@agentsoc/beacon 0.0.5 → 0.0.7

package/README.md

@@ -95,10 +95,12 @@ _Note: You can use `AGENTSOC_API_KEY` instead of saving a key in config. Use `AG
 Install the background service daemon (systemd on Linux, launchd on macOS):
 
 ```bash
-sudo beacon install
+sudo "$(command -v beacon)" install
 ```
 
-On macOS the plist is written under `/Library/LaunchDaemons/`, and on Linux the unit file goes under `/etc/systemd/system/`—both require root, so use `sudo`. The service is configured to **run as your login user** (via `SUDO_USER` when you use `sudo`), so it uses the same config directory as `beacon config`—not root’s home. If `sudo` cannot find `beacon` (for example with nvm), run `sudo env "PATH=$PATH" beacon install` or invoke the CLI with the full path to the global binary.
+On macOS the plist is written under `/Library/LaunchDaemons/`, and on Linux the unit file goes under `/etc/systemd/system/`—both require root. The service **runs as your login user** (via `SUDO_USER` when you use `sudo`), so it uses the same config directory as `beacon config`—not root’s home.
+
+**`sudo beacon` says “command not found”:** sudo resets `PATH`, so it often cannot see npm/nvm global bins. Use `sudo "$(command -v beacon)" install` (as above), or `sudo env "PATH=$PATH" beacon install`, or the full path from `which beacon`.
 
 ### Status and stats
 

package/dist/service-install.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"service-install.d.ts","sourceRoot":"","sources":["../src/service-install.ts"],"names":[],"mappings":"AA4IA,wBAAsB,cAAc,kBA4EnC"}
+{"version":3,"file":"service-install.d.ts","sourceRoot":"","sources":["../src/service-install.ts"],"names":[],"mappings":"AAkJA,wBAAsB,cAAc,kBA4EnC"}

package/dist/service-install.js

@@ -4,11 +4,17 @@ import os from 'node:os';
 import path from 'node:path';
 import { execFileSync, execSync } from 'node:child_process';
 import { BEACON_CONFIG_REQUIRED_MESSAGE, loadConfig } from './config.js';
-const PERMISSION_DENIED_HINT = `That location is only writable as root. Run the same command with sudo, for example:
+const PERMISSION_DENIED_HINT = `That location is only writable as root. From the same shell where \`beacon\` works, run:
 
-  sudo beacon install
+  sudo "$(command -v beacon)" install
 
-You will be prompted for your administrator password.`;
+You will be prompted for your administrator password.
+
+Why not \`sudo beacon install\`? sudo uses a minimal PATH. When beacon was installed with npm/nvm/fnm as your user, root often cannot find the \`beacon\` command (you will see "command not found"). The line above resolves the full path before sudo runs.
+
+Other options:
+  sudo env "PATH=$PATH" beacon install
+  sudo /path/from/which/beacon install`;
 function permissionDeniedInstallError(destPath) {
     return new Error(`Cannot install the system service: permission denied for ${path.dirname(destPath)}.\n\n${PERMISSION_DENIED_HINT}`);
 }
@@ -123,7 +129,7 @@ function launchctlBootstrapSystem(plistPath) {
         const err = e;
         const detail = err.stderr?.toString('utf8').trim() ?? '';
         const suffix = detail ? `\n${detail}` : '';
-        throw new Error(`launchctl bootstrap failed for ${plistPath}.${suffix}\n\nTry:\n  sudo launchctl bootout system ${plistPath}\n  sudo beacon install`);
+        throw new Error(`launchctl bootstrap failed for ${plistPath}.${suffix}\n\nTry:\n  sudo launchctl bootout system ${plistPath}\n  sudo "$(command -v beacon)" install`);
     }
 }
 export async function installService() {

package/dist/tail.d.ts

@@ -3,7 +3,10 @@ export declare class SyslogSource {
     private onLog;
     private tailProc?;
     private udpServer?;
+    /** Avoid repeating the tip if stderr arrives in multiple chunks. */
+    private journalRestrictedHintShown;
     constructor(onLog: LogCallback);
+    private startUdpListener;
     start(): void;
     stop(): void;
 }

package/dist/tail.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tail.d.ts","sourceRoot":"","sources":["../src/tail.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,WAAW,GAAG,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;AAEjD,qBAAa,YAAY;IAIX,OAAO,CAAC,KAAK;IAHzB,OAAO,CAAC,QAAQ,CAAC,CAAe;IAChC,OAAO,CAAC,SAAS,CAAC,CAAe;gBAEb,KAAK,EAAE,WAAW;IAE/B,KAAK;IAkDL,IAAI;CAQZ"}
+{"version":3,"file":"tail.d.ts","sourceRoot":"","sources":["../src/tail.ts"],"names":[],"mappings":"AAIA,MAAM,MAAM,WAAW,GAAG,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;AAgCjD,qBAAa,YAAY;IAMX,OAAO,CAAC,KAAK;IALzB,OAAO,CAAC,QAAQ,CAAC,CAAe;IAChC,OAAO,CAAC,SAAS,CAAC,CAAe;IACjC,oEAAoE;IACpE,OAAO,CAAC,0BAA0B,CAAS;gBAEvB,KAAK,EAAE,WAAW;IAEtC,OAAO,CAAC,gBAAgB;IAcjB,KAAK;IAqEL,IAAI;CAQZ"}

