Daemon — Fuze AI Docs

The Fuze daemon is an optional background process that adds cross-run pattern detection, org-wide budget enforcement, kill switches, and persistent audit storage.

Starting the daemon

npx fuze-ai daemon

The daemon listens on a Unix Domain Socket (or Windows named pipe) and exposes an HTTP API for the dashboard and external integrations.

What the daemon adds

Capability	SDK only	SDK + Daemon
Per-run budget	Yes	Yes
Org-wide daily budget	No	Yes
Per-agent daily budget	No	Yes
Loop detection	Per-run	Per-run + cross-run patterns
Trace storage	JSONL file	SQLite with hash-chained audit log
Kill switch	No	Yes — via API or dashboard
Compensation/rollback	In-process only	Persistent + API-triggered
Alerts	No	Webhooks + dashboard WebSocket
Pattern analysis	No	Repeated failures, cost spikes, reliability drops

Architecture

┌─────────────┐     UDS/pipe      ┌──────────────┐     HTTP     ┌───────────┐
│  Your Agent │  ──────────────── │  Fuze Daemon │ ──────────── │ Dashboard │
│  (fuze-ai)  │                   │              │              │  (React)  │
└─────────────┘                   │ ┌──────────┐ │              └───────────┘
                                  │ │  SQLite  │ │
                                  │ │  audit   │ │
                                  │ └──────────┘ │
                                  └──────────────┘

The SDK communicates with the daemon over a Unix Domain Socket (Linux/macOS) or named pipe (Windows). The daemon stores all audit data in SQLite with SHA-256 hash chains for tamper detection.

Configuration

[daemon]
socket_path = "/tmp/fuze.sock"       # Unix socket path
api_port = 7700                       # HTTP API port
storage_path = "~/.fuze/traces.db"    # SQLite database
retention_days = 180                  # Min 180 for EU AI Act Art. 19

[daemon.budget]
org_daily_budget = 100.00             # Org-wide daily ceiling (USD)
per_agent_daily_budget = 20.00        # Per-agent daily ceiling (USD)
alert_threshold = 0.80                # Alert at 80% of ceiling

[daemon.alerts]
dedup_window_ms = 60000               # Suppress duplicate alerts within window
webhook_urls = ["https://hooks.slack.com/..."]

On Windows, use a named pipe:

[daemon]
socket_path = "\\\\.\\pipe\\fuze.sock"

API endpoints

Method	Path	Description
`GET`	`/api/health`	Daemon liveness check
`GET`	`/api/runs`	Paginated run list with filters
`GET`	`/api/runs/:id`	Single run with steps and events
`POST`	`/api/runs/:id/kill`	Kill an active run
`GET`	`/api/runs/:id/compensation`	Compensation records for a run
`POST`	`/api/runs/:id/rollback`	Trigger manual rollback
`GET`	`/api/budget`	Org and per-agent spend
`GET`	`/api/agents/:id/health`	Agent reliability stats
`GET`	`/api/compliance/report/:id`	EU AI Act incident report
`WS`	`/ws`	Live alerts stream

Audit integrity

Every record in the SQLite database is hash-chained using SHA-256. The daemon maintains four independent chains:

Runs — immutable fields hashed at insertion
Steps — every tool call recorded and chained
Guard events — loop detections, budget blocks, kills
Compensation records — rollback actions and outcomes

Verify chain integrity:

# Via API
curl http://localhost:7700/api/compliance/report/RUN_ID

The verifyHashChain() method checks all four chains and reports the first broken record if tampering is detected.

Data retention

The daemon automatically purges data older than retention_days. Purging cascades across all related tables:

Runs
Steps
Guard events
Compensation records
Idempotency keys

This ensures no orphaned records remain after purge.

Resource management

The daemon caps in-memory ended runs at 1,000 entries (FIFO eviction) to prevent unbounded memory growth during long-running deployments. Active runs are always retained.