npm - @bpinhosilva/agent-orchestrator - Versions diffs - 1.0.0-alpha.40 → 1.0.0-alpha.42 - Mend

@bpinhosilva/agent-orchestrator 1.0.0-alpha.40 → 1.0.0-alpha.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,17 @@
+# [1.0.0-alpha.42](https://github.com/bpinhosilva/agent-orchestrator/compare/v1.0.0-alpha.41...v1.0.0-alpha.42) (2026-04-17)
+### Features
+* add early crash detection and log tailing for server process ([b3c7945](https://github.com/bpinhosilva/agent-orchestrator/commit/b3c79454f030845f3056e30f9daab1a7726ce00e))
+# [1.0.0-alpha.41](https://github.com/bpinhosilva/agent-orchestrator/compare/v1.0.0-alpha.40...v1.0.0-alpha.41) (2026-04-17)
+### Bug Fixes
+* update collisionDetection to return an empty array in TaskManager tests ([b64158e](https://github.com/bpinhosilva/agent-orchestrator/commit/b64158e61c76a0d148900d36cb9f05784e5d5461))
 # [1.0.0-alpha.40](https://github.com/bpinhosilva/agent-orchestrator/compare/v1.0.0-alpha.39...v1.0.0-alpha.40) (2026-04-17)

package/README.md CHANGED Viewed

@@ -26,7 +26,7 @@ Agent Orchestrator is an open-source platform for managing AI agents, tasks, and
 - Project management with project membership and RBAC
 - Task execution plus recurring scheduling
 - File upload and artifact-backed task workflows
-- Packaged CLI/runtime for setup, run, status, logs, stop, and migrate
+- Packaged CLI/runtime with full lifecycle management: `setup`, `run`, `restart`, `stop`, `status`, `health`, `logs`, `migrate`, `config`, `reset-password`, and `rotate-secrets`
 - React dashboard served by the backend or packaged runtime
 ## Planned direction
@@ -71,6 +71,7 @@ agent-orchestrator setup
 agent-orchestrator run
 agent-orchestrator restart
 agent-orchestrator status
+agent-orchestrator health
 ```
 `setup` can create the runtime `.env`, run migrations, seed an admin user, and prompt you to apply pending migrations after package updates. `run` does not upgrade the database automatically. The default runtime home is `~/.agent-orchestrator`, or `${AGENT_ORCHESTRATOR_HOME}` if you set it explicitly.
@@ -83,7 +84,7 @@ For deeper CLI usage, see [docs/CLI.md](docs/CLI.md).
 git clone https://github.com/bpinhosilva/agent-orchestrator.git
 cd agent-orchestrator
 npm install
-npm rebuild
+npm rebuild --ignore-scripts=false
 npm run build:all
 ```
@@ -142,6 +143,15 @@ SQLite is the default local/runtime option when `DATABASE_URL` is not set. The d
 - `local.sqlite` in the project/package root, or
 - `${AGENT_ORCHESTRATOR_HOME}/local.sqlite` when runtime home is set
+> **Important — dev server vs. packaged CLI runtime use different databases by default.**
+> Running `npm run dev` or `npm run start:dev` uses `./local.sqlite` in the project root.
+> Running `node dist/cli/index.js` (or the installed `agent-orchestrator` binary) defaults to `~/.agent-orchestrator/local.sqlite`.
+> If you run the dev server and also use CLI admin commands (e.g. `reset-password`, `migrate`), point the CLI at the project root database:
+>
+> ```bash
+> AGENT_ORCHESTRATOR_HOME=/path/to/agent-orchestrator node dist/cli/index.js reset-password
+> ```
 ### PostgreSQL
 Use PostgreSQL by setting `DATABASE_URL` or `DB_TYPE=postgres`:
@@ -195,18 +205,21 @@ npm run start:dev
 agent-orchestrator setup
 agent-orchestrator run
 agent-orchestrator status
+agent-orchestrator health
 agent-orchestrator logs --lines 50
 agent-orchestrator restart
 agent-orchestrator stop
+agent-orchestrator config show
+agent-orchestrator rotate-secrets
 ```
 When running the packaged app or a production build with static UI enabled, the dashboard is served from `http://localhost:15789` by default.
