ASM (Agent Session Manager)

ASM is an OTP-native Elixir runtime for running multi-turn AI sessions across multiple CLI providers with one API.

Supported providers:

• Claude CLI
• Gemini CLI
• Codex CLI (exec mode)
• Amp CLI

Documentation Menu

• README.md - install, lanes, provider boundaries, and validation workflow
• guides/execution-plane-alignment.md - frozen lower-boundary packet and Wave 3 provisional lane note
• guides/lane-selection.md - lane discovery and execution fallback rules
• guides/provider-backends.md - core vs SDK backend responsibilities
• guides/inference-endpoints.md - ASM.InferenceEndpoint publication and endpoint contracts
• guides/common-and-partial-provider-features.md - normalized permission terms and partial common features such as Ollama
• guides/event-model-and-result-projection.md - stream projection and reducers
• guides/remote-node-execution.md - remote execution model
• examples/README.md - live and offline proof entrypoints

Why ASM

• One session/runtime model across providers.
• Shared core event vocabulary from cli_subprocess_core, wrapped in run/session-scoped %ASM.Event{} envelopes.
• Native Elixir streaming (Enumerable) with reducer-based result projections.
• Provider registry that resolves providers onto backend lanes instead of provider-specific command/parser ownership.
• Remote-node execution that starts provider backends remotely while keeping the ASM session/run processes local.
• Lower-boundary carriage aligned to the Wave 1 packet without re-exporting raw execution_plane/* packages.

Install

def deps do
  [
    {:agent_session_manager, "~> 0.9.2"}
  ]
end

For local workspace development, replace that published requirement with the repo-local path: override.

That dependency gives you ASM's normalized kernel plus the discovery modules for the current built-in Claude/Codex extension namespaces. Those namespace modules are always present in ASM, but they activate only when the matching optional provider SDK dependency is installed.

Optional provider SDK dependencies stay additive. Add one only when you want that provider's SDK lane/runtime kit or, where it exists today, its ASM provider-native namespace:

• {:claude_agent_sdk, "~> 0.17.0", optional: true} for Claude control-protocol helpers and ASM.Extensions.ProviderSDK.Claude
• {:codex_sdk, "~> 0.16.0", optional: true} for Codex app-server, MCP, realtime, voice helpers, and ASM.Extensions.ProviderSDK.Codex
• {:gemini_cli_sdk, "~> 0.2.0", optional: true} for Gemini SDK lane/runtime-kit availability only; ASM does not expose a separate Gemini native extension namespace today
• {:amp_sdk, "~> 0.5.0", optional: true} for Amp SDK lane/runtime-kit availability only; ASM does not expose a separate Amp native extension namespace today

Declaring the optional dependency is the only client-side activation step. No extra ASM wiring is required. ASM always keeps the common surface available through cli_subprocess_core, auto-detects optional provider runtime availability, and activates only the provider-native extension namespaces that genuinely exist today.

The package publication order for this stack remains: cli_subprocess_core first, then the provider SDK packages, then agent_session_manager.

CLI Setup

Install provider CLIs you plan to use:

npm install -g @anthropic-ai/claude-code
npm install -g @google/gemini-cli
npm install -g @openai/codex
npm install -g @sourcegraph/amp

Authenticate each CLI with its native flow before using ASM.

For Codex local OSS via Ollama, ASM forwards backend intent into the shared core model registry instead of selecting a local model itself. Example:

{:ok, session} =
  ASM.start_link(
    provider: :codex,
    provider_backend: :oss,
    oss_provider: "ollama",
    model: "llama3.2"
  )

gpt-oss:20b remains the default validated Codex/Ollama example model in the shared stack, but ASM also accepts other installed local models such as llama3.2 and forwards them through the same route. In the example suite, those broader local models should be treated as accepted but potentially degraded upstream paths rather than guaranteed exact-output smoke targets.

ASM does not keep a second model-resolution layer above the shared core. Run paths validate ASM/common-surface options first, then finalize provider opts through CliSubprocessCore.ModelInput.normalize/3 so backends consume an attached model_payload instead of re-resolving model/backend intent locally.

