npm - @blogic-cz/agent-tools - Versions diffs - 0.14.30 → 0.14.32 - Mend

@blogic-cz/agent-tools 0.14.30 → 0.14.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json +1 -1
package/schemas/agent-tools.schema.json +4 -0
package/src/config/types.ts +9 -0
package/src/db-tool/service.ts +59 -0
package/src/gh-tool/pr/core.ts +68 -2
package/src/gh-tool/types.ts +4 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blogic-cz/agent-tools",
-  "version": "0.14.30",
+  "version": "0.14.32",
   "description": "CLI tools for AI coding agent workflows — GitHub, database, Kubernetes, Azure DevOps, logs, sessions, and audit",
   "keywords": [
     "agent",

package/schemas/agent-tools.schema.json CHANGED Viewed

@@ -240,6 +240,10 @@
           "description": "Optional timeout for establishing a tunnel, in milliseconds.",
           "type": "number"
         },
+        "apiProbeTimeoutMs": {
+          "description": "Timeout in milliseconds for the Kubernetes API-server reachability probe run before a tunnel attempt. Lets the direct (no-VPN) attempt fail fast instead of waiting out tunnelTimeoutMs when the API server is unreachable. Set to 0 to disable. Defaults to 2000.",
+          "type": "number"
+        },
         "remotePort": {
           "description": "Optional remote database port used by the tunnel.",
           "type": "number"

package/src/config/types.ts CHANGED Viewed

@@ -103,6 +103,15 @@ export type DatabaseConfig = ProfilePrerequisites & {
     service?: string;
   };
   tunnelTimeoutMs?: number;
+  /**
+   * Timeout in milliseconds for the cheap Kubernetes API-server reachability probe
+   * run before attempting a tunnel. When the API server is unreachable (VPN down and
+   * not on the office network) `kubectl port-forward` hangs silently on TCP connect, so
+   * a short probe lets the direct (no-VPN) attempt fail fast and fall back to connecting
+   * the VPN instead of waiting out `tunnelTimeoutMs`. Set to 0 to disable the probe.
+   * Defaults to 2000.
+   */
+  apiProbeTimeoutMs?: number;
   remotePort?: number;
 };

package/src/db-tool/service.ts CHANGED Viewed

@@ -51,6 +51,27 @@ export function resolveDbAccessMode(
   };
 }
+/**
+ * Build the kubectl args for the lightweight API-server reachability probe.
+ * Hitting `/version` via `--raw` is the cheapest authenticated round-trip; `--request-timeout`
+ * bounds it so an unreachable server (VPN down, off the office network) fails fast instead of
+ * letting a subsequent `kubectl port-forward` hang on a silent TCP connect.
+ */
+export function buildApiProbeArgs(
+  kubeconfig: string | undefined,
+  context: string,
+  timeoutMs: number,
+): string[] {
+  return [
+    ...(kubeconfig ? ["--kubeconfig", kubeconfig] : []),
+    "--context",
+    context,
+    "get",
+    "--raw=/version",
+    `--request-timeout=${timeoutMs}ms`,
+  ];
+}
 export class DbService extends Context.Service<
   DbService,
   {
@@ -89,6 +110,7 @@ export class DbService extends Context.Service<
         const kubectlNamespace = dbConfig.kubectl?.namespace;
         const kubectlService = dbConfig.kubectl?.service ?? "postgresql";
         const tunnelTimeoutMs = dbConfig.tunnelTimeoutMs ?? 5000;
+        const apiProbeTimeoutMs = dbConfig.apiProbeTimeoutMs ?? 2000;
         const remotePort = dbConfig.remotePort ?? 5432;
         const zshrcEnvCache = yield* Ref.make<Record<string, string> | null>(null);
@@ -326,6 +348,35 @@ export class DbService extends Context.Service<
             return proc;
           });
+        /**
+         * Cheap pre-flight check: is the Kubernetes API server reachable right now?
+         * Returns true when the probe is disabled (apiProbeTimeoutMs <= 0) or no context is
+         * configured, so behaviour is unchanged unless a probe can meaningfully run. A false
+         * result lets the direct (no-VPN) tunnel attempt bail fast and fall back to the VPN
+         * prerequisite instead of waiting out tunnelTimeoutMs on a silently hanging port-forward.
+         */
+        const probeApiServerReachable = Effect.fn("DbService.probeApiServerReachable")(function* (
+          config: DbConfig,
+        ) {
+          if (!kubectlContext || apiProbeTimeoutMs <= 0) {
+            return true;
+          }
+          const kubeconfig = yield* resolveKubeconfig(config.port).pipe(
+            Effect.orElseSucceed(() => undefined),
+          );
+          const result = yield* executeShellCommand(
+            ChildProcess.make(
+              "kubectl",
+              buildApiProbeArgs(kubeconfig, kubectlContext, apiProbeTimeoutMs),
+              { stdout: "pipe", stderr: "pipe" },
+            ),
+          ).pipe(Effect.catch(() => Effect.succeed({ stdout: "", stderr: "", exitCode: 1 })));
+          return result.exitCode === 0;
+        });
         const buildPsqlCommand = (
           config: DbConfig,
           sql: string,
@@ -606,6 +657,14 @@ export class DbService extends Context.Service<
           return Effect.scoped(
             Effect.gen(function* () {
+              const reachable = yield* probeApiServerReachable(config);
+              if (!reachable) {
+                return yield* new DbTunnelError({
+                  message: `Kubernetes API server not reachable within ${apiProbeTimeoutMs}ms; skipping tunnel attempt (VPN likely not connected and not on the office network).`,
+                  port: config.port,
+                });
+              }
               const tunnelProc = yield* startTunnelProcess(config).pipe(
                 Effect.mapError(
                   (platformError) =>

