An open API service indexing awesome lists of open source software.

https://github.com/opencoven/coven

Local harness substrate for project-scoped agent sessions.
https://github.com/opencoven/coven

ai-agents anthropic claude-code codex harness harness-agnostic harness-engineering harness-framework meta-harness model-agnostic openai openclaw opencoven substrate substrate-runtime

Last synced: 3 days ago
JSON representation

Local harness substrate for project-scoped agent sessions.

Awesome Lists containing this project

README

          


OpenCoven logo

# Coven

**Local harness substrate for project-scoped agent sessions**

Run Codex, Claude Code, and future coding harnesses inside explicit local project boundaries.
Launch, observe, attach, and coordinate agent work through one neutral runtime substrate.

[![MIT License](https://img.shields.io/badge/license-MIT-9A8ECD?style=flat-square)](LICENSE)
[![Platform](https://img.shields.io/badge/platform-macOS%20%7C%20Linux-9A8ECD?style=flat-square)](#requirements)
[![npm](https://img.shields.io/badge/npm-%40opencoven%2Fcli-9A8ECD?style=flat-square)](https://www.npmjs.com/package/@opencoven/cli)
[![Built with Rust](https://img.shields.io/badge/built%20with-Rust-9A8ECD?style=flat-square)](https://www.rust-lang.org/)

| 🌐 **Ecosystem** | πŸ’¬ **Community** | πŸ› οΈ **Development** |
| :---------------------------------------------------- | :------------------------------------------ | :------------------------------------------------------------- |
| [**Website**](https://opencoven.ai/) | [**Discord**](https://discord.gg/opencoven) | [**GitHub Issues**](https://github.com/OpenCoven/coven/issues) |
| [**Documentation**](https://docs.opencoven.ai/) | [**X (\@OpenCvn)**](https://x.com/OpenCvn) | [**Public Roadmap**](docs/ROADMAP.md) |
| [**Submit Feedback**](https://feedback.opencoven.ai/) | | [**Contributing**](CONTRIBUTING.md) |

---

> **⚠️ Early MVP** β€” Coven is a local-first runtime in active development. It is usable by adventurous developers on macOS and Linux. The npm package is live. Expect rough edges.
>
> **External PRs are open** β€” Start from an issue for larger changes, keep PRs scoped, and include the readiness packet requested by the PR template.

---

## Table of Contents

- [What is Coven?](#what-is-coven)
- [Why Coven?](#why-coven)
- [Features](#features)
- [Requirements](#requirements)
- [Install](#install)
- [Quick Start](#quick-start)
- [Commands Reference](#commands-reference)
- [Local API](#local-api)
- [Architecture](#architecture)
- [Repository Structure](#repository-structure)
- [Configuration](#configuration)
- [OpenCoven Integrations](#opencoven-integrations)
- [Documentation](#documentation)
- [FAQ](#faq)
- [Troubleshooting](#troubleshooting)
- [Contributing](#contributing)
- [Code of Conduct](#code-of-conduct)
- [Roadmap](#roadmap)
- [Security](#security)
- [License](#license)
- [Community & Support](#community--support)

---

## What is Coven?

Coven is the local harness substrate for the [OpenCoven](https://github.com/OpenCoven) ecosystem. It gives coding-agent CLIs like [Codex](https://github.com/openai/codex) and [Claude Code](https://docs.anthropic.com/en/docs/claude-code) a shared room where project work can happen visibly and safely.

> **One project. Any harness. Visible work.**

Coven doesn't replace your coding agent, your UI, or other clients. It acts as a neutral runtime layer:

- **You choose the harness** β€” Codex, Claude Code, or future adapters.
- **Coven owns the session** β€” project-scoped boundaries, PTY execution, event logging, SQLite persistence.
- **Clients present the work** β€” CastCodes, the CLI/TUI, comux, or your own integration over the local socket API.

The Rust daemon is the authority boundary. All clients β€” including the CLI itself β€” are convenience layers. Security decisions flow inward to the daemon, never outward to clients.

---

## Why Coven?

| Without Coven | With Coven |
| --------------------------------------------------- | ----------------------------------------------------------- |
| Run `codex` directly; no persistent session history | Every run creates a session record with metadata and events |
| No project boundary enforcement | Agent is locked to an explicit project root; cannot escape |
| Lose track of agent work when the terminal closes | Sessions persist across daemon restarts via SQLite |
| Manually juggle multiple harness CLIs | One unified `coven run` entry point for all harnesses |
| No API for clients to consume agent sessions | Versioned `coven.daemon.v1` socket API for all clients |
| No standard way to observe or replay past work | `coven sessions` browser with Rejoin, View Log, and Archive |