Optional explicit CLI paths:

• CLAUDE_CLI_PATH
• GEMINI_CLI_PATH
• CODEX_PATH
• AMP_CLI_PATH

Quick Start

# OTP-friendly session startup
{:ok, session} = ASM.start_link(provider: :claude)

# Stream text chunks
session
|> ASM.stream("Reply with exactly: OK")
|> ASM.Stream.text_content()
|> Enum.each(&IO.write/1)

# Query convenience API
case ASM.query(session, "Say hello") do
  {:ok, result} -> IO.puts(result.text)
  {:error, error} -> IO.puts("failed: #{Exception.message(error)}")
end

:ok = ASM.stop_session(session)

Provider atom form for one-off queries:

{:ok, result} = ASM.query(:gemini, "Say hello")

CLI Inference Endpoint Publication

ASM.InferenceEndpoint publishes CLI-backed providers as endpoint-shaped targets for northbound inference consumers.

The stable northbound API is:

• ASM.InferenceEndpoint.consumer_manifest/0
• ASM.InferenceEndpoint.ensure_endpoint/3
• ASM.InferenceEndpoint.release_endpoint/1

The built-in CLI provider set is published honestly from the landed provider profiles:

• Codex
• Claude
• Gemini
• Amp

ASM derives cli_completion_v1, cli_streaming_v1, and cli_agent_v2 from the landed provider profiles and runtime tiers, but the endpoint path only exposes completion and streaming. Tool-bearing or agent-loop-shaped requests are rejected on that endpoint seam.

Gemini and Amp remain common-surface-only providers. Their capability publication can make them valid endpoint targets without introducing a second ASM-native extension namespace.

See guides/inference-endpoints.md and examples/inference_endpoint_http.exs for the published descriptor contract and an offline endpoint proof.

Session Model

ASM has three option layers:

• Session defaults: passed to ASM.start_link/1 or ASM.start_session/1.
• Per-run overrides: passed to ASM.stream/3 or ASM.query/3.
• Provider options: validated against provider schemas and handed to the resolved backend lane.

Zoi is now the canonical boundary-schema layer for new dynamic ASM boundary work. NimbleOptions remains at the public keyword ingress during the coexistence window, but schema-backed normalization now owns:

• provider-option envelope conformance after keyword validation
• %ASM.Event{} rebuild/serialization boundaries
• resolved remote-node execution payloads
• provider profile normalization

Per-run options override session defaults. Session defaults are inherited automatically.

Generic Execution-Surface Carriage

ASM keeps the bridge-to-core contract transport-neutral.

Session defaults and per-run overrides carry transport placement separately from runtime environment and approval context:

• execution_surface
• execution_environment

execution_surface = [
  surface_kind: :ssh_exec,
  transport_options: [destination: "buildbox-a", port: 2222],
  target_id: "buildbox-a"
]

execution_environment = [
  workspace_root: "/repo",
  allowed_tools: ["git.status"],
  approval_posture: :manual,
  permission_mode: :default
]

{:ok, session} =
  ASM.start_session(
    provider: :codex,
    execution_surface: execution_surface,
    execution_environment: execution_environment
  )

Session startup normalizes stored defaults so ASM.session_info/1 reflects the same CliSubprocessCore.ExecutionSurface contract the downstream SDK repos consume. execution_environment is normalized separately and carries workspace_root, allowed_tools, approval_posture, and permission_mode. Run execution then merges per-run overrides, enforces non-empty allowed_tools in the ASM pipeline, and forwards placement only to the backend/runtime startup path. approval_posture: :none stays explicit and runtime backends reject unresolved starts instead of normalizing it away silently.

ASM keeps one public placement surface. surface_kind, transport_options, lease_ref, surface_ref, target_id, boundary_class, and observability belong inside execution_surface. Workspace and approval policy do not.

Transport expansion stays core-owned. ASM carries the opaque placement contract without branching on adapter modules or transport-family-specific path rules, so future built-in surfaces should not require another ASM contract rewrite.

The current execution_surface and execution_environment forms are the family-facing mapped carrier IR around the frozen Wave 1 packet:

• BoundarySessionDescriptor.v1
• AttachGrant.v1
• ExecutionEvent.v1
• ExecutionOutcome.v1
• ProcessExecutionIntent.v1
• JsonRpcExecutionIntent.v1

The detailed minimal-lane interiors for the two intent contracts remain provisional until Wave 3 prove-out. ASM names and carries that packet through ASM.Execution.Config.execution_plane_contracts/0; it does not expose raw Execution Plane package names as its public kernel API. Boundary-backed external sessions can now arrive through that unchanged transport-neutral surface as attach-ready :guest_bridge placement authored above ASM. ASM does not inspect lower-boundary backend details; it only consumes the normalized execution_surface contract.

