Skip to main content

What It Does

A snapshot captures a workspace as a single tar file: mount configs, sessions, history, finished jobs, cache bytes, and one fingerprint per recorded remote read. Loading a snapshot reconstructs the workspace and verifies that the underlying sources have not drifted since capture. When the backend exposes a stable per-object revision marker (S3 VersionId, Drive revisionId, Git commit SHA), the snapshot also records that revision. At load time, reads pin to the recorded revision and serve the exact bytes the original agent saw, even if the live object has since been overwritten.

The API

TypeScript file-path snapshot I/O is available in Node. In the browser, Workspace.load(snapshotBytes) accepts a Uint8Array, and Workspace.fromState(...) restores a state object; writing the tar to a file or download target is the application’s responsibility. Both snapshot and copy are async because they serialize workspace state and collect recorded fingerprints.

Versioning: commit, checkout, clone

A tar snapshot is a portable capture you move between machines. Versioning is the in-place complement: a git-style history kept with the workspace, server-side and keyed by workspace id, so you can checkpoint, roll back, branch, and fork without writing a file. It is backed by a real git object store (dulwich) inside the daemon. This is a CLI / REST feature, not an SDK method (there is no ws.commit() in-process):
See the CLI versioning reference for log, diff, branch, and the full flag set.

What Is And Isn’t Captured

Captured

  • Mount configs (creds redacted; restore via resources= override)
  • Sessions, history, finished jobs
  • Cache bytes for touched paths
  • One fingerprint per remote read (ETag-equivalent)
  • Optional per-path revision when the backend exposes one

Not captured

  • Live state of mounts with SUPPORTS_SNAPSHOT=False (Gmail, Slack, Linear, Notion, …)
  • Files the agent never touched
  • Raw bytes of remote objects (recoverable only via revision pin)

Drift Detection

On the first dispatch or execute after load, Mirage stats every fingerprinted path against the live source in parallel. If any path’s live fingerprint differs from the recorded one, the workspace raises ContentDriftError:
Paths that carry a revision pin are skipped — the pinned read serves the exact original bytes, so a fingerprint mismatch is expected and harmless.

Drift Policies

Pass via await Workspace.load(..., drift_policy=DriftPolicy.OFF).

How It Composes With Caching

Snapshots interact with two existing caches: Only files the agent actually read are fingerprinted. Capture walks ws._ops.records for op == "read" and dedups by path. Files that were listed but never opened, or touched only by stat / readdir, do not carry a fingerprint or a revision. At load time, three pieces of restored state cooperate per read:
  1. Cache is consulted first. Snapshot bytes go back into Workspace._cache; a warm read returns them with no network round-trip.
  2. Fingerprint verifies the cache. Under STRICT, the eager drift check stats every recorded path against live and raises before any read fires if anything moved. The cache is therefore trusted as authoritative until proven stale.
  3. Revision pin is the cold-path recovery. When the cache misses and the backend supports pinning, reads fetch the exact recorded revision (S3 GetObject(VersionId=...)) so you still get original bytes, not the live head.
The same three states under each policy: The cache is the optimization, the fingerprint is the verifier, and the pin is the recovery — three independent guarantees that “what you replay equals what you captured.”

Resource Support Matrix

Remote drift detection is opt-in per resource through SUPPORTS_SNAPSHOT in Python and supportsSnapshot in TypeScript. A working adapter must also attach a fingerprint to each read record; a revision is optional and enables pinned replay. Legend: ✅ = implemented · 🟡 = resource opts in, but recorded reads do not yet carry the fingerprint · ❌ = live-only · — = unavailable in that runtime.

Remote Resources

Local State

RAM, Disk, and Redis serialize their resource state into the snapshot. They do not need a remote drift check or revision pin: replay restores the captured state directly. Credentials and connection details remain redacted and may require a resource override at load time.

Extending To A New Backend

Three steps in Python:
And in your read function, look up the active pin and pass both the fingerprint and the revision through to record so the snapshot captures whatever the backend served:
At load time the workspace writes each manifest entry straight into mount.revisions — no per-resource hook required. If your backend has no stable revision, skip steps 3 and 6; drift detection still works on the fingerprint alone.

Caveats

  • Revision longevity. Pinned reads only work as long as the source still retains the recorded revision. S3 bucket lifecycle rules can age out old versions; Drive keeps revisions for 30 days on non-Workspace files. Treat pins as best-effort.
  • First read after load is slower than the rest. Workspace.load() returns immediately, but the first execute() or dispatch() afterwards pauses while Mirage verifies that nothing has drifted upstream. Concretely, it asks the live source “is this path still the bytes I remember?” once per recorded read, in parallel. Tiny for short sessions (tens of milliseconds); a few hundred milliseconds to a couple of seconds for sessions with hundreds of recorded reads. The pause happens once per loaded workspace; subsequent calls are normal speed. Pass drift_policy=DriftPolicy.OFF if you want to skip the check entirely.