---

## Features

- **🏠 Project-root boundaries** β€” Every launch is tied to an explicit repository or project root. The daemon rejects working directories that escape the declared boundary.
- **πŸ”Œ Harness-neutral runtime** β€” v0 focuses on Codex and Claude Code with a clean adapter path for future harnesses (Hermes, Aider, Gemini, and user-defined CLIs).
- **πŸ–₯️ Interactive session browser** β€” Live and completed work can be selected, rejoined, viewed, archived, restored, or sacrificed without memorizing IDs.
- **πŸ“‘ Attachable PTY sessions** β€” Live sessions can be replayed or followed from explicit CLI verbs.
- **πŸ”Œ Local daemon API** β€” CastCodes, comux, and the OpenClaw plugin coordinate through one versioned socket contract (`coven.daemon.v1`).
- **πŸ—„οΈ SQLite-backed history** β€” Session metadata and event logs survive daemon restarts.
- **πŸ¦€ Rust authority layer** β€” Launch, cwd, input, kill, and path-sensitive requests are revalidated in Rust. Clients are never the trust boundary.
- **πŸ”’ External OpenClaw bridge** β€” `@opencoven/coven` is an opt-in plugin; OpenClaw core does not include Coven code.
- **πŸ“¦ @opencoven namespace** β€” CLI wrapper packages live under `@opencoven/*`; the user-facing command is always `coven`.
- **🩺 System diagnostics** β€” `coven pc` (macOS-first) surfaces CPU, memory, disk, and process health without launching a harness.

---

## Requirements

| Requirement | Notes |
| ---------------------------- | --------------------------------------------------------------------------- |
| **Rust stable toolchain** | Required only when building from source |
| **Git** | Required |
| **macOS, Linux, or Windows x64** | Native npm packages are published for all three platforms |
| **Node.js 18+** | Required only for npm wrapper or package/plugin development |
| **At least one harness CLI** | Codex and/or Claude Code (see below) |

### Installing harness CLIs

Run `coven doctor` first β€” it prints specific install hints for any missing harness.

**Codex (OpenAI):**

```bash
npm install -g @openai/codex
# or: brew install --cask codex
codex login
```

**Claude Code (Anthropic):**

```bash
npm install -g @anthropic-ai/claude-code
claude doctor
```

After installing and authenticating, run `coven doctor` again to confirm the harness is detected. If `doctor` still reports missing, ensure the harness binary is on your `PATH`.

---

## Install

Coven is available as an npm wrapper for the fastest install, or you can build from source.

### npm (recommended)

Install globally:

```bash
npm install -g @opencoven/cli
coven doctor
```

**Available npm packages:**

| Package | Platform |
| -------------------------- | ---------------------------------------------- |
| `@opencoven/cli` | Universal wrapper β€” auto-selects your platform |
| `@opencoven/cli-macos` | macOS Apple Silicon |
| `@opencoven/cli-linux-x64` | Linux x64 |
| `@opencoven/cli-windows` | Windows x64 |

### Build from source (recommended for contributors)

```bash
git clone https://github.com/OpenCoven/coven.git
cd coven
cargo build --workspace
cargo run -p coven-cli -- doctor
```

> **Note:** Building from source requires Rust stable. See [Requirements](#requirements).

---

## Quick Start

### Option A β€” Interactive menu (recommended for new users)

```bash
cd /path/to/your/project
coven
# or explicitly:
coven tui
```

The menu opens with a **Start here** guide, checks your local setup, and shows the safest first command to try. Type a task directly (e.g., `fix the failing tests`) or use slash commands like `/run codex fix the failing tests`. Press `h` or type `/help` for examples.

### Option B β€” Direct commands

```bash
cd /path/to/your/project

# 1. Verify setup
coven doctor

# 2. Start the daemon
coven daemon start

# 3. Launch a session
coven run codex "fix the failing tests"
# or with Claude Code:
coven run claude "polish this UI"

# 4. Browse and manage sessions
coven sessions

# 5. Stop the daemon when done
coven daemon stop
```

### Option C β€” OpenClaw rescue loop

If OpenClaw breaks, Coven provides a predictable repair room:

```bash
coven patch openclaw
```

Choose a repo, choose a harness, get a verified patch.

---

## Commands Reference

### Core commands

| Command | Action |
| -------------- | ----------------------------------------------------- |
| `coven` | Open the beginner-friendly interactive menu |
| `coven tui` | Explicitly open the slash-command TUI |
| `coven doctor` | Detect supported harness CLIs and print install hints |

### Daemon lifecycle

| Command | Action |
| ---------------------- | ---------------------------------------------- |
| `coven daemon start` | Start the local Coven daemon |
| `coven daemon status` | Show daemon health, PID, and socket path |
| `coven daemon restart` | Restart the local daemon and rebind the socket |
| `coven daemon stop` | Stop the local daemon |