Phase D now proves that unchanged execution config path over SSH as well:

• :ssh_exec executes through the generic execution_surface contract
• start, stream, interrupt, close, and terminal-error handling stay on the existing ASM surface
• guest bridge can remain transport-neutral at the ASM seam without turning ASM into a transport registry
• boundary-backed :guest_bridge sessions follow the same rule: descriptor validation and lower-boundary claim happen above ASM, while ASM only consumes the final execution_surface

Runtime Architecture

Runtime execution path:

• ASM.ProviderRegistry resolves the provider onto :core or :sdk.
• ASM.ProviderBackend.Core runs cli_subprocess_core and is the required lane for :remote_node.
• ASM.ProviderBackend.SDK runs optional provider runtime kits when they are available locally.
• ASM.Run.Server starts the resolved backend, subscribes to backend events, wraps core events in %ASM.Event{}, and applies pipelines/reducers.
• ASM.Session.Server remains aggregate root for run admission, approval routing, and session-level cost accounting.

Lane selection is intentionally separate from execution mode:

• provider discovery chooses the preferred lane first
• execution mode then decides whether that preferred lane can execute as requested
• :remote_node always executes the core lane in the landed Phase 4 boundary

This produces three distinct values in observability metadata:

• requested_lane: the caller request (:auto | :core | :sdk)

• preferred_lane: the lane selected by provider/runtime discovery
• lane: the effective lane that actually executed

When lane: :auto prefers :sdk but execution_mode: :remote_node, ASM records preferred_lane: :sdk and executes with lane: :core, backend: ASM.ProviderBackend.Core, and lane_fallback_reason: :sdk_remote_unsupported. An explicit lane: :sdk with execution_mode: :remote_node is a configuration error.

See Lane Selection for the full discovery and resolution flow.

Centralized Model Selection

ASM does not own provider model policy.

The authoritative model-selection contract is provided by cli_subprocess_core, and ASM consumes the resolved payload before dispatching into provider adapters.

Authoritative core surface:

• CliSubprocessCore.ModelRegistry.resolve/3
• CliSubprocessCore.ModelRegistry.validate/2
• CliSubprocessCore.ModelRegistry.default_model/2
• CliSubprocessCore.ModelRegistry.build_arg_payload/3

ASM-side rules:

• option schemas remain value carriers
• provider backends and SDK extensions consume resolved payloads only
• missing provider path, missing SDK path, missing model, placeholder model input, and invalid reasoning effort remain hard failures
• ASM does not implement a second provider-specific fallback path

Provider-side alignment in the current stack is:

• Claude, Codex, and Gemini SDK repos consume the shared mixed-input normalizer before backend execution
• Amp exposes a payload-only model contract rather than a second raw model surface
• ASM always runs after that normalization boundary and passes finalized payloads into both the common core lane and optional SDK lanes

ASM-local schema ownership stops at orchestration boundaries. Provider-native runtime schemas still stay in their owning SDK repos.

Claude Ollama Backend Through ASM

Because ASM resolves Claude model payloads in core first, the Claude Ollama path is configured through ASM provider opts and still flows through CliSubprocessCore.ModelRegistry.

Relevant Claude provider opts:

• :provider_backend
• :external_model_overrides
• :anthropic_base_url
• :anthropic_auth_token
• :model

Example:

{:ok, result} =
  ASM.query(:claude, "Reply with exactly: OK",
    provider_backend: :ollama,
    anthropic_base_url: "http://localhost:11434",
    external_model_overrides: %{"haiku" => "llama3.2"},
    model: "haiku"
  )

ASM does not build Ollama env itself. It forwards the Claude backend options to core, attaches the resolved payload, and the downstream Claude lane consumes that payload.

