Local Device Architecture
This document describes the technical architecture of local device support, including communication protocols, heartbeat mechanisms, and security design.
π Architecture Overviewβ
System Componentsβ
Communication Architectureβ
The following diagram shows how local devices communicate with the Wegent system:
π‘ WebSocket Protocolβ
Event Typesβ
| Event | Direction | Description |
|---|---|---|
device:register | Device β Backend | Device registration |
device:heartbeat | Device β Backend | Heartbeat keepalive |
task:execute | Backend β Device | Task dispatch |
task:progress | Device β Backend | Task progress |
task:complete | Device β Backend | Task completion |
Message Formatβ
// device:register
{
"event": "device:register",
"data": {
"device_id": "uuid-xxx",
"name": "Darwin - MacBook-Pro.local",
"max_slots": 5
}
}
// device:heartbeat
{
"event": "device:heartbeat",
"data": {
"device_id": "uuid-xxx",
"running_task_ids": ["task-1", "task-2"]
}
}
// task:execute
{
"event": "task:execute",
"data": {
"subtask_id": "subtask-xxx",
"prompt": "User message",
"context": {}
}
}
π Heartbeat Mechanismβ
Sequence Diagramβ
Timing Parametersβ
| Parameter | Value | Description |
|---|---|---|
| Heartbeat Interval | 30 seconds | Device sends heartbeat |
| Online TTL | 90 seconds | Redis key expiration |
| Monitor Interval | 60 seconds | Backend checks expired devices |
| Offline Threshold | 3 missed heartbeats | Device marked as offline |
Running Task Trackingβ
Each heartbeat contains currently running task IDs, used for:
- Real-time slot usage tracking
- Orphaned task detection
- Automatic cleanup on disconnection
π Task Execution Flowβ
Task State Transitionsβ
π Security Mechanismsβ
Authentication Flowβ
Security Featuresβ
| Feature | Description |
|---|---|
| JWT Authentication | WebSocket connections require valid token |
| Token Expiration | 7-day expiry, requires periodic refresh |
| User Isolation | Devices can only execute tasks from their owner |
| Hardware Binding | Device ID generated from hardware identifiers |
User Isolationβ
Each device session is bound to a user:
- Devices can only receive tasks from their registered owner
- Prevents cross-user task execution
- Subtasks validated against user namespace
Data Privacyβ
When using local devices:
- Code stays local: Source code is never uploaded to cloud
- Local execution: All processing happens on user's machine
- Result streaming: Only output text is transmitted
- No persistent storage: Cloud doesn't store local files
π§ Device ID Generationβ
The Executor automatically generates a stable device ID based on the following priority:
- Cached ID: Stored in
~/.wegent-executor/device_id(if exists) - Hardware UUID:
- macOS: System hardware UUID
- Linux:
/etc/machine-id - Windows:
MachineGuidfrom registry
- Fallback: MAC address or random UUID
This ensures devices maintain consistent identity across restarts.
π Concurrency Controlβ
Slot Managementβ
Each device supports up to 5 concurrent tasks:
- Slot usage tracked in real-time via heartbeats
- Device shows "busy" when all slots are occupied
- Tasks queue if busy device is selected
Load Balancingβ
π Related Documentationβ
- Local Device User Guide - User operation guide
- System Architecture - Overall architecture design
- OpenAPI Responses API - API reference
π¬ Get Helpβ
Need help?
- π Check the FAQ
- π Submit a GitHub Issue
- π¬ Join community discussions