### Session management

| Command | Action |
| ---------------------------------------------- | ---------------------------------------------------------------- |
| `coven run ` | Launch a project-scoped harness session |
| `coven run --cwd ` | Launch from a cwd inside the project root |
| `coven run --title ` | Set a readable session title |
| `coven run --model ` | Forward a model override to the harness |
| `coven run --think` | Request deeper reasoning when the harness supports it |
| `coven run --speed ` | Set a latency/reasoning hint: `fast`, `balanced`, or `thorough` |
| `coven run --continue` | Resume the latest active session for this project |
| `coven run --continue ` | Resume a specific session by id |
| `coven run --detach` | Create the session record without launching the harness |
| `coven run --labels ` | Attach comma-separated labels to the session |
| `coven run --visibility `| Set visibility: `private` (default), `workspace`, or `shared` |
| `coven run --archive` | Auto-archive the session when the run completes |
| `coven run --familiar ` | Inject a familiar identity preamble (e.g. `--familiar charm`) |
| `coven run --stream-json` | Emit JSONL events on stdout (for tooling/piping) |
| `coven run claude

--stream-json --stream-json-input` | Also read JSONL user messages from stdin |
| `coven sessions` | Open the session browser in a terminal; print a table when piped |
| `coven sessions --all` | Browse active and archived sessions; print all when piped |
| `coven sessions --manage` | Force the interactive session browser |
| `coven sessions --plain` | Force plain table output for scripts or copying |
| `coven sessions --json` | Output sessions as JSON |
| `coven sessions --json --all` | Output all sessions (including archived) as JSON |
| `coven attach ` | Replay/follow session output and forward input |
| `coven summon ` | Restore an archived session, then replay/follow it |
| `coven archive ` | Hide a non-running session while preserving its events |
| `coven sacrifice --yes` | Permanently delete a non-running session and its events |

> **Session rituals are intentionally explicit.** Archive is reversible and keeps the full event ledger. Summon brings an archived session back. Sacrifice is destructive, refuses live sessions, and requires `--yes` so beginners don't delete work by accident.

| Ritual | Reversible? | Works on | Description |
| ------------- | ----------- | -------------------- | ------------------------------------------------------------ |
| **Archive** | βœ… Yes | Non-running sessions | Hides from active list; all events preserved |
| **Summon** | N/A | Archived sessions | Restores to active list |
| **Sacrifice** | ❌ No | Non-running sessions | Permanently deletes session and all events; requires `--yes` |
| **Rejoin** | N/A | Live sessions | Reattaches to running session |

### System diagnostics (`coven pc`, macOS-first)

| Command | Action |
| -------------------------------- | --------------------------------------------------------------------- |
| `coven pc` | Full system report: CPU, memory, disk, top processes |
| `coven pc status` | One-line health summary with 🟒/🟑/πŸ”΄ indicators |
| `coven pc status --json` | Machine-readable health summary |
| `coven pc top --n 10` | Top-N processes by CPU usage |
| `coven pc disk` | Disk usage breakdown |
| `coven pc kill --confirm` | SIGTERM with PID identity re-check (requires `--confirm`) |
| `coven pc cache clear --confirm` | Clear `~/Library/Caches` and `/Library/Caches` (requires `--confirm`) |

> All read operations are side-effect-free. Write operations (kill, cache clear) require `--confirm` and cannot be bypassed. Termination is SIGTERM only β€” no SIGKILL.

### Other

| Command | Action |
| ---------------------- | ------------------------------------------------------- |
| `coven patch openclaw` | Open the OpenClaw repair rescue loop |
| `coven logs prune` | Manually prune session logs and raw encrypted artifacts |

---

## Local API

The daemon exposes a versioned HTTP API over a Unix socket. The current public contract is `coven.daemon.v1` (prefix: `/api/v1`).

### Endpoint reference

| Endpoint | Method | Purpose |
| ---------------------------------------- | ------ | ----------------------------------------------------------- |
| `/api/v1/health` | `GET` | Daemon health, API version, and capability catalog |
| `/api/v1/api-version` | `GET` | Active and supported API versions |
| `/api/v1/capabilities` | `GET` | Machine-readable capability catalog for clients |
| `/api/v1/sessions` | `GET` | List sessions |
| `/api/v1/sessions` | `POST` | Launch a session |
| `/api/v1/sessions/:id` | `GET` | Fetch one session |
| `/api/v1/events` | `GET` | Read session events (supports `afterSeq` cursor pagination) |
| `/api/v1/sessions/:id/events` | `GET` | Session-scoped events alias |
| `/api/v1/sessions/:id/log` | `GET` | Redacted log preview for a session |
| `/api/v1/sessions/:id/input` | `POST` | Forward input to a live session |
| `/api/v1/sessions/:id/kill` | `POST` | Kill a live session |
| `/api/v1/actions` | `POST` | Route a control-plane action (advanced clients) |
| `/api/v1/travel/profiles` | `POST` | Generate a read-only travel profile for offline laptop work |
| `/api/v1/travel/deltas` | `POST` | Upload offline travel results for hub reconciliation |
| `/api/v1/travel/state` | `GET` | Read hub/travel handoff state for a client |
| `/api/v1/scheduler/decisions` | `POST` | Choose a node for a multi-host job |
| `/api/v1/scheduler/decisions/:id` | `GET` | Fetch a persisted scheduler decision |
| `/api/v1/scheduler/redispatch` | `POST` | Redispatch or pause a loop after executor failure |
| `/api/v1/scheduler/loops/:loopId` | `GET` | Recover persisted scheduler loop state |