Lane Selection

Use ASM.ProviderRegistry to inspect lane availability and resolution:

{:ok, provider_info} = ASM.ProviderRegistry.provider_info(:codex)
{:ok, lane_info} = ASM.ProviderRegistry.lane_info(:codex, lane: :auto)

{:ok, resolution} =
  ASM.ProviderRegistry.resolve(:codex,
    lane: :auto,
    execution_mode: :remote_node
  )

provider_info/1 reports provider-level facts such as:

• sdk_runtime
• sdk_available?
• available_lanes
• core_capabilities
• sdk_capabilities

Those fields stay scoped to normalized lane/runtime discovery. Provider-native extension inventory is reported separately through ASM.Extensions.ProviderSDK.

lane_info/2 is discovery-only and returns:

• requested_lane
• preferred_lane
• backend for that preferred lane
• lane_reason
• lane-specific capabilities

resolve/2 adds execution-mode compatibility and returns the effective:

• lane
• backend
• execution_mode
• lane_fallback_reason

Typical projected metadata for a remote auto-lane run:

%{
  requested_lane: :auto,
  preferred_lane: :sdk,
  lane: :core,
  backend: ASM.ProviderBackend.Core,
  execution_mode: :remote_node,
  lane_fallback_reason: :sdk_remote_unsupported
}

Lane rules:

• :core is always available
• :sdk is optional and requires the provider runtime kit to be installed and loadable
• :auto prefers :sdk when the runtime kit is available locally, otherwise it uses :core

Provider Backend Model

ASM.ProviderBackend.Core is the baseline backend for every provider:

• required dependency surface
• works in execution_mode: :local
• works in execution_mode: :remote_node
• uses provider core profiles from cli_subprocess_core

ASM.ProviderBackend.SDK is additive, not foundational:

• selected only when the provider runtime kit is installed locally
• limited to execution_mode: :local
• keeps the same session/run/event model as the core lane
• remains optional so ASM still runs cleanly without SDK dependencies present

Approval routing, interrupt control, and result projection are lane-agnostic. The lane changes how the provider backend is started, not how the session aggregate behaves.

ASM intentionally stops at this normalized backend boundary. Rich provider-native control families such as Claude hooks/permission callbacks and Codex app-server remain in the provider SDK repos and stay out of ASM's core execution model.

See Provider Backends for the backend contract and lane responsibilities.

Provider SDK Extensions

Phase 4 keeps an explicit provider-native extension foundation above the normalized kernel.

Use ASM.Extensions.ProviderSDK when you need to discover optional richer provider-native seams without widening ASM, ASM.Stream, or ASM.ProviderRegistry:

alias ASM.Extensions.ProviderSDK

catalog = ProviderSDK.extensions()
active_extensions = ProviderSDK.available_extensions()
{:ok, active_claude_extensions} = ProviderSDK.available_provider_extensions(:claude)
{:ok, claude_extension} = ProviderSDK.extension(:claude)
{:ok, codex_native_caps} = ProviderSDK.provider_capabilities(:codex)
{:ok, gemini_report} = ProviderSDK.provider_report(:gemini)

report = ProviderSDK.capability_report()

claude_extension.namespace
# ASM.Extensions.ProviderSDK.Claude

Enum.map(catalog, & &1.provider)
# [:claude, :codex]

Enum.map(active_extensions, & &1.provider)
# subset of [:claude, :codex], depending on installed optional deps

Enum.map(active_claude_extensions, & &1.namespace)
# [] or [ASM.Extensions.ProviderSDK.Claude]

codex_native_caps
# [:app_server, :mcp, :realtime, :voice]

report.claude.sdk_available?
# true | false

gemini_report.namespaces
# []

Current built-in namespaces:

• ASM.Extensions.ProviderSDK.Claude
• ASM.Extensions.ProviderSDK.Codex

Optional-loading rules:

• extensions/0 is the static native-extension catalog
• provider_extensions/1 is the static native-extension catalog for one provider
• available_extensions/0, provider_report/1, and capability_report/0 report the active composition state for the currently installed optional deps
• available_provider_extensions/1 reports the active native-extension subset for one provider
• extension discovery is always safe to call
• sdk_available? reports whether the backing provider runtime kit is loadable locally
• registered_namespaces and registered_extensions keep the static catalog explicit even when namespaces and extensions are empty for the current dependency set
• rich provider-native APIs still live in claude_agent_sdk and codex_sdk
• ASM does not normalize those richer APIs into ASM, ASM.Stream, or ASM.ProviderRegistry
• Gemini and Amp may report sdk_available?: true while still exposing namespaces: [] because they currently compose only through the common ASM surface and not through a separate provider-native extension namespace