 ## Docker
-The repository ships three Compose entrypoints:
+> For the full Docker guide, see [docs/DOCKER.md](docs/DOCKER.md).
-All Compose stacks now require the database variables in the project `.env` file: `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_DB`, and `POSTGRES_TEST_DB` for the integration stack.
+The repository ships three Compose entrypoints:
 | File | Purpose |
 | --- | --- |
@@ -216,15 +229,56 @@ All Compose stacks now require the database variables in the project `.env` file
 ### Production-style stack
+**Step 1: Create `.env`** — copy the example in the repo root and fill in your values:
 ```bash
-npm run docker:up
-docker compose run --rm api dist/cli/index.js migrate --yes
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=change_me
+POSTGRES_DB=agent_orchestrator
+JWT_SECRET=<at-least-32-char-secret>
+JWT_REFRESH_SECRET=<at-least-32-char-secret>
+# For seed-admin:
+ADMIN_EMAIL=admin@example.com
+ADMIN_PASSWORD=change_me
 ```
-Endpoints:
+**Step 2: Run migrations**
+```bash
+docker compose --profile tools run --rm migrate
+```
+**Step 3: Seed the admin user** — credentials are read from `ADMIN_EMAIL` and `ADMIN_PASSWORD` in `.env`, never from CLI flags.
+```bash
+docker compose --profile tools run --rm seed-admin
+```
+**Step 4: Start the stack**
+```bash
+docker compose up -d
+```
+Access at `https://localhost` (your browser will warn about a self-signed cert — click through).
+**Stopping:**
+```bash
+docker compose down      # stop, keep data
+docker compose down -v   # stop and wipe all data (including the PostgreSQL volume)
+```
+**Custom domain:**
+```bash
+DOMAIN=mysite.com
+ALLOWED_ORIGINS=https://mysite.com
+```
-- UI: `https://localhost` or `https://agent-orchestrator.localhost`
-- API: `https://localhost/api/v1` or `https://agent-orchestrator.localhost/api/v1`
+Caddy automatically provisions Let's Encrypt certificates for real public domains.
 In this stack the UI is served by **Caddy**, not by the Nest app. Docker explicitly sets `SERVE_STATIC_UI=false` so the backend only serves the API.
@@ -252,8 +306,8 @@ docker compose -f docker-compose.test.yml --profile tools run --rm cli
 Endpoints:
-- UI: `https://localhost:8444` or `https://agent-orchestrator.localhost:8444`
-- API: `https://localhost:8444/api/v1` or `https://agent-orchestrator.localhost:8444/api/v1`
+- UI: `https://localhost:8444`
+- API: `https://localhost:8444/api/v1`
 ## Development workflow
@@ -278,6 +332,7 @@ Endpoints:
 ## Useful docs
+- [Docker guide](docs/DOCKER.md)
 - [CLI reference](docs/CLI.md)
 - [CI/CD pipeline](docs/CI_CD.md)
 - [Release process](docs/RELEASE.md)
@@ -290,6 +345,9 @@ Endpoints:
 - **Agent execution fails immediately**: confirm `GEMINI_API_KEY`, `ANTHROPIC_API_KEY`, or Ollama (`OLLAMA_HOST`) are set correctly for the provider in use
 - **Schema/startup issues**: run `npm run migration:run`
 - **Need to undo the latest migration**: run `npm run migration:revert`
+- **Need to reset a user's password**: use `agent-orchestrator reset-password` — this also revokes all active sessions for that user. If the dev server (`npm run dev`) is running instead of the packaged runtime, the CLI targets a different database by default; override with `AGENT_ORCHESTRATOR_HOME=$(pwd) node dist/cli/index.js reset-password`
+- **Need to rotate JWT secrets** (e.g. after a credential leak): use `agent-orchestrator rotate-secrets` — this regenerates `JWT_SECRET` and `JWT_REFRESH_SECRET`, invalidating all active sessions, and restarts the server automatically if it is running
+- **Stale PostgreSQL volume (version mismatch)**: if the `db` container fails its health check with "data directory was initialized by PostgreSQL version X, which is not compatible with this version", run `docker compose down -v` to wipe the volume and start fresh
 ## License

package/dist/auth/auth.controller.js CHANGED Viewed

@@ -153,6 +153,7 @@ __decorate([
     __metadata("design:returntype", void 0)
 ], AuthController.prototype, "getMe", null);
 __decorate([
+    (0, throttler_1.Throttle)({ default: { limit: 5, ttl: 60000 } }),
