@launchsecure/launch-kit 0.0.35 → 0.0.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -34,6 +34,9 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
34
34
  ));
35
35
 
36
36
  // src/server/cf-ingress.ts
37
+ function serviceLabel(s) {
38
+ return s.label ?? s.name;
39
+ }
37
40
  async function cf(opts) {
38
41
  const res = await fetch(`${CF_API_BASE}${opts.path}`, {
39
42
  method: opts.method,
@@ -113,7 +116,7 @@ async function fetchConnectorToken(input, tunnelId) {
113
116
  }
114
117
  async function setIngressConfig(input, tunnelId) {
115
118
  const ingress = input.services.map((s) => ({
116
- hostname: `${s.name}.${input.zone.name}`,
119
+ hostname: `${serviceLabel(s)}.${input.zone.name}`,
117
120
  service: `http://localhost:${s.port}`
118
121
  }));
119
122
  ingress.push({ service: "http_status:404" });
@@ -128,7 +131,7 @@ async function setIngressConfig(input, tunnelId) {
128
131
  }
129
132
  }
130
133
  async function ensureDnsRecord(input, tunnelId, service) {
131
- const fqdn = `${service.name}.${input.zone.name}`;
134
+ const fqdn = `${serviceLabel(service)}.${input.zone.name}`;
132
135
  const target = `${tunnelId}.cfargotunnel.com`;
133
136
  const existing = await cf({
134
137
  apiToken: input.apiToken,
@@ -172,7 +175,7 @@ async function provisionIngress(input) {
172
175
  await setIngressConfig(input, tunnelId);
173
176
  await Promise.all(input.services.map((s) => ensureDnsRecord(input, tunnelId, s)));
174
177
  const hostnames = {};
175
- for (const s of input.services) hostnames[s.name] = `${s.name}.${input.zone.name}`;
178
+ for (const s of input.services) hostnames[s.name] = `${serviceLabel(s)}.${input.zone.name}`;
176
179
  return { tunnelId, connectorToken, hostnames };
177
180
  }
178
181
  var import_node_fs, import_node_path, CF_API_BASE, CF_ERR_DNS_RECORD_EXISTS;
@@ -222,6 +225,17 @@ async function ensureDocker(opts = {}) {
222
225
  const initial = detectDocker();
223
226
  if (initial.daemonAlive) return initial;
224
227
  const platform = process.platform;
228
+ if (initial.cliPresent && canStartDaemon(platform)) {
229
+ if (await confirm(opts, "Docker is installed but its daemon isn't running. Start it now?")) {
230
+ const started = await startDockerDaemon(platform);
231
+ if (started.daemonAlive) return started;
232
+ console.log(
233
+ `
234
+ Docker did not become ready within ${Math.round(DAEMON_START_TIMEOUT_MS / 1e3)}s. Open Docker manually and re-run setup.`
235
+ );
236
+ throw new Error("Docker daemon did not start in time.");
237
+ }
238
+ }
225
239
  if (!opts.autoInstall) {
226
240
  printManualInstructions(initial, platform);
227
241
  throw new Error("Docker is not ready. Install + start it, then re-run `launch-rover setup`.");
@@ -250,6 +264,40 @@ async function ensureDocker(opts = {}) {
250
264
  `Auto-install is not supported on ${platform}. Install Docker Desktop manually, then re-run setup.`
251
265
  );
252
266
  }
267
+ function canStartDaemon(platform) {
268
+ if (platform === "darwin") return true;
269
+ if (platform === "linux") return commandExists("systemctl");
270
+ return false;
271
+ }
272
+ async function startDockerDaemon(platform) {
273
+ if (platform === "darwin") {
274
+ runAndPrint("open", ["-a", "Docker"]);
275
+ } else if (platform === "linux") {
276
+ runAndPrint("sudo", ["systemctl", "start", "docker"]);
277
+ } else {
278
+ throw new Error(`Cannot start the Docker daemon on ${platform}.`);
279
+ }
280
+ console.log("Waiting for the Docker daemon to come up\u2026");
281
+ const deadline = DAEMON_START_TIMEOUT_MS;
282
+ let waited = 0;
283
+ while (waited < deadline) {
284
+ await (0, import_promises2.setTimeout)(DAEMON_POLL_INTERVAL_MS);
285
+ waited += DAEMON_POLL_INTERVAL_MS;
286
+ const probe = detectDocker();
287
+ if (probe.daemonAlive) {
288
+ console.log(`Docker daemon is up (after ~${Math.round(waited / 1e3)}s).`);
289
+ return probe;
290
+ }
291
+ }
292
+ return detectDocker();
293
+ }
294
+ function commandExists(cmd) {
295
+ const probe = (0, import_node_child_process.spawnSync)(process.platform === "win32" ? "where" : "which", [cmd], {
296
+ stdio: "ignore",
297
+ timeout: 1500
298
+ });
299
+ return probe.status === 0;
300
+ }
253
301
  function printManualInstructions(detection, platform) {
254
302
  console.log("\n\u2500\u2500 Docker is required to run launch-rover \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
255
303
  if (!detection.cliPresent) {
@@ -305,13 +353,16 @@ function runAndPrint(cmd, args) {
305
353
  throw new Error(`${cmd} exited with code ${result.status ?? "signal"}`);
306
354
  }
307
355
  }
308
- var import_node_child_process, import_promises, import_node_process;
356
+ var import_node_child_process, import_promises, import_node_process, import_promises2, DAEMON_START_TIMEOUT_MS, DAEMON_POLL_INTERVAL_MS;
309
357
  var init_docker_install = __esm({
310
358
  "src/server/rover/docker-install.ts"() {
311
359
  "use strict";
312
360
  import_node_child_process = require("node:child_process");
313
361
  import_promises = require("node:readline/promises");
314
362
  import_node_process = require("node:process");
363
+ import_promises2 = require("node:timers/promises");
364
+ DAEMON_START_TIMEOUT_MS = 6e4;
365
+ DAEMON_POLL_INTERVAL_MS = 2e3;
315
366
  }
316
367
  });
317
368
 
@@ -536,7 +587,7 @@ var require_package = __commonJS({
536
587
  "package.json"(exports2, module2) {
537
588
  module2.exports = {
538
589
  name: "@launchsecure/launch-kit",
539
- version: "0.0.35",
590
+ version: "0.0.36",
540
591
  description: "LaunchSecure toolkit \u2014 launch-sequencer (pipeline runner + terminal bridge), launch-radar (feedback webhook receiver), launch-chart (project graph MCP), launch-deck (visual playground MCP), launch-kit-beacon (feedback Web Component), launch-recall (file-watcher backup). launch-pod is the container image these run inside.",
541
592
  license: "MIT",
542
593
  author: "LaunchSecure - AutomateWithUs",
@@ -19422,17 +19473,17 @@ function createTunnel(opts) {
19422
19473
  const exhaustive = opts.provider;
19423
19474
  throw new Error(`[tunnel] unknown provider: ${String(exhaustive)}`);
19424
19475
  }
19425
- var import_node_fs3, import_node_events, import_promises2, import_undici, import_cloudflared, dnsResolver, dnsCache