The Claude namespace now exposes an explicit bridge into the SDK-local control family:

alias ASM.Extensions.ProviderSDK.Claude

asm_opts = [
  provider: :claude,
  cwd: File.cwd!(),
  execution_environment: [permission_mode: :plan],
  model: "sonnet"
]

native_overrides = [
  enable_file_checkpointing: true,
  thinking: %{type: :adaptive}
]

{:ok, sdk_options} = Claude.sdk_options(asm_opts, native_overrides)

{:ok, client} =
  Claude.start_client(
    asm_opts,
    native_overrides,
    transport: MyApp.MockTransport
  )

:ok = ClaudeAgentSDK.Client.set_permission_mode(client, :plan)

That bridge is intentionally separate from the normalized kernel:

• ASM-style options stay in the first argument
• Claude-native options stay in native_overrides
• overlapping keys such as :cwd, :execution_environment, :model, and :max_turns are rejected and must stay in asm_opts
• control calls still use ClaudeAgentSDK.Client.*

The Codex namespace now exposes a narrow bridge into the SDK-local app-server entry path:

alias ASM.Extensions.ProviderSDK.Codex
alias Codex, as: CodexSDK

{:ok, conn} =
  Codex.connect_app_server(
    [
      provider: :codex,
      cli_path: "/usr/local/bin/codex",
      model: "gpt-5.4",
      reasoning_effort: :high
    ],
    [model_personality: :pragmatic],
    experimental_api: true
  )

{:ok, thread_opts} =
  Codex.thread_options(
    [
      provider: :codex,
      cwd: "/workspaces/repo",
      execution_environment: [permission_mode: :default],
      approval_timeout_ms: 45_000,
      output_schema: %{"type" => "object"}
    ],
    transport: {:app_server, conn},
    personality: :pragmatic
  )

{:ok, codex_opts} =
  Codex.codex_options(
    [provider: :codex, model: "gpt-5.4"],
    model_personality: :pragmatic
  )

{:ok, thread} = CodexSDK.start_thread(codex_opts, thread_opts)

That bridge is intentionally narrow:

• ASM-derived fields such as :model, :reasoning_effort, :cwd, :approval_timeout_ms, and :output_schema stay in ASM config
• Codex-native fields such as :personality, :collaboration_mode, :attachments, and app-server transport stay in native_overrides
• richer Codex APIs still live in codex_sdk
• app-server, MCP, realtime, and voice remain outside ASM, ASM.Stream, and ASM.ProviderRegistry

See Provider SDK Extensions for the kernel-versus-extension split and the discovery API.

Common And Partial Provider Features

ASM keeps the public approval knob normalized as :permission_mode, but the provider-native terminology still matters for observability, examples, and host application UX. ASM.ProviderFeatures is the public discovery surface for that mapping and for ASM common features that are only supported by some providers.

ASM.ProviderFeatures.permission_mode!(:codex, :yolo).cli_excerpt
# => "--dangerously-bypass-approvals-and-sandbox"

ASM.ProviderFeatures.common_feature!(:claude, :ollama)
# => %{supported?: true, activation: %{provider_backend: :ollama}, ...}

The current partial common feature is the ASM Ollama surface:

• Claude: supported
• Codex: supported
• Gemini: unsupported
• Amp: unsupported

See Common And Partial Provider Features for the discovery API and the Claude-versus-Codex Ollama semantics.

Important boundary:

• permission_mode is ASM's normalized public execution knob
• provider-native flags such as Codex :yolo, Claude :bypass_permissions, Gemini --yolo, or Amp --dangerously-allow-all are downstream renderings of that one normalized concept
• provider-specific knobs that are not part of ASM's normalized execution environment remain provider-specific
• Codex :auto / :auto_edit is intentionally not exposed through ASM's normalized permission_mode; use :default, :bypass, or direct codex_sdk thread options when you need Codex-native workspace-write behavior

Examples:

• Gemini sandbox is provider-native and not part of ASM's normalized execution environment contract
• Codex ask_for_approval is a codex_sdk thread option, not an ASM common execution-environment field
• allowed_tools is part of ASM's normalized execution environment

So if a host is reasoning at the ASM layer:

• use permission_mode for the common approval/edit posture
• use allowed_tools for the common tool allowlist
• use provider-native overrides only when the selected provider actually owns an additional concept outside the common ASM surface

Event Model And Result Projection

Backends emit core runtime events. ASM.Run.Server wraps them into %ASM.Event{} values that carry run/session scope plus stable observability metadata. Stream consumers therefore see the same lane and execution metadata that final results expose.