package/dist/tail.js

@@ -1,19 +1,79 @@
-import { spawn } from "node:child_process";
+import { spawn, spawnSync } from "node:child_process";
 import dgram from "node:dgram";
+import fs from "node:fs";
+/**
+ * Fallback when journalctl is unavailable (non-systemd or embedded images).
+ * Debian/Ubuntu rsyslog paths and common /var/log/messages.
+ */
+const LINUX_FILE_LOG_CANDIDATES = [
+    "/var/log/syslog",
+    "/var/log/auth.log",
+    "/var/log/messages",
+];
+function existingLinuxLogFiles() {
+    return LINUX_FILE_LOG_CANDIDATES.filter((p) => {
+        try {
+            return fs.existsSync(p) && fs.statSync(p).isFile();
+        }
+        catch {
+            return false;
+        }
+    });
+}
+/** True if systemd-journald CLI is on PATH (standard on systemd Linux; no extra packages). */
+function journalctlAvailable() {
+    const r = spawnSync("journalctl", ["--version"], { stdio: "ignore" });
+    return !r.error && r.status === 0;
+}
+/** journalctl prints this when the user lacks system journal ACLs (first follow only). */
+const JOURNAL_RESTRICTED_HINT = /not seeing messages from other users/i;
 export class SyslogSource {
     onLog;
     tailProc;
     udpServer;
+    /** Avoid repeating the tip if stderr arrives in multiple chunks. */
+    journalRestrictedHintShown = false;
     constructor(onLog) {
         this.onLog = onLog;
     }
+    startUdpListener() {
+        this.udpServer = dgram.createSocket("udp4");
+        this.udpServer.on("message", (msg) => {
+            this.onLog(msg.toString("utf8").trim());
+        });
+        this.udpServer.on("error", (err) => {
+            console.error(`[syslog-udp] error:\n${err.stack}`);
+            this.udpServer?.close();
+        });
+        this.udpServer.bind(5140, () => {
+            console.log("[syslog-udp] listening on UDP 5140");
+        });
+    }
     start() {
         if (process.platform === "linux") {
-            this.tailProc = spawn("tail", [
-                "-F",
-                "/var/log/syslog",
-                "/var/log/auth.log",
-            ]);
+            let stderrIsJournalctl = false;
+            if (journalctlAvailable()) {
+                stderrIsJournalctl = true;
+                console.log("[syslog-tail] Streaming systemd journal (journalctl -f)");
+                this.tailProc = spawn("journalctl", [
+                    "-f",
+                    "--no-pager",
+                    "-o",
+                    "short-iso",
+                ]);
+            }
+            else {
+                const logFiles = existingLinuxLogFiles();
+                if (logFiles.length > 0) {
+                    console.log(`[syslog-tail] Following: ${logFiles.join(", ")}`);
+                    this.tailProc = spawn("tail", ["-F", ...logFiles]);
+                }
+                else {
+                    console.log("[syslog-tail] No journalctl or log files under /var/log; listening on UDP 5140");
+                    this.startUdpListener();
+                    return;
+                }
+            }
             this.tailProc.stdout?.on("data", (data) => {
                 const lines = data.toString().split("\n");
                 for (const line of lines) {
@@ -22,7 +82,14 @@ export class SyslogSource {
                 }
             });
             this.tailProc.stderr?.on("data", (data) => {
-                console.error(`[syslog-tail] ${data.toString()}`);
+                const text = data.toString();
+                console.error(`[syslog-tail] ${text}`);
+                if (stderrIsJournalctl &&
+                    !this.journalRestrictedHintShown &&
+                    JOURNAL_RESTRICTED_HINT.test(text)) {
+                    this.journalRestrictedHintShown = true;
+                    console.error("[syslog-tail] Only your user journal is visible. For system-wide logs, add this user to group systemd-journal or adm, or run beacon as root (no extra packages).");
+                }
             });
         }
         else if (process.platform === "darwin") {
@@ -46,18 +113,8 @@ export class SyslogSource {
             });
         }
         else {
-            // Windows or other - start a UDP server
-            this.udpServer = dgram.createSocket("udp4");
-            this.udpServer.on("message", (msg) => {
-                this.onLog(msg.toString("utf8").trim());
-            });
-            this.udpServer.on("error", (err) => {
-                console.error(`[syslog-udp] error:\n${err.stack}`);
-                this.udpServer?.close();
-            });
-            this.udpServer.bind(5140, () => {
-                console.log("[syslog-udp] listening on UDP 5140");
-            });
+            // Windows or other — UDP listener for forwarded syslog
+            this.startUdpListener();
         }
     }
     stop() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentsoc/beacon",
-  "version": "0.0.5",
+  "version": "0.0.7",
   "description": "Lightweight, background-running log forwarder (beacon) for AgentSOC",
   "type": "module",
   "bin": {