package/src/gh-tool/pr/core.ts CHANGED Viewed

@@ -523,16 +523,46 @@ export const mergePR = Effect.fn("pr.mergePR")(function* (opts: {
     "number,url,title,headRefName,baseRefName,state,isDraft,mergeable",
   ]);
+  // Stacked-PR safety: find open PRs that depend on this PR's head branch.
+  // Deleting the head branch of an open PR that uses it as its base CLOSES that
+  // PR (GitHub CLI behavior, see cli/cli#1168) instead of retargeting it. We
+  // retarget such dependents onto this PR's base first, and only delete the
+  // branch if EVERY retarget succeeds (fail-closed).
+  const dependentOpenPrs =
+    opts.deleteBranch && info.headRefName
+      ? yield* gh.runGhJson<Array<{ number: number; headRefName: string; baseRefName: string }>>([
+          "pr",
+          "list",
+          "--base",
+          info.headRefName,
+          "--state",
+          "open",
+          "--limit",
+          "100",
+          "--json",
+          "number,headRefName,baseRefName",
+        ])
+      : [];
   if (!opts.confirm) {
     const mergeableNote =
       info.mergeable === "MERGEABLE"
         ? "PR is mergeable."
         : `PR mergeable status: ${info.mergeable}`;
+    const dependentNote =
+      dependentOpenPrs.length > 0
+        ? `${dependentOpenPrs.length} dependent open PR(s) (${dependentOpenPrs
+            .map((d) => `#${d.number}`)
+            .join(", ")}) will be retargeted to \`${info.baseRefName}\` before deletion; ` +
+          "branch deletion is skipped if any retarget fails. "
+        : "";
     yield* Console.log(
       `DRY RUN: Would merge PR #${info.number} "${info.title}" via ${opts.strategy.toUpperCase()}. ` +
         `Branch \`${info.headRefName}\` → \`${info.baseRefName}\`. ` +
         (opts.deleteBranch ? `Branch \`${info.headRefName}\` will be deleted. ` : "") +
+        dependentNote +
         mergeableNote,
     );
@@ -545,9 +575,43 @@ export const mergePR = Effect.fn("pr.mergePR")(function* (opts: {
     return result;
   }
+  // Retarget dependents BEFORE merging so the head branch can be deleted safely.
+  // If any retarget fails, keep the branch (fail-closed) so no dependent PR is closed.
+  let willDeleteBranch = opts.deleteBranch;
+  let branchDeleteSkipped = false;
+  const retargetedChildren: number[] = [];
+  if (opts.deleteBranch && dependentOpenPrs.length > 0) {
+    const repo = yield* gh.getRepoInfo();
+    for (const child of dependentOpenPrs) {
+      const retargeted = yield* gh
+        .runGh([
+          "api",
+          "--method",
+          "PATCH",
+          `repos/${repo.owner}/${repo.name}/pulls/${child.number}`,
+          "-f",
+          `base=${info.baseRefName}`,
+        ])
+        .pipe(
+          Effect.as(true),
+          Effect.orElseSucceed(() => false),
+        );
+      if (retargeted) {
+        retargetedChildren.push(child.number);
+      } else {
+        willDeleteBranch = false;
+        branchDeleteSkipped = true;
+        break;
+      }
+    }
+  }
   const mergeArgs = ["pr", "merge", String(opts.pr), `--${opts.strategy}`];
-  if (opts.deleteBranch) {
+  if (willDeleteBranch) {
     mergeArgs.push("--delete-branch");
   }
@@ -604,8 +668,10 @@ export const mergePR = Effect.fn("pr.mergePR")(function* (opts: {
   const result: MergeResult = {
     merged: true,
     strategy: opts.strategy,
-    branchDeleted: opts.deleteBranch,
+    branchDeleted: willDeleteBranch,
     sha: shaMatch?.[1] ?? null,
+    retargetedChildren: retargetedChildren.length > 0 ? retargetedChildren : undefined,
+    branchDeleteSkipped: branchDeleteSkipped ? true : undefined,
   };
   return result;
 });

package/src/gh-tool/types.ts CHANGED Viewed

@@ -127,6 +127,10 @@ export type MergeResult = {
   strategy: MergeStrategy;
   branchDeleted: boolean;
   sha: string | null;
+  /** PR numbers whose base was retargeted off the deleted branch before deletion. */
+  retargetedChildren?: number[];
+  /** True when branch deletion was requested but skipped to protect dependent PRs. */
+  branchDeleteSkipped?: boolean;
 };
 export type RepoInfo = {