     (0, common_1.Patch)('me'),
     openapi.ApiResponse({ status: 200, type: Object }),
     __param(0, (0, common_1.Request)()),

package/dist/auth/auth.service.js CHANGED Viewed

@@ -44,6 +44,7 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
+var AuthService_1;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthService = void 0;
 const common_1 = require("@nestjs/common");
@@ -54,7 +55,7 @@ const typeorm_2 = require("@nestjs/typeorm");
 const users_service_1 = require("../users/users.service");
 const refresh_token_entity_1 = require("./entities/refresh-token.entity");
 const bcrypt = __importStar(require("bcrypt"));
-let AuthService = class AuthService {
+let AuthService = AuthService_1 = class AuthService {
     usersService;
     jwtService;
     configService;
@@ -68,6 +69,7 @@ let AuthService = class AuthService {
         this.configService = configService;
         this.refreshTokenRepository = refreshTokenRepository;
     }
+    logger = new common_1.Logger(AuthService_1.name);
     async validateUser(userId) {
         try {
             const user = await this.usersService.findOne(userId);
@@ -75,7 +77,8 @@ let AuthService = class AuthService {
                 return this.usersService.serializeUser(user);
             }
         }
-        catch {
+        catch (error) {
+            this.logger.error('Failed to validate user', error instanceof Error ? error.stack : String(error));
             return null;
         }
         return null;
@@ -147,7 +150,8 @@ let AuthService = class AuthService {
                 ? payload.sub
                 : null;
         }
-        catch {
+        catch (error) {
+            this.logger.warn('Failed to validate refresh token', error instanceof Error ? error.stack : String(error));
             return null;
         }
     }
@@ -254,12 +258,13 @@ let AuthService = class AuthService {
                 }, { revokedAt: new Date() });
             }
         }
-        catch {
+        catch (error) {
+            this.logger.warn('Failed to revoke refresh token (token may already be expired)', error instanceof Error ? error.message : String(error));
         }
     }
 };
 exports.AuthService = AuthService;
-exports.AuthService = AuthService = __decorate([
+exports.AuthService = AuthService = AuthService_1 = __decorate([
     (0, common_1.Injectable)(),
     __param(3, (0, typeorm_2.InjectRepository)(refresh_token_entity_1.RefreshToken)),
     __metadata("design:paramtypes", [users_service_1.UsersService,

package/dist/auth/entities/refresh-token.entity.js CHANGED Viewed

@@ -10,23 +10,10 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.RefreshToken = void 0;
-const openapi = require("@nestjs/swagger");
 const typeorm_1 = require("typeorm");
 const user_entity_1 = require("../../users/entities/user.entity");
 const typeorm_2 = require("../../config/typeorm");
 let RefreshToken = class RefreshToken {
-    id;
-    userId;
-    user;
-    token;
-    issuedAt;
-    expiresAt;
-    absoluteExpiry;
-    createdAt;
-    revokedAt;
-    static _OPENAPI_METADATA_FACTORY() {
-        return { id: { required: true, type: () => String }, userId: { required: true, type: () => String }, user: { required: true, type: () => require("../../users/entities/user.entity").User }, token: { required: true, type: () => String }, issuedAt: { required: true, type: () => Date }, expiresAt: { required: true, type: () => Date }, absoluteExpiry: { required: true, type: () => Date }, createdAt: { required: true, type: () => Date }, revokedAt: { required: true, type: () => Date, nullable: true } };
-    }
 };
 exports.RefreshToken = RefreshToken;
 __decorate([
@@ -51,11 +38,11 @@ __decorate([
     __metadata("design:type", Date)
 ], RefreshToken.prototype, "issuedAt", void 0);
 __decorate([
-    (0, typeorm_1.Column)({ type: 'datetime' }),
+    (0, typeorm_1.Column)({ type: typeorm_2.DATETIME_COLUMN_TYPE }),
     __metadata("design:type", Date)
 ], RefreshToken.prototype, "expiresAt", void 0);
