings:

  • Missing require_root guard (logic): Both sessions and attach invoke sudo -u baudbot_agent without first calling require_root, unlike every other privileged command in this file (start, stop, restart, setup, deploy, update, uninstall). Without root, the sudo calls will fail silently (the tmux ls errors are suppressed with 2>/dev/null) or prompt interactively, producing confusing output. The PR description itself shows both commands being run with sudo, so the intent is root-required — that just needs to be enforced in code.
  • Inaccurate usage text (syntax): The help text at line 51 describes the attach default as control-agent, but the implementation selects the first available tmux session via tmux ls | head -1, which can be any session (e.g. slack-bridge or baudbot).
  • False-positive "running" status for pi sessions (style): The sessions command marks a pi session as running if control.sock exists, regardless of whether the socket is connectable. A crashed pi process can leave a stale socket, causing incorrect status reporting. The pid-based check below correctly uses kill -0; the socket check should be similarly validated.

Confidence Score: 3/5

  • Safe to merge after fixing the missing require_root guards in both new commands; other issues are minor.
  • The two new commands are self-contained additions that do not touch security-critical paths. However, omitting require_root from commands that rely on sudo -u baudbot_agent is an inconsistency that causes silent failure or confusing UX for non-root callers and deviates from the established pattern in this very file. The usage text inaccuracy is a minor doc bug. The stale-socket liveness issue is cosmetic for an operator tool. None of these are security vulnerabilities given the operational context.
  • bin/baudbot — both new case blocks need require_root added and the usage string corrected

Important Files Changed

Filename Overview
bin/baudbot Adds sessions and attach subcommands. Both commands use sudo -u baudbot_agent but omit the require_root guard present in all other privileged commands, causing silent failures for non-root callers. The attach usage text incorrectly states the default is "control-agent" when the code defaults to the first available session. Additionally, the sessions command's liveness check for pi sessions relies on socket file existence without verifying the socket is connectable.

Sequence Diagram

sequenceDiagram
    participant Admin as Admin User (root)
    participant Baudbot as bin/baudbot
    participant Tmux as tmux (baudbot_agent)
    participant PiFS as ~/.pi/agent/sessions/

    Note over Admin,PiFS: baudbot sessions
    Admin->>Baudbot: sudo baudbot sessions
    Baudbot->>Tmux: sudo -u baudbot_agent tmux ls
    Tmux-->>Baudbot: session list (or empty)
    Baudbot->>PiFS: stat ~/.pi/agent/sessions/*/
    PiFS-->>Baudbot: sess_dir entries
    loop each session dir
        Baudbot->>PiFS: check control.sock / pid file
        PiFS-->>Baudbot: status = running / stopped
        Baudbot->>PiFS: read name file
        PiFS-->>Baudbot: session name
    end
    Baudbot-->>Admin: formatted session list

    Note over Admin,Tmux: baudbot attach [name]
    Admin->>Baudbot: sudo baudbot attach [name]
    alt no name given
        Baudbot->>Tmux: sudo -u baudbot_agent tmux ls -F #{session_name}
        Tmux-->>Baudbot: first session name
    end
    Baudbot-->>Admin: print attach instructions
    Baudbot->>Tmux: exec sudo -u baudbot_agent tmux attach-session -t TARGET
    Tmux-->>Admin: interactive tmux session
Loading

Last reviewed commit: 5113760

greptile-apps[bot]
greptile-apps Bot reviewed Feb 17, 2026
View reviewed changes
Copy link
Copy Markdown

@greptile-apps greptile-apps Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, 3 comments

Edit Code Review Agent Settings | Greptile

Comment thread bin/baudbot
Comment thread bin/baudbot Outdated
Comment thread bin/baudbot Outdated
sentry[bot]
sentry Bot reviewed Feb 17, 2026
View reviewed changes
Comment thread bin/baudbot
@benvinegar
arch: address PR review — require_root, help text, stale socket
ca6ad3b 
- Add require_root guard to both sessions and attach commands
- Fix help text: 'default: first available' not 'control-agent'
- Fix stale socket false-positive: prefer pid file for liveness,
  fall back to socat socket probe, label stale sockets clearly
sentry[bot]
sentry Bot reviewed Feb 17, 2026
View reviewed changes
Comment thread bin/baudbot Outdated
@benvinegar
arch: fix pi sessions to use session-control dir, not history logs
b029f2a 
The sessions command was looking in ~/.pi/agent/sessions/ (history
logs as .jsonl files) and checking for pid/name files that pi doesn't
create. All sessions would report as 'stopped'.

Now reads ~/.pi/session-control/*.sock (where pi actually puts live
control sockets). Resolves alias symlinks to show session names.
Liveness check tries socat, falls back to python3 socket connect.
@benvinegar benvinegar merged commit 8f27ed1 into main Feb 17, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@benvinegar