Skip to main content
A Durable Agent Session is never lost and always resumable:
  • The event log is durable forever (the record of everything the agent did).
  • Disconnect → reconnect from any cursor, nothing missed.
  • The runtime crashes → we restart it automatically and it picks up from where it was.
  • The runtime hangs → a turn deadline bounds it; the turn ends and you steer to continue.
  • The session idles → it hibernates (≈ free) and the session survives even if its sandbox is reclaimed.
Narrow edges, all on the roadmap (see Limits): a sandbox lost mid-turn re-runs that turn; a hung turn ends at its deadline rather than auto-continuing; uncommitted files don’t survive sandbox loss (commit/push to keep them).

The event log is the source of truth

Every step is appended to the session’s log with a monotonic seq. The log is durable and ordered; reads and the live stream are served from it. Anything the agent has logged or delivered is safe.

Stream resume

Disconnects lose nothing. Reconnect with after=<last seq you saw> and you get every event since, in order — no gaps, no duplicates. 
// reconnect loop
let cursor = lastSeqSeen;
const res = await fetch(
  `https://api.opencomputer.dev/v3/sessions/${id}/events?stream=sse&after=${cursor}`,
  { headers: { Authorization: `Bearer ${clientToken}` } }
);

Hibernate & resume

When a session has nothing to do it goes idle and its sandbox hibernates — the VM is snapshotted and stopped. You pay storage-only while idle; active seconds only show up in usage. The next message (a steer, or the next turn) wakes it, typically sub-second, and it continues with prior context.
This mirrors sandbox hibernation: idle ≈ free, fast wake. Sessions manage it for you — you don’t set a timeout per turn. The runtime’s state is also checkpointed off-box at each hibernate, so an idle session resumes even if its sandbox is reclaimed.

Self-healing runtime

You don’t restart anything — the platform does. The runtime keeps its working state (the agent’s session journal) on the sandbox, and OpenComputer recovers it for you:
  • Runtime crashes (process dies, sandbox fine) → we start it again in the same sandbox; it continues from its on-box journal, not from scratch (work since the last journaled step may repeat).
  • Runtime hangs → bounded by a turn deadline; the turn ends with deadline_exceeded and you steer to continue. (Faster heartbeat-based restart is on the roadmap.)
  • Sandbox reclaimed while idle → we recreate it and restore the last checkpoint, resuming the conversation from the last completed turn. (The brain state is restored; commit/push to keep file changes — see below.)

Limits

What’s guaranteed today, and what isn’t:
FailureWhat happens
Client disconnectsReconnect from your cursor; nothing lost.
Session idlesSandbox hibernates; resumes intact on the next message.
Runtime crashesAuto-restarted in the same sandbox; continues from the on-box journal — work since the last journaled step may repeat (make side effects idempotent).
Runtime hangsBounded by the turn deadline; the turn ends deadline_exceeded — steer to continue.
Sandbox lost while idleRecreated and restored from the last checkpoint; conversation resumes from the last completed turn. Uncommitted hands-sandbox files are not restored — commit/push to keep them.
Sandbox lost mid-turnThat one turn re-runs from the log. Only logged / committed / delivered work product is guaranteed.
The one edge not yet covered: a sandbox lost mid-turn re-runs that turn rather than resuming mid-thought — so in-flight, unlogged work can be redone. Build idempotent side effects, and treat the event log (and delivered webhooks) as your durable record. Byte-exact mid-turn resume is coming in a later release.