 __decorate([
-    (0, typeorm_1.Column)({ type: 'datetime' }),
+    (0, typeorm_1.Column)({ type: typeorm_2.DATETIME_COLUMN_TYPE }),
     __metadata("design:type", Date)
 ], RefreshToken.prototype, "absoluteExpiry", void 0);
 __decorate([
@@ -63,11 +50,12 @@ __decorate([
     __metadata("design:type", Date)
 ], RefreshToken.prototype, "createdAt", void 0);
 __decorate([
-    (0, typeorm_1.Column)({ type: 'datetime', nullable: true }),
-    __metadata("design:type", Object)
+    (0, typeorm_1.Column)({ type: typeorm_2.DATETIME_COLUMN_TYPE, nullable: true }),
+    __metadata("design:type", Date)
 ], RefreshToken.prototype, "revokedAt", void 0);
 exports.RefreshToken = RefreshToken = __decorate([
     (0, typeorm_1.Entity)('refresh_tokens'),
     (0, typeorm_1.Index)(['userId', 'expiresAt']),
-    (0, typeorm_1.Index)(['userId', 'revokedAt'])
+    (0, typeorm_1.Index)(['userId', 'revokedAt']),
+    (0, typeorm_1.Index)(['absoluteExpiry'])
 ], RefreshToken);

package/dist/cli/commands/config.command.js ADDED Viewed

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerConfigCommand = registerConfigCommand;
+const utils_1 = require("../utils");
+const env_1 = require("../env");
+const constants_1 = require("../constants");
+/** Keys matching these patterns are masked unless --show-secrets is passed. */
+const MASKED_KEY_PATTERN = /(_SECRET|_KEY)$/i;
+const ALWAYS_MASKED_KEYS = new Set(['DATABASE_URL']);
+function maskValue(key, value, showSecrets) {
+    if (showSecrets)
+        return value;
+    if (MASKED_KEY_PATTERN.test(key) || ALWAYS_MASKED_KEYS.has(key))
+        return '***';
+    return value;
+}
+function registerConfigCommand(program) {
+    const config = program
+        .command('config')
+        .description('Manage CLI runtime configuration');
+    config
+        .command('show')
+        .description('Display the current runtime configuration')
+        .option('--show-secrets', 'Reveal masked secret values (keys, tokens, URLs)')
+        .option('--format <format>', 'Output format: text or json', 'text')
+        .action((...args) => {
+        const opts = (0, utils_1.resolveActionOptions)(args);
+        const env = (0, env_1.readEnvFile)(constants_1.ENV_PATH);
+        if (Object.keys(env).length === 0) {
+            console.log(`No configuration found at ${constants_1.ENV_PATH}. Run "agent-orchestrator setup" first.`);
+            return;
+        }
+        const masked = Object.fromEntries(Object.entries(env).map(([k, v]) => [
+            k,
+            maskValue(k, v, opts.showSecrets ?? false),
+        ]));
+        if (opts.format === 'json') {
+            console.log(JSON.stringify(masked, null, 2));
+        }
+        else {
+            console.log(`Configuration from ${constants_1.ENV_PATH}:\n`);
+            for (const [key, value] of Object.entries(masked)) {
+                console.log(`  ${key}=${value}`);
+            }
+        }
+    });
+}

package/dist/cli/commands/health.command.js ADDED Viewed

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerHealthCommand = registerHealthCommand;
+const utils_1 = require("../utils");
+const process_manager_1 = require("../process-manager");
+const constants_1 = require("../constants");
+const health_1 = require("../health");
+function registerHealthCommand(program) {
+    program
+        .command('health')
+        .description('Check whether the orchestrator HTTP server is responding')
+        .option('--timeout <ms>', 'Request timeout in milliseconds', '5000')
+        .option('--format <format>', 'Output format: text or json', 'text')
+        .action(async (...args) => {
+        const opts = (0, utils_1.resolveActionOptions)(args);
+        const timeoutMs = Math.max(1, Number(opts.timeout ?? '5000') || 5000);
+        // Prefer metadata from the running process; fall back to .env config
+        const proc = (0, process_manager_1.findManagedProcess)();
+        const host = proc?.host ?? (0, process_manager_1.getConfiguredHost)(constants_1.ENV_PATH);
+        const port = proc?.port ?? (0, process_manager_1.getConfiguredPort)(constants_1.ENV_PATH);