### Recommended client handshake

All API clients should start with a health negotiation:

```bash
# Example: health check via Unix socket
curl --unix-socket ~/.coven/coven.sock http://localhost/api/v1/health
```

Example response:

```json
{
"ok": true,
"apiVersion": "coven.daemon.v1",
"covenVersion": "0.0.10",
"capabilities": {
"sessions": true,
"events": true,
"travel": true,
"scheduler": true,
"eventCursor": "sequence",
"structuredErrors": true
},
"daemon": {
"pid": 12345,
"startedAt": "2026-05-09T06:43:00Z",
"socket": "/Users/alice/.coven/coven.sock"
}
}
```

**Before depending on any other endpoint:**

1. Call `GET /api/v1/health`
2. Verify `apiVersion === "coven.daemon.v1"` and `capabilities.structuredErrors === true`
3. Check `capabilities.eventCursor === "sequence"` before using `afterSeq` pagination
4. Only then depend on the documented `v1` sessions/events shapes

All API errors use a structured envelope. Branch on `error.code`, never on `error.message`:

```json
{
"error": {
"code": "session_not_found",
"message": "Session was not found.",
"details": { "sessionId": "abc-123" }
}
}
```

Treat the socket API as the product contract. Clients may validate for better UX, but the Rust daemon remains the authority boundary. See [`docs/API-CONTRACT.md`](docs/API-CONTRACT.md) for the full versioned contract including error codes, cursor pagination, session shapes, and compatibility rules.

---

## Architecture

### Runtime topology

Coven is a local-first harness substrate. The Rust daemon is the authority boundary. All clients β€” including the CLI/TUI β€” are untrusted for enforcement purposes.

```
Developer
β”‚
β”œβ”€β”€ CastCodes workspace ─────────────────────┐
β”œβ”€β”€ coven CLI / TUI ────────────────────────── HTTP over Unix socket
β”œβ”€β”€ comux (legacy/reference) ───────────────── ~/.coven/coven.sock
└── @opencoven/coven (OpenClaw plugin) β”€β”€β”€β”€β”€β”€β”€β”˜
β”‚
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Coven Rust Daemon β”‚
β”‚ β”‚
β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚
β”‚ β”‚ Authority boundary β”‚ β”‚
β”‚ β”‚ β€’ Canonicalize project rootβ”‚ β”‚
β”‚ β”‚ β€’ Validate cwd in root β”‚ β”‚
β”‚ β”‚ β€’ Allowlist harness id β”‚ β”‚
β”‚ β”‚ β€’ Validate session state β”‚ β”‚
β”‚ β”‚ β€’ Route action via policy β”‚ β”‚
β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚
β”‚ β”‚ β”‚
β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚
β”‚ β”‚ Harness adapter router β”‚ β”‚
β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”˜ β”‚
β”‚ β”‚ β”‚ β”‚
β”‚ β”Œβ”€β”€β”€β–Όβ”€β”€β” β”Œβ”€β”€β”€β–Όβ”€β”€β”€β” β”‚
β”‚ β”‚Codex β”‚ β”‚Claude β”‚ β”‚
β”‚ β”‚ PTY β”‚ β”‚ PTY β”‚ β”‚
β”‚ β””β”€β”€β”€β”¬β”€β”€β”˜ β””β”€β”€β”€β”¬β”€β”€β”€β”˜ β”‚
β”‚ β”‚ β”‚ β”‚
β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β” β”‚
β”‚ β”‚ SQLite session ledger + β”‚ β”‚
β”‚ β”‚ append-only event log β”‚ β”‚
β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
```

### Authority boundary

The Rust daemon validates every request before acting:

1. `projectRoot` must be explicit β€” no fallback
2. `cwd` must canonicalize inside the declared project root
3. Harness ID must be allowlisted (`codex`, `claude`)
4. Session IDs must exist and be in the expected state
5. All harness commands are built with argv APIs β€” never `sh -c`

Clients may improve UX by validating early, but they are never the enforcement boundary. A client cannot widen the project boundary, bypass the harness allowlist, or escape session state validation.

### Session lifecycle

```
coven run codex "fix tests"
β”‚
β–Ό
POST /api/v1/sessions { projectRoot, cwd, harness, prompt }
β”‚
β–Ό
Daemon: canonicalize β†’ validate β†’ spawn or reject
β”‚
β–Ό
Session record created in SQLite
β”‚
β–Ό
Harness spawned in PTY β†’ output events streamed to SQLite
β”‚
β–Ό
coven sessions β†’ Rejoin / View Log / Archive / Sacrifice
```

For full architecture diagrams (including Mermaid flow charts), see [`docs/ARCHITECTURE.md`](docs/ARCHITECTURE.md).

