Skip to content

Herd

Unix Domain Sockets

Herd

Introduction
Introduction
- What is Herd?
- Quickstart
Architecture
Architecture
- Dual-Mode Design
- Singleflight & Locks
Native Go Library
Native Go Library
- Worker Interfaces
gRPC Daemon
gRPC Daemon
- Installation
- CLI Reference
- Unix Domain Sockets Unix Domain Sockets
  Table of contents

Unix Domain Sockets

Herd uses Unix Domain Sockets (UDS) for the local control plane in single-node daemon mode.

Why UDS

Keeps control traffic local to the host.
Avoids exposing control APIs over TCP.
Simplifies local SDK connectivity and access controls.

Socket Path

Configured via:

network:
    control_socket: /tmp/herd.sock

Validation rules:

Must be an absolute path.
Must fit Unix socket path length limits.

Security and Lifecycle

At daemon startup:

Any stale socket file is removed.
Socket is re-created and bound.
Permissions are set to 0600.

At daemon shutdown:

gRPC server stops.
Listener closes.
Socket file is removed.

Control Stream Semantics

The control stream owns session liveness.

If stream closes normally (io.EOF), session worker is force-terminated.
If stream breaks with error, session worker is force-terminated.

This prevents leaked stateful subprocesses after local client crashes.