+        const isRunning = proc !== null;
+        const result = await (0, health_1.httpHealthCheck)(host, port, timeoutMs);
+        if (opts.format === 'json') {
+            console.log(JSON.stringify({
+                running: isRunning,
+                healthy: result.healthy,
+                status: result.status ?? null,
+                host,
+                port,
+                error: result.error ?? null,
+            }));
+        }
+        else {
+            if (!isRunning) {
+                console.log('Orchestrator process is not running.');
+            }
+            else if (result.healthy) {
+                console.log(`Orchestrator is healthy (HTTP ${result.status}) at ${host}:${port}`);
+            }
+            else if (result.error) {
+                console.log(`Orchestrator is unreachable: ${result.error}`);
+            }
+            else {
+                console.log(`Orchestrator returned HTTP ${result.status ?? 'unknown'} at ${host}:${port}`);
+            }
+        }
+        if (!result.healthy)
+            process.exit(1);
+    });
+}

package/dist/cli/commands/index.js CHANGED Viewed

@@ -8,6 +8,11 @@ const status_command_1 = require("./status.command");
 const logs_command_1 = require("./logs.command");
 const migrate_command_1 = require("./migrate.command");
 const restart_command_1 = require("./restart.command");
+const health_command_1 = require("./health.command");
+const config_command_1 = require("./config.command");
+const reset_password_command_1 = require("./reset-password.command");
+const rotate_secrets_command_1 = require("./rotate-secrets.command");
+const seed_admin_command_1 = require("./seed-admin.command");
 function registerAllCommands(program) {
     (0, setup_command_1.registerSetupCommand)(program);
     (0, run_command_1.registerRunCommand)(program);
@@ -16,4 +21,9 @@ function registerAllCommands(program) {
     (0, status_command_1.registerStatusCommand)(program);
     (0, logs_command_1.registerLogsCommand)(program);
     (0, migrate_command_1.registerMigrateCommand)(program);
+    (0, health_command_1.registerHealthCommand)(program);
+    (0, config_command_1.registerConfigCommand)(program);
+    (0, reset_password_command_1.registerResetPasswordCommand)(program);
+    (0, rotate_secrets_command_1.registerRotateSecretsCommand)(program);
+    (0, seed_admin_command_1.registerSeedAdminCommand)(program);
 }

package/dist/cli/commands/logs.command.js CHANGED Viewed

@@ -63,10 +63,18 @@ function registerLogsCommand(program) {
                 console.log('Log file is empty.');
             }
             if (opts.follow) {
-                let position = fs.statSync(constants_1.LOG_FILE).size;
+                const initialStat = fs.statSync(constants_1.LOG_FILE);
+                let position = initialStat.size;
+                let trackedIno = initialStat.ino;
                 fs.watchFile(constants_1.LOG_FILE, { interval: 200 }, () => {
                     try {
                         const stat = fs.statSync(constants_1.LOG_FILE);
+                        const rotated = stat.ino !== trackedIno || stat.size < position;
+                        if (rotated) {
+                            // File replaced or truncated — restart from beginning
+                            position = 0;
+                            trackedIno = stat.ino;
+                        }
                         if (stat.size > position) {
                             const length = stat.size - position;
                             const buffer = Buffer.alloc(length);

package/dist/cli/commands/migrate.command.js CHANGED Viewed

@@ -40,7 +40,7 @@ async function confirmAction(message, autoConfirm = false) {
     if (autoConfirm) {
         return true;
     }
-    const enquirer = await Promise.resolve().then(() => __importStar(require('enquirer')));
+    const { default: enquirer } = await Promise.resolve().then(() => __importStar(require('enquirer')));
     const { confirmed } = await enquirer.prompt({