---

## Repository Structure

```
coven/
β”œβ”€β”€ .github/ # GitHub Actions workflows, issue templates
β”œβ”€β”€ assets/opencoven/ # Project assets (logos, icons for npm packages)
β”œβ”€β”€ brand/ # OpenCoven brand system
β”‚ β”œβ”€β”€ icons/ # Brand icon set (trident, agent-node, etc.)
β”‚ β”œβ”€β”€ social/ # Social media assets (X, GitHub)
β”‚ └── ui/ # CSS color tokens and typography scale
β”œβ”€β”€ crates/
β”‚ β”œβ”€β”€ coven-cli/ # Main Rust binary β€” the `coven` command
β”‚ └── coven-relay/ # Internal relay crate
β”œβ”€β”€ docs/ # Full documentation suite (see Documentation section)
β”œβ”€β”€ npm/ # npm wrapper package source for @opencoven/cli
β”œβ”€β”€ packages/
β”‚ └── openclaw-coven/ # External OpenClaw bridge plugin (@opencoven/coven)
β”œβ”€β”€ scripts/
β”‚ └── check-secrets.py # CI / pre-release secret scanner
β”œβ”€β”€ skills/opencoven-design/ # Design skill files
β”œβ”€β”€ web/ # Web surface files
β”œβ”€β”€ Cargo.lock # Locked Rust dependency tree
β”œβ”€β”€ Cargo.toml # Rust workspace manifest
β”œβ”€β”€ CONTRIBUTING.md # Contribution guidelines
β”œβ”€β”€ DESIGN.md # Full brand and design system reference
β”œβ”€β”€ LICENSE # MIT license
β”œβ”€β”€ README.md # This file
└── SECURITY.md # Security policy
```

**Key directories:**

- **`crates/coven-cli`** β€” Everything that becomes the `coven` binary. This is where daemon, PTY adapter, session store, socket API, and CLI surface live in Rust.
- **`packages/openclaw-coven`** β€” The opt-in bridge between OpenClaw and Coven. Lives here (not in OpenClaw core) to keep the trust boundary clean. Published as `@opencoven/coven`.
- **`scripts/check-secrets.py`** β€” Required pre-release and pre-PR scan. Run it before pushing to avoid leaking credentials into git history.
- **`docs/`** β€” The canonical documentation suite. All product docs, architecture, API contract, safety model, and roadmap live here.

---

## Configuration

### Environment variables

| Variable | Default | Description |
| ----------------------------- | ---------- | ---------------------------------------------------------------------------------------- |
| `COVEN_HOME` | `~/.coven` | Root directory for all daemon state: SQLite database, Unix socket, logs, encryption keys |
| `COVEN_PERSIST_RAW_ARTIFACTS` | `0` | Set to `1` to enable local encrypted storage of raw session artifact payloads (advanced) |

> **Tip:** If you run Coven in CI or need isolated environments, set `COVEN_HOME` to a unique path per environment. Coven will create the directory if it doesn't exist.

### Configuration file

Local privacy and storage settings live in `/privacy.toml`:

| Key | Default | Description |
| ----------------------- | ------- | ------------------------------------------------------- |
| `persist_raw_artifacts` | `false` | Enable local encrypted storage of raw session artifacts |

When enabled, raw artifacts are encrypted using a local key at `/keys/session-artifacts.key`. This file is generated automatically with private permissions and is never stored in the repository or SQLite database.

### What should never enter your repository

```
.coven/ # Daemon state directory β€” local only
*.sqlite # SQLite database files
*.sqlite3
*.db
*.sock # Unix socket files
.env* # Environment variable files
*.key # Encryption key files
```

These patterns are covered by `.gitignore`. Before submitting any PR or publishing documentation, run the secret scanner:

```bash
python scripts/check-secrets.py
```

If the scan fails, remove the secret from your working tree. If a secret entered git history, rotate the credential before rewriting history or publishing.

### Data retention defaults

| Data type | Default retention | Manual control |
| ------------------------------------ | ----------------- | ------------------ |
| Redacted session event logs | 30 days | `coven logs prune` |
| Raw encrypted artifacts (if enabled) | 7 days | `coven logs prune` |

---

## OpenCoven Integrations

Coven is the runtime layer. Other surfaces in the OpenCoven ecosystem sit above it and connect through the local socket API.

| Integration | Role | How it connects |
| -------------------------------------------------------- | -------------------------------------------------------------------------- | ---------------------------------------- |
| **[CastCodes](https://github.com/OpenCoven/cast-codes)** | Primary public workspace; the local-first AI coding product built on Coven | HTTP over Unix socket |
| **comux** | Legacy terminal cockpit (useful reference; not the future public story) | HTTP over Unix socket |
| **OpenClaw** | External coding agent; integrates via opt-in plugin only | `@opencoven/coven` plugin β†’ socket |

> **Important:** OpenClaw core does not contain Coven code. The integration lives exclusively in `packages/openclaw-coven` and publishes as `@opencoven/coven`. This separation keeps the trust boundary clean β€” the plugin is treated as an untrusted socket client, and the Rust daemon revalidates every request it makes.

