Overview
Weavers are ephemeral Kubernetes pods that run Loom REPL sessions in isolated environments. Each weaver:
- Runs in the
loom-weavers namespace
- Has configurable resource limits (CPU, memory)
- Supports custom container images
- Auto-expires after a configurable lifetime (default: 24 hours, max: 48 hours)
- Provides terminal access via WebSocket
Permissions: Users can only manage weavers they own. System administrators can manage all weavers. Support users have read-only access.
Create Weaver
Provisions a new weaver pod in Kubernetes.
Request Body
Container image to run (e.g., "ghcr.io/loom/weaver:latest")
Organization ID (UUID). User must be a member of this organization.
Repository ID for repo-scoped secrets access
Environment variables as key-value pairs
Resource limits:
memory_limit: e.g., "8Gi"cpu_limit: e.g., "4"
User-defined metadata tags for filtering
Time-to-live in hours (max: 48, default: 24)
Override container ENTRYPOINT
Override container WORKDIR
Response
One of: pending, running, succeeded, failed, terminating
Configured lifetime in hours
Example
curl -X POST https://loom.ghuntley.com/api/weaver \
-H "Authorization: Bearer loom_sk_..." \
-H "Content-Type: application/json" \
-d '{
"image": "ghcr.io/loom/weaver:latest",
"org_id": "550e8400-e29b-41d4-a716-446655440000",
"env": {
"RUST_LOG": "debug"
},
"resources": {
"memory_limit": "4Gi",
"cpu_limit": "2"
},
"tags": {
"project": "ai-worker",
"env": "dev"
},
"lifetime_hours": 12
}'
{
"id": "weaver_abc123",
"pod_name": "loom-weaver-abc123",
"status": "pending",
"created_at": "2026-03-03T12:00:00Z",
"image": "ghcr.io/loom/weaver:latest",
"tags": {
"project": "ai-worker",
"env": "dev"
},
"lifetime_hours": 12,
"age_hours": 0.0,
"owner_user_id": "user_xyz789"
}
{
"error": "forbidden",
"message": "You are not a member of this organization"
}
List Weavers
Lists weavers. Regular users see only their own weavers. Admins and support see all weavers.
Query Parameters
Filter by tags (format: key:value). Multiple allowed.
Response
Number of weavers returned
Example
# List all weavers for current user
curl -H "Authorization: Bearer loom_sk_..." \
https://loom.ghuntley.com/api/weavers
# Filter by tags
curl -H "Authorization: Bearer loom_sk_..." \
"https://loom.ghuntley.com/api/weavers?tag=project:ai-worker&tag=env:prod"
{
"weavers": [
{
"id": "weaver_abc123",
"pod_name": "loom-weaver-abc123",
"status": "running",
"created_at": "2026-03-03T12:00:00Z",
"image": "ghcr.io/loom/weaver:latest",
"tags": {
"project": "ai-worker",
"env": "dev"
},
"lifetime_hours": 12,
"age_hours": 2.5,
"owner_user_id": "user_xyz789"
}
],
"count": 1
}
Get Weaver
Retrieves details for a specific weaver.
Path Parameters
Response
Returns a single weaver object.
Example
curl -H "Authorization: Bearer loom_sk_..." \
https://loom.ghuntley.com/api/weaver/weaver_abc123
{
"error": "forbidden",
"message": "Access denied to this weaver"
}
Delete Weaver
Deletes a weaver pod. Only the owner or system admin can delete.
Path Parameters
Response
Returns 204 No Content on success.
Example
curl -X DELETE -H "Authorization: Bearer loom_sk_..." \
https://loom.ghuntley.com/api/weaver/weaver_abc123
204 No Content
Stream Weaver Logs
GET /api/weaver/{id}/logs
Path Parameters
Query Parameters
Number of lines to tail from the end
Include timestamps in log lines
Response
Returns text/event-stream with log lines as SSE events.
Example
curl -N -H "Authorization: Bearer loom_sk_..." \
"https://loom.ghuntley.com/api/weaver/weaver_abc123/logs?tail=100×tamps=true"
data: 2026-03-03T12:00:00Z Starting Loom REPL...
data: 2026-03-03T12:00:01Z Connecting to LLM provider...
data: 2026-03-03T12:00:02Z Ready for input
Attach to Weaver Terminal
WS /api/weaver/{id}/attach
Path Parameters
Authentication
Use a WebSocket token from /auth/ws-token in the first message:
{"type": "auth", "token": "ws_..."}
Access Levels
- Full access (owner or admin): Can send input and receive output
- Read-only (support role): Can only view output
Example
const ws = new WebSocket('wss://loom.ghuntley.com/api/weaver/weaver_abc123/attach');
ws.onopen = () => {
// Authenticate
ws.send(JSON.stringify({type: 'auth', token: 'ws_...'}));
// Send input (text or binary)
ws.send('ls -la\n');
};
ws.onmessage = (event) => {
// Receive output (binary ArrayBuffer)
console.log(new TextDecoder().decode(event.data));
};
*** Read-only access: You can view output but cannot send input ***
Cleanup Expired Weavers
POST /api/weavers/cleanup
Query Parameters
If true, only list weavers that would be deleted without actually deleting them
Response
Whether this was a dry run
Weaver IDs that were deleted (null in dry run)
Weaver IDs that would be deleted (dry run only)
Number of weavers affected
Example
# Dry run
curl -X POST -H "Authorization: Bearer loom_sk_..." \
"https://loom.ghuntley.com/api/weavers/cleanup?dry_run=true"
{
"dry_run": true,
"deleted": null,
"would_delete": ["weaver_old123", "weaver_old456"],
"count": 2
}
# Actual cleanup
curl -X POST -H "Authorization: Bearer loom_sk_..." \
https://loom.ghuntley.com/api/weavers/cleanup
{
"dry_run": false,
"deleted": ["weaver_old123", "weaver_old456"],
"would_delete": null,
"count": 2
}
{
"error": "forbidden",
"message": "System admin access required for cleanup operations"
}