         type: 'confirm',
         name: 'confirmed',
@@ -53,7 +53,7 @@ async function promptForEnter(message, autoConfirm = false) {
     if (autoConfirm) {
         return;
     }
-    const enquirer = await Promise.resolve().then(() => __importStar(require('enquirer')));
+    const { default: enquirer } = await Promise.resolve().then(() => __importStar(require('enquirer')));
     await enquirer.prompt({
         type: 'input',
         name: 'continue',

package/dist/cli/commands/reset-password.command.js ADDED Viewed

@@ -0,0 +1,138 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resetUserPassword = resetUserPassword;
+exports.registerResetPasswordCommand = registerResetPasswordCommand;
+const typeorm_1 = require("typeorm");
+const utils_1 = require("../utils");
+const typeorm_2 = require("../../config/typeorm");
+const user_entity_1 = require("../../users/entities/user.entity");
+const refresh_token_entity_1 = require("../../auth/entities/refresh-token.entity");
+async function resetUserPassword(email, newPassword, factory = typeorm_2.createDataSource,
+// eslint-disable-next-line @typescript-eslint/no-require-imports
+bcryptDep = require('bcrypt')) {
+    const dataSource = factory();
+    let initialized = false;
+    try {
+        await dataSource.initialize();
+        initialized = true;
+        const userRepository = dataSource.getRepository(user_entity_1.User);
+        const tokenRepository = dataSource.getRepository(refresh_token_entity_1.RefreshToken);
+        const user = await userRepository.findOne({ where: { email } });
+        if (!user) {
+            throw new Error(`User with email "${email}" not found.`);
+        }
+        const hashedPassword = await bcryptDep.hash(newPassword, 10);
+        await userRepository.update(user.id, { password: hashedPassword });
+        // Revoke all active (non-expired, non-revoked) refresh tokens so existing
+        // sessions cannot continue after a password reset.
+        await tokenRepository.update({ userId: user.id, revokedAt: (0, typeorm_1.IsNull)() }, { revokedAt: new Date() });
+        console.log(`Password updated for ${email}. All active sessions have been invalidated.`);
+    }
+    finally {
+        if (initialized) {
+            try {
+                await dataSource.destroy();
+            }
+            catch {
+                // ignore cleanup errors
+            }
+        }
+    }
+}
+function registerResetPasswordCommand(program, resetFn = resetUserPassword) {
+    program
+        .command('reset-password')
+        .description("Reset a user's password and revoke all their active sessions")
+        .option('--email <email>', 'Email address of the user')
+        .option('--password <password>', 'New password (min 8 characters) — prefer SETUP_ADMIN_PASSWORD env var')
+        .option('-y, --yes', 'Non-interactive mode (requires --email and --password or env var)')
+        .action(async (...args) => {
+        const opts = (0, utils_1.resolveActionOptions)(args);
+        if (opts.password) {
+            console.warn('Warning: Passing passwords as CLI flags exposes them in process tables and shell history. ' +
+                'Use the SETUP_ADMIN_PASSWORD environment variable instead.');
+        }
+        let email;
+        let password;
+        const resolvedPassword = opts.password ?? process.env.SETUP_ADMIN_PASSWORD;
+        if (opts.yes) {
+            if (!opts.email || !resolvedPassword) {
+                console.error('--email and --password (or SETUP_ADMIN_PASSWORD env var) are required in non-interactive mode (--yes).');
+                process.exit(1);
+                return;
+            }
+            email = opts.email;
+            password = resolvedPassword;
+        }
+        else {
+            const { default: enquirer } = await Promise.resolve().then(() => __importStar(require('enquirer')));
+            const response = await enquirer.prompt([
+                {
+                    type: 'input',
+                    name: 'email',