### CastCodes

CastCodes is the primary product users open: terminal/code workspace, visible agent lanes, review flows, and approval UX. It is the first-contact public story for Coven.

The intended flow is:

```
User β†’ CastCodes β†’ coven run β†’ Coven daemon β†’ Harness PTY
Harness output β†’ Coven event log β†’ CastCodes session view
```

### comux (legacy reference)

comux is a standalone terminal cockpit that proved the tmux-cockpit model for parallel agent work. Its useful primitives (worktree isolation, pane menus, agent launcher registry) are being folded into CastCodes-native concepts. comux is no longer the future-facing public surface.

---

## Documentation

| Document | What it covers |
| ------------------------------------------------------- | --------------------------------------------------------------------- |
| [Getting started](docs/GETTING-STARTED.md) | Full install β†’ first session walkthrough |
| [Concepts](docs/CONCEPTS.md) | Definitions: harness, session, project, ritual, daemon, store, client |
| [Glossary](docs/GLOSSARY.md) | Term definitions for the full OpenCoven ecosystem |
| [Architecture](docs/ARCHITECTURE.md) | Runtime topology, session lifecycle, authority boundary diagrams |
| [API contract](docs/API-CONTRACT.md) | Full `coven.daemon.v1` contract: shapes, cursors, error codes |
| [Session lifecycle](docs/SESSION-LIFECYCLE.md) | Detailed state machine for sessions |
| [Safety model](docs/SAFETY-MODEL.md) | Trust boundary, local access model, data rules |
| [Operational model](docs/OPERATIONAL-MODEL.md) | Day-to-day operation and daemon management |
| [Client integration guide](docs/CLIENT-INTEGRATION.md) | How to build a client against the socket API |
| [Harness adapter guide](docs/HARNESS-ADAPTERS.md) | How to implement a new harness adapter |
| [Troubleshooting](docs/TROUBLESHOOTING.md) | Diagnose and resolve common issues |
| [Public roadmap](docs/ROADMAP.md) | Shipped, now, next, and later milestones |
| [Product spec](docs/PRODUCT-SPEC.md) | Product requirements and design decisions |
| [MVP plan](docs/MVP-PLAN.md) | Current MVP scope and checklist |
| [Future harnesses](docs/FUTURE-HARNESSES.md) | Research notes for upcoming adapter work |
| [Brand assets](docs/BRAND.md) | Logo, colors, and usage guidance |
| [Design system](DESIGN.md) | Full brand reference: palette, typography, iconography |
| [Brand adherence checklist](docs/BRANDING-ADHERENCE.md) | Checklist for brand-compliant contributions |
| [Documentation maintenance](docs/DOCS-MAINTENANCE.md) | How docs are organized and kept up to date |
| [Security policy](SECURITY.md) | Vulnerability reporting and data handling |

---

## FAQ

**Q: What is Coven, exactly?**

Coven is a local Rust daemon and CLI that supervises coding-agent CLI sessions (like Codex or Claude Code) inside explicit project boundaries, records everything to SQLite, and exposes it all through a versioned local HTTP API over a Unix socket.

**Q: Does Coven replace Codex or Claude Code?**

No. Coven wraps them. You still use the harness CLI for its AI capabilities β€” Coven adds project-scoped boundaries, session persistence, and a unified API on top.

**Q: Does Coven require an internet connection or an account?**

No. Coven itself is fully local. Your harness CLIs (Codex, Claude Code) require their own provider authentication, but Coven stores no credentials and makes no outbound network calls.

**Q: Is Windows supported?**

Yes. `@opencoven/cli-windows` ships a native Windows x64 binary, and the universal `@opencoven/cli` wrapper selects it automatically. Run `coven doctor` from the same PowerShell, Windows Terminal, or WSL2 environment where your harness CLI is installed.

**Q: What is `coven pc`?**

A macOS-first system diagnostics and relief tool built into the CLI. It shows CPU, memory, disk, and process health without launching a harness β€” useful when sessions feel slow or the daemon is sluggish to start. All read operations are side-effect-free. Write operations (kill, cache clear) require an explicit `--confirm` flag and cannot be bypassed.

**Q: What does "Sacrifice" mean?**

Sacrifice is Coven's intentionally explicit verb for permanently deleting a session and all its event history. It requires `--yes` on the command line so beginners don't accidentally delete work. Archive + Summon are the reversible alternatives for non-destructive session management.