%ASM.Event{} remains the ergonomic runtime envelope, while ASM.Schema.Event owns parsing and projection for persisted or rebuilt event maps. Forward- compatible event maps preserve unknown keys on the struct's :extra field instead of pushing ad hoc map traversal into callers.

Common metadata keys include:

• provider
• provider_display_name
• requested_lane
• preferred_lane
• lane
• backend
• execution_mode
• lane_reason
• lane_fallback_reason
• sdk_runtime
• sdk_available?
• capabilities

ASM.Stream.final_result/1 reduces the streamed %ASM.Event{} sequence through ASM.Run.EventReducer and projects a final %ASM.Result{}. %ASM.Result.metadata is therefore derived from the event stream rather than from a side channel, which keeps streaming and query-style consumption aligned.

See Event Model And Result Projection for the reducer and metadata projection details.

Approval Routing And Interrupts

Approvals are session-scoped even though they originate from individual runs:

• a backend emits :approval_requested
• ASM.Run.Server notifies ASM.Session.Server
• the session indexes approval_id to the owning run process
• ASM.approve/3 routes the decision back to that run

If an approval is not resolved before approval_timeout_ms, ASM emits :approval_resolved with decision: :deny and reason: "timeout".

Interrupts are run-scoped:

• ASM.interrupt/2 interrupts an active run through its backend and the run ends with a terminal user_cancelled error
• queued runs are removed from the session queue before they start

These control semantics stay the same across :core and :sdk, and across local versus remote execution.

See Approvals And Interrupts for the session/run control flow in more detail.

Remote Node Execution

Remote execution is opt-in per session or per run. Local mode remains the default.

Session-level remote default:

{:ok, session} =
  ASM.start_session(
    provider: :codex,
    execution_mode: :remote_node,
    # Remote backend options stay under :driver_opts
    driver_opts: [
      remote_node: :"asm@sandbox-a",
      remote_cookie: :cluster_cookie,
      remote_cwd: "/workspaces/t-123"
    ]
  )

Per-run remote override:

ASM.query(session, "analyze this",
  execution_mode: :remote_node,
  driver_opts: [remote_node: :"asm@sandbox-b"]
)

Per-run local override (when session default is remote):

ASM.query(session, "quick local check", execution_mode: :local)

Remote execution options:

• remote_node (required for :remote_node)
• remote_cookie (optional)
• remote_connect_timeout_ms (default 5000)
• remote_rpc_timeout_ms (default 15000)
• remote_boot_lease_timeout_ms (accepted for config compatibility; retained in resolved execution config but not consumed by the current remote backend start path)

• remote_bootstrap_mode (:require_prestarted | :ensure_started, default :require_prestarted)

• remote_cwd (optional remote workspace override)
• remote_transport_call_timeout_ms (overrides transport_call_timeout_ms for remote backend control calls)

Operational requirements for remote worker nodes:

• Erlang distribution enabled with trusted cookie
• :agent_session_manager available on the remote node
• provider CLI binaries installed remotely
• provider credentials available on remote host
• compatible OTP major version
• ASM major/minor compatibility

Public API

Core lifecycle:

• ASM.start_link/1
• ASM.start_session/1
• ASM.stop_session/1
• ASM.session_id/1

Run execution:

• ASM.stream/3
• ASM.query/3

Runtime control:

• ASM.health/1
• ASM.cost/1
• ASM.interrupt/2
• ASM.approve/3

Lane and provider introspection:

• ASM.ProviderRegistry.provider_info/1
• ASM.ProviderRegistry.lane_info/2
• ASM.ProviderRegistry.resolve/2

Streaming helpers:

• ASM.Stream.final_result/1
• ASM.Stream.text_deltas/1
• ASM.Stream.text_content/1
• ASM.Stream.final_text/1

Error Semantics

ASM.query/3 returns:

• {:ok, %ASM.Result{...}} when the run completes successfully.
• {:error, %ASM.Error{...}} for terminal run failures, transport failures, parse failures, and runtime failures.

