session_create
Open a stateful shell session via local, SSH, or Docker. Configure command restrictions, workspace checkpoints, and output budgets for safe execution.
Instructions
Open a stateful shell session. transport is "local", "ssh", or "docker". ssh needs host, user, and password or key_path; docker needs container (a running container name/id). Optional fingerprint (pin host key), allow/deny command lists. Returns a session_id. Remote sessions support workspace checkpoints - requires git on the remote AND an explicit workspace (set 'workspace'; without it checkpoints/auto_snapshot are disabled, never defaulting to the home dir). Tune with auto_snapshot, paths, checkpoint_ignores. Pass output_budget (same shape as session_exec's budget) to default-shape every command's output.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| deny | No | Optional command denylist (program names). | |
| host | No | SSH host (required for ssh). | |
| port | No | SSH port (default 22). | |
| user | No | SSH user (required for ssh). | |
| allow | No | Optional command allowlist (program names). If set, only these run. | |
| paths | No | Sub-paths under the root to checkpoint (optional; default: whole root). | |
| key_path | No | SSH private-key path (must live under the operator's key dir). | |
| password | No | SSH password auth. | |
| container | No | Docker container name or id (required for docker). | |
| transport | Yes | Transport: "local" (a local shell), "ssh", or "docker". | |
| workspace | No | Remote workspace root for checkpoints. REQUIRED to enable checkpoints; there is no default (it will not snapshot the cwd/home dir). | |
| fingerprint | No | Optional pinned host-key fingerprint ("SHA256:..."). If set, the server requires the host key to match exactly. Otherwise the operator's known_hosts file is used. | |
| auto_snapshot | No | Auto-snapshot before changing remote commands (default true, but only takes effect once `workspace` is set; remote only). | |
| output_budget | No | Default output budget for every exec in this session (optional). | |
| checkpoint_ignores | No | Extra exclude patterns (gitignore syntax) added to the snapshot, on top of the built-in defaults (.git, node_modules, caches, .ssh, ...). |