**Q: What is `COVEN_HOME`?**

The directory where Coven stores all local state: SQLite database, Unix socket, logs, and encryption keys. Defaults to `~/.coven`. To isolate environments (e.g., in CI), set `COVEN_HOME` to a separate path for each environment.

**Q: Is CastCodes the same as Coven?**

No. CastCodes is a separate product β€” the local-first AI coding workspace and primary public-facing product that runs on top of Coven. Coven is the runtime substrate. CastCodes is the workspace you open.

**Q: What is the relationship with OpenClaw?**

OpenClaw is an external coding agent that can optionally integrate with Coven through the `@opencoven/coven` plugin package. OpenClaw core contains no Coven code. The integration is strictly opt-in and requires installing the plugin separately.

**Q: Can I build my own client on top of Coven?**

Yes. The daemon exposes a stable `coven.daemon.v1` HTTP API over a local Unix socket. All clients are untrusted for enforcement, but the API surface is stable and versioned. See [`docs/API-CONTRACT.md`](docs/API-CONTRACT.md) and [`docs/CLIENT-INTEGRATION.md`](docs/CLIENT-INTEGRATION.md).

**Q: What if I want to add a new harness (like Aider or Gemini)?**

See [`docs/HARNESS-ADAPTERS.md`](docs/HARNESS-ADAPTERS.md) for the adapter contract. The v0 focus is Codex and Claude Code β€” new harnesses are planned for later milestones after adapter contracts are stable.

---

## Troubleshooting

The fastest first step for any broken setup:

```bash
coven doctor
```

`coven doctor` checks store readiness, project detection, daemon status, and harness availability β€” and prints specific next steps for every failure branch.

### Quick reference

| Symptom | First step |
| ------------------------------------------- | -------------------------------------------------------------------------------------- |
| `coven: command not found` | Run `npm install -g @opencoven/cli`; verify binary is on `PATH` |
| `doctor` reports missing harness | Install and authenticate the harness CLI (see [Requirements](#requirements)) |
| Daemon won't start | Run `coven daemon restart`; check `$COVEN_HOME` ownership and permissions |
| Session browser shows a table, not a UI | Terminal isn't interactive; use `coven sessions --manage` to force the browser |
| `cwd` rejected at launch | The working directory resolves outside the project root; use a path inside it |
| Stale "running" sessions after daemon crash | Run `coven sessions --all`; archive or sacrifice orphaned records |
| Sessions feel slow / daemon sluggish | Run `coven pc status` to check system pressure; `coven pc top --n 10` for CPU culprits |
| `coven attach` won't accept input | The session is not live; attach replays logs for completed or archived sessions |
| Secret scan fails | Remove the secret from your working tree; rotate it if it entered git history |
| API version mismatch | Update Coven to match the client's expected contract, or update the client |

For the full diagnostic flowchart and detailed resolution steps, see [`docs/TROUBLESHOOTING.md`](docs/TROUBLESHOOTING.md).

---

## Contributing

> **Contribution Status β€” Updated July 2026**
>
> External Pull Requests are open. Please start from an issue for larger changes
> and include the readiness packet requested by the PR template.

### First 10 minutes (source checkout)

```bash
git clone https://github.com/OpenCoven/coven.git
cd coven
cargo build --workspace
cargo run -p coven-cli -- doctor
cargo test -p coven-cli --test smoke -- --nocapture
```

A healthy first pass: the workspace builds, `doctor` prints setup status, and the smoke test passes. The smoke test uses an isolated temporary `COVEN_HOME` and injects a fake `codex` binary into `PATH` β€” it does not require real harness credentials or a network connection.

### Local development loop

```bash
# Build
cargo build --workspace

# Rust checks (required before any PR)
cargo fmt --check
cargo clippy --workspace --all-targets -- -D warnings
cargo test --workspace --locked

# Secret scanner (required before any PR)
python scripts/check-secrets.py

# Smoke test (required for daemon/session/attach/ritual changes)
cargo test -p coven-cli --test smoke -- --nocapture

# Manual smoke run β€” use a throwaway project, not a real repository
cargo run -p coven-cli -- daemon start
cargo run -p coven-cli -- run codex "say hello from coven"
cargo run -p coven-cli -- sessions
cargo run -p coven-cli -- daemon stop
```

### Architecture rules for contributors

- **Rust is the authority layer.** Process launch, cwd/project-root validation, PTY lifecycle, session persistence, and socket request enforcement are all Rust's responsibility. TypeScript clients improve UX but are never the trust boundary.
- **All clients are untrusted for enforcement** β€” this includes comux and the OpenClaw plugin.
- **Keep harness support focused.** v0 targets Codex and Claude Code only until adapter contracts are stable.
- **OpenClaw separation.** Do not place Coven code in OpenClaw core. The integration belongs in `packages/openclaw-coven` as `@opencoven/coven`.
- **No future orchestration commands as user-facing** until they exist in the CLI and socket API.

