Agents
Tyr distinguishes between daemons (the tyrd process itself) and discovered agents (AI processes observed by a daemon).
Daemons
A daemon is a single tyrd instance running on a host. It has:
| Field | Example | Notes |
|---|---|---|
agent_id | 4f27e3c1-ab89-... | Assigned by server on first enrollment |
name | alice-laptop | Human label passed via --name |
client_cert | PEM blob | Issued by internal CA during enrollment |
last_seen | timestamp | Heartbeat every 30s (configurable) |
kernel | 6.8.0-51-generic | Reported on connect |
capabilities | {lsm, tls_capture, enforce} | Feature flags supported by this agent |
Daemons authenticate over mTLS on the gRPC channel. A daemon whose cert is revoked can no longer stream.
Discovered agents
When tyrd sees an AI process on its host (by fingerprint — binary path, cmdline, env markers), it registers a discovered agent:
| Field | Example |
|---|---|
id (uuid) | a1b2c3d4-... |
daemon_agent_id | parent daemon |
agent_type | cursor / copilot / claude-code / autogen / … |
display_name | overrideable in the UI |
pid (live) | active PID if currently running |
process_signature | hash of binary + cmdline pattern |
first_seen | timestamp |
The goal: you don’t enroll “Cursor” — Tyr finds it and gives you a handle to attach policies to.
Unregistered-agent policy
When tyrd sees a new process that doesn’t match any known agent_type, what should happen? Configured by unregistered_agents in tyrd.yaml:
| Value | Behavior |
|---|---|
audit | (default) Let it run, record events, flag for review. Safe default. |
quarantine | Apply a strict base policy until an admin approves or assigns an overlay. |
deny | Hard block execution entirely — only classified agents can run. |
See Configuration for the full list of fields.
Heartbeats and reconnects
- Heartbeat interval: 30 s default (
heartbeat_interval_sin config). - A daemon
last_seen > 90sago is shown as stale in the UI. - Re-connect is automatic with exponential backoff.
- During a disconnect, events are buffered to disk (
buffer_size_mb, default 500 MB) and replayed on reconnect.
Listing and filtering
tyr agent list # all daemonstyr agent list --include-archived # include soft-deleted
# Future — today via UItyr discovered-agent list # all AI processes observedDeletion
- Deleting a daemon removes its certificate and all its discovered-agent records.
- Events from that daemon remain for retention purposes.
- A daemon on the wire when its record is deleted will be rejected on next heartbeat and can re-enroll with a fresh token.
→ Next: Policies · AI detection