@floless/app 0.5.1

package/teardown.mjs

@@ -0,0 +1,128 @@
+// teardown — the SHARED pure layer behind `floless-app uninstall` (Part A.5).
+//
+// Plain JS (.mjs) on purpose: it is imported by BOTH launch.mjs (the npm bin,
+// plain JS) and main.ts (the SEA dispatcher, TS), AND by autostart.ts/protocol.ts
+// for the registry-key constants — one source, no JS/TS boundary problem (Codex S1).
+// It holds ONLY pure functions + constants: no process killing, no reg/npm calls,
+// no I/O. The executors that perform real side effects live in launch.mjs / main.ts
+// and are exercised by the human's real teardown test, never here.
+//
+// Shipped to npm (added to package.json `files`), so it must stay dependency-free.
+
+// --- registry-key constants (single source — must match autostart.ts/protocol.ts) ---
+// autostart.ts: RUN_KEY + VALUE_NAME='FloLess'; protocol.ts: BASE.
+export const RUN_KEY = 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run';
+export const RUN_VALUE = 'FloLess';
+export const PROTOCOL_KEY = 'HKCU\\Software\\Classes\\floless';
+
+/**
+ * Decide what `floless-app uninstall` should do about the AWARE runtime.
+ *
+ *   --purge       → remove AWARE, never prompt.
+ *   --keep-aware  → keep AWARE, never prompt.
+ *   (no flags)    → prompt ONLY when a TTY is present; a non-TTY (Velopack
+ *                   Add/Remove, piped stdin) NEVER blocks → keep AWARE.
+ *
+ * @param {{ purge?: boolean, keepAware?: boolean, isTTY?: boolean }} opts
+ * @returns {{ removeAware: boolean, prompt: boolean }}
+ * @throws {Error} when both --purge and --keep-aware are given (conflicting).
+ */
+export function teardownDecision({ purge = false, keepAware = false, isTTY = false } = {}) {
+  if (purge && keepAware) {
+    throw new Error('conflicting flags: --purge and --keep-aware cannot be combined');
+  }
+  if (purge) return { removeAware: true, prompt: false };
+  if (keepAware) return { removeAware: false, prompt: false };
+  // No flags: ask iff interactive; otherwise keep AWARE and never block.
+  return { removeAware: false, prompt: Boolean(isTTY) };
+}
+
+// The global npm package id for the AWARE runtime. Single source so the uninstall
+// shell command and the JSON-verify check can't drift.
+export const AWARE_PKG = '@aware-aeco/cli';
+
+/**
+ * Decide whether AWARE is STILL installed from the output of
+ * `npm ls -g @aware-aeco/cli --depth=0 --json`. The package, when present, appears as
+ * a key under the top-level `dependencies` object; when absent, `dependencies` is
+ * missing or empty. Parsing this is more reliable than `npm ls`'s exit code, which
+ * varies across npm versions for a missing global (review Fix 3 / Codex S4).
+ *
+ * Defensive: any empty/undefined/unparseable input, or a non-object `dependencies`,
+ * is treated as ABSENT (removed) — a flaky `npm ls` must never raise a false
+ * "still installed" alarm.
+ *
+ * @param {string | undefined | null} npmLsJson  raw stdout of the `npm ls … --json` call
+ * @returns {boolean} true iff the AWARE package is listed under dependencies
+ */
+export function awareIsPresent(npmLsJson) {
+  let parsed;
+  try { parsed = JSON.parse(npmLsJson || '{}'); } catch { return false; }
+  const deps = parsed && typeof parsed === 'object' ? parsed.dependencies : null;
+  if (!deps || typeof deps !== 'object') return false;
+  return Object.prototype.hasOwnProperty.call(deps, AWARE_PKG);
+}
+
+// A process is a floless.app supervisor iff its command line both names THIS app's
+// exe and carries the supervise action. We match `--supervise` or a bare ` supervise`
+// token (the exe-channel action) on a word boundary, so `--serve` /
+// `--veloapp-uninstall` / a substring like `supervised` never qualify.
+const SUPERVISE_TOKEN = /(?:^|\s)(?:--)?supervise(?:\s|$)/i;
+
+/**
+ * Select supervisor PIDs to kill during teardown, with the self-kill guard baked in.
+ *
+ * A proc qualifies iff its `cmd` (its full command line):
+ *   - contains AT LEAST ONE of the `exeMatch` candidates (this app's exe path),
+ *     case-insensitively, AND
+ *   - carries the supervise action (`--supervise` / ` supervise`), AND
+ *   - its pid !== selfPid (NEVER kill the running uninstall process — Codex self-kill), AND
+ *   - when `scriptMatch` is provided (non-empty), ALSO contains `scriptMatch`
+ *     case-insensitively (review #1).
+ *
+ * `exeMatch` accepts EITHER a single string OR a string array (added 2026-05-30 for
+ * the Claude MSIX container case): inside the container `process.execPath` is the
+ * bind-link VIRTUAL path while a supervisor launched at logon — via a Run key /
+ * Scheduled Task registered with the REAL un-virtualized path — runs with the REAL
+ * path in its command line. Passing `[virtualPath, realPath]` matches BOTH so the
+ * in-container uninstaller can still find it. A single-string call still works
+ * unchanged for non-container installs (where the two paths are identical).
+ *
+ * The `scriptMatch` arg exists for the npm channel: there `exeMatch` is the generic
+ * `node.exe`, so without it the predicate could match ANY `node … supervise` process
+ * (e.g. an unrelated third-party watchdog). Passing the launcher script (launch.mjs)
+ * as `scriptMatch` narrows it to OUR supervisor. The packaged channel uses a unique
+ * `FlolessApp.exe` and passes no scriptMatch — behavior is unchanged there.
+ *
+ * This deliberately EXCLUDES the current `--veloapp-uninstall` proc (same exe, wrong
+ * action) and unrelated tools whose command line merely contains "--supervise"
+ * (right action, wrong exe).
+ *
+ * @param {Array<{ pid: number, cmd: string }>} procs  enumerated processes
+ * @param {number} selfPid  process.pid of the running uninstall — always excluded
+ * @param {string | string[]} exeMatch  this app's exe path(s) to match in each cmd line;
+ *   pass an array to match a supervisor that may have been launched at either of two
+ *   equivalent paths (the MSIX virtual + real un-virtualized path)
+ * @param {string} [scriptMatch]  optional launcher-script substring; when non-empty,
+ *   the cmd must ALSO contain it (case-insensitively). Omitted/empty → no narrowing.
+ * @returns {number[]} pids to taskkill (caller does the killing; this is pure)
+ */
+export function supervisorPidsToKill(procs, selfPid, exeMatch, scriptMatch) {
+  if (!Array.isArray(procs) || !exeMatch) return [];
+  const needles = (Array.isArray(exeMatch) ? exeMatch : [exeMatch])
+    .filter((s) => typeof s === 'string' && s.length > 0)
+    .map((s) => s.toLowerCase());
+  if (needles.length === 0) return [];
+  const scriptNeedle = scriptMatch ? String(scriptMatch).toLowerCase() : '';
+  return procs
+    .filter((p) => {
+      if (!p || typeof p.cmd !== 'string') return false;
+      if (p.pid === selfPid) return false; // never self-kill
+      const cmd = p.cmd;
+      const lower = cmd.toLowerCase();
+      if (!needles.some((n) => lower.includes(n)) || !SUPERVISE_TOKEN.test(cmd)) return false;
+      if (scriptNeedle && !lower.includes(scriptNeedle)) return false; // npm-channel narrowing
+      return true;
+    })
+    .map((p) => p.pid);
+}