### Documentation rules

- Use **OpenCoven** for the ecosystem and organization. Use **Coven** for the CLI and daemon product.
- The user-facing command is always `coven` β€” never `opencoven` or `@opencoven` in user-facing documentation.
- Use canonical community references: `discord.gg/opencoven` and `@OpenCvn`.
- Use placeholders in all examples: `/path/to/project`, `/Users/example`, `session-1`, `intent-1`.
- Run `python scripts/check-secrets.py` before submitting any PR, including docs-only changes.
- Update docs whenever command behavior, API behavior, or trust boundaries change.

### Maintainer release checklist

```bash
cargo fmt --check
cargo clippy --workspace --all-targets -- -D warnings
cargo test --workspace --locked
python scripts/check-secrets.py
# For package releases: verify package contents with dry run, attach checksums for native binaries
```

See [CONTRIBUTING.md](CONTRIBUTING.md) for the full development loop, release checklist, and documentation standards.

---

## Code of Conduct

OpenCoven is committed to building a welcoming, respectful community where people of all backgrounds and experience levels can contribute and learn.

**We expect all contributors and community members to:**

- Be respectful and kind in all interactions β€” issues, PRs, Discord, and X
- Focus criticism on ideas and code, not people
- Welcome newcomers and answer questions with patience
- Assume good faith before assuming bad

**We do not tolerate:**

- Harassment, discrimination, or abuse in any form
- Personal attacks or derogatory language
- Sustained or repeated disruptive behavior

To report unacceptable behavior, contact the maintainers privately through GitHub or Discord. Reports will be handled with discretion.

---

## Roadmap

> **Last updated: May 2026.** See [`docs/ROADMAP.md`](docs/ROADMAP.md) for detailed milestone checklists with individual items.

| Status | Milestone | Summary |
| --------------- | --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
| βœ… **Shipped** | A: Local runtime foundation | `coven` CLI, Rust daemon, PTY sessions, SQLite ledger, versioned `coven.daemon.v1` API, Codex + Claude adapters, npm packages |
| πŸ”„ **Now** | B: CastCodes workspace | CastCodes as primary public workspace; Cast Agent + Coven integration direction |
| πŸ”„ **Now** | C: Community transparency | Public roadmap, Discord update cadence, public issue board |
| πŸ“‹ **Next** | D: Harness expansion | Generic command adapter from real usage, third harness proof, compatibility docs |
| πŸ”¬ **Next/Lab** | E: Visible lane β†’ verify β†’ review | CastCodes-native agent lanes, live session display, verification gates, explicit PR/merge workflow |
| πŸ”­ **Later** | F: Multi-harness orchestration | Handoff protocol, capability routing, multi-instance coordination, audit dashboard (Phases 1–4) |

The roadmap is written as a community-facing progress ledger, not an internal promise sheet. Items move when they are designed, implemented, tested, and released. Dates are avoided unless a release is already scheduled.

---

## Security

Coven is pre-1.0 software. Treat it accordingly:

- **Do not run untrusted harnesses or prompts in sensitive repositories.** Session logs capture harness output; if the harness dumps secrets, Coven logs them.
- **Do not commit runtime state.** `.coven/`, `*.sqlite`, `*.sock`, `.env*` files, and encryption keys should never enter source control.
- **Do not paste secrets into prompts.** Event payloads are redacted before API display, but defense in depth starts with not having secrets in prompts.

**Reporting vulnerabilities:** Please use [GitHub Security Advisories](https://github.com/OpenCoven/coven/security/advisories) for this repository. If advisories are unavailable, contact the maintainer privately. Do not post exploit details in public issues.

See [SECURITY.md](SECURITY.md) for the full security policy and [`docs/SAFETY-MODEL.md`](docs/SAFETY-MODEL.md) for the trust boundary and local access model.

---

## License

MIT Β© Valentina Alexander and the OpenCoven contributors β€” see [LICENSE](LICENSE) for full terms.

---

## Community & Support

| Channel | Link |
| ----------------------- | ---------------------------------------------------------- |
| 🌐 Website | [opencoven.ai](https://opencoven.ai/) |
| πŸ“ Feedback | [feedback.opencoven.ai](https://feedback.opencoven.ai/) |
| πŸ’¬ Discord | [discord.gg/opencoven](https://discord.gg/opencoven) |
| 🐦 X / Twitter | [@OpenCvn](https://x.com/OpenCvn) |
| πŸ› Issues & Bug Reports | [GitHub Issues](https://github.com/OpenCoven/coven/issues) |
| πŸ“– Documentation | [`docs/` directory](docs/) |
| πŸ—ΊοΈ Public Roadmap | [docs/ROADMAP.md](docs/ROADMAP.md) |

---

**[OpenCoven](https://github.com/OpenCoven)** β€” One project. Any harness. Visible work.