Result projections also include structured cost and terminal error:

• %ASM.Result{cost: %{input_tokens: ..., output_tokens: ..., cost_usd: ...}}

• %ASM.Result{error: %ASM.Error{} | nil}

Execution Control Options

Session defaults and per-run overrides can also control execution behavior:

• execution_mode (:local | :remote_node)

• lane (:auto | :core | :sdk)

• stream_timeout_ms (maximum wait for the next run event; default 60000)
• queue_timeout_ms (maximum time a queued run waits for capacity; default :infinity)
• transport_call_timeout_ms (backend control timeout used by the effective lane)
• driver_opts (remote execution settings bag for :remote_node)

Provider Options

Common options:

• provider

• permission_mode (:default | :auto | :bypass | :plan)

• cli_path
• cwd
• env
• approval_timeout_ms
• transport_timeout_ms (lane runtime timeout forwarded to the effective core or SDK backend)
• transport_headless_timeout_ms (core lane subprocess headless timeout)

Provider-specific examples:

• Claude: model, include_thinking, max_turns
• Gemini: model, sandbox, extensions
• Codex: model, reasoning_effort, output_schema
• Amp: model, mode, include_thinking, tools

Provider caveat:

• Codex rejects ASM permission_mode: :auto on the shared ingress because the current Codex workspace-write/auto-edit path creates a repo-local .codex artifact. Keep Codex on :default or :bypass in ASM, or drop down to direct codex_sdk thread options when you explicitly want that provider behavior.

Live Examples

The repo examples are provider-agnostic and stay on the common ASM surface. They only run when you explicitly choose a provider with --provider.

mix run --no-start examples/live_query.exs -- --provider claude
mix run --no-start examples/live_stream.exs -- --provider gemini
mix run --no-start examples/live_session_lifecycle.exs -- --provider codex
./examples/run_all.sh --provider amp

Environment knobs used by examples:

• CLAUDE_CLI_PATH, GEMINI_CLI_PATH, CODEX_PATH, AMP_CLI_PATH
• ASM_PERMISSION_MODE (default, auto, bypass, plan)
• ASM_CLAUDE_MODEL, ASM_GEMINI_MODEL, ASM_CODEX_MODEL, ASM_AMP_MODEL

If you omit --provider, the example prints a usage note and exits without running a live provider. See examples/README.md for the full example set.

Guides

• Boundary Enforcement
• Lane Selection
• Provider Backends
• Common And Partial Provider Features
• Provider SDK Extensions
• Event Model And Result Projection
• Approvals And Interrupts
• Live Adapter Feature Matrix
• Remote Node Execution

Architecture Notes

Per-session subtree strategy uses :rest_for_one:

• ASM.Run.Supervisor
• ASM.Session.Server

Run workers are restart: :temporary to avoid restart loops after normal completion.

Remote backend sessions are supervised on the remote node, and startup is performed through the remote backend starter.

Quality Gates

mix format --check-formatted
mix compile --warnings-as-errors
mix test
mix credo --strict
mix dialyzer
mix docs
mix hex.build

Model Selection Contract

/home/home/p/g/n/agent_session_manager centralizes provider model resolution through /home/home/p/g/n/cli_subprocess_core before delegating to provider backends or SDK adapters. The authoritative policy APIs are CliSubprocessCore.ModelRegistry.resolve/3, CliSubprocessCore.ModelRegistry.validate/2, and CliSubprocessCore.ModelRegistry.default_model/2.

ASM option schemas are value carriers only. Backend lanes and provider extensions consume the resolved payload and do not own implicit provider/model fallback policy.

Session Control And Recovery Handles

agent_session_manager now owns a first-class session-control seam instead of relying on provider- specific escape hatches.

• ASM.SessionControl exposes shared list/resume/pause/intervene operations where the provider really supports them
• ASM session/run state now retains provider-native checkpoint data so upper callers can attempt an exact session resume before replaying work
• provider option validation now honestly reflects runtime support for recovery-related prompt controls: Claude, Codex, and Gemini accept supported prompt surfaces, while Amp rejects unsupported prompt controls such as system_prompt and max_turns instead of silently dropping them

This is the orchestration boundary that lets prompt_runner_sdk resume the same provider conversation with Continue after a recoverable runtime failure.

License

This project is licensed under the MIT License. See LICENSE for details.