+                    message: 'User email:',
+                    initial: opts.email ?? '',
+                },
+                {
+                    type: 'password',
+                    name: 'password',
+                    message: 'New password (min 8 characters):',
+                    validate: (v) => v.length >= 8 || 'Password must be at least 8 characters',
+                },
+                {
+                    type: 'password',
+                    name: 'confirm',
+                    message: 'Confirm new password:',
+                    validate: (v, state) => v === state?.answers?.password || 'Passwords do not match',
+                },
+            ]);
+            email = response.email;
+            password = response.password;
+        }
+        if (password.length < 8) {
+            console.error('Password must be at least 8 characters long.');
+            process.exit(1);
+            return;
+        }
+        try {
+            await resetFn(email, password);
+        }
+        catch (err) {
+            console.error(`Failed to reset password: ${err instanceof Error ? err.message : String(err)}`);
+            process.exit(1);
+        }
+    });
+}

package/dist/cli/commands/restart.command.js CHANGED Viewed

@@ -1,30 +1,41 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.registerRestartCommand = registerRestartCommand;
-const commander_1 = require("commander");
 const process_manager_1 = require("../process-manager");
-const run_command_1 = require("./run.command");
-const stop_command_1 = require("./stop.command");
+const constants_1 = require("../constants");
 function registerRestartCommand(program) {
     program
         .command('restart')
         .description('Restart the orchestrator server (smart: stop if running, then start)')
         .action(async () => {
-        const running = (0, process_manager_1.findManagedProcess)(); // TODO: pass default args if needed
-        if (running) {
-            // Stop if running
-            await new Promise((resolve) => {
-                const stopProgram = new commander_1.Command();
-                (0, stop_command_1.registerStopCommand)(stopProgram);
-                stopProgram.exitOverride();
-                stopProgram.parse(['node', 'cli', 'stop'], { from: 'user' });
-                setTimeout(resolve, 2000); // Wait for stop
-            });
+        try {
+            const running = (0, process_manager_1.findManagedProcess)();
+            if (running) {
+                console.log(`Stopping Orchestrator (PID: ${running.pid})...`);
+                const died = await (0, process_manager_1.stopManagedProcessById)(running.pid, running.cwd, running.mainPath);
+                if (!died) {
+                    console.error('Failed to stop orchestrator. Aborting restart to avoid duplicate instances.');
+                    process.exit(1);
+                    return;
+                }
+                (0, process_manager_1.removeRuntimeState)();
+                console.log('Orchestrator stopped.');
+            }
+            console.log('Starting Agent Orchestrator in background...');
+            const { pid, host, port } = (0, process_manager_1.startServer)();
+            console.log(`Orchestrator started in background.\n${(0, process_manager_1.formatProcessSummary)({
+                pid,
+                source: 'metadata',
+                cwd: constants_1.PACKAGE_ROOT,
+                mainPath: constants_1.MAIN_FILE,
+                host,
+                port,
+            })}`);
+        }
+        catch (err) {
+            const errorMessage = err instanceof Error ? err.message : String(err);
+            console.error(`Failed to restart orchestrator: ${errorMessage}`);
+            process.exit(1);
         }
-        // Start
-        const runProgram = new commander_1.Command();
-        (0, run_command_1.registerRunCommand)(runProgram);
-        runProgram.exitOverride();
-        runProgram.parse(['node', 'cli', 'run'], { from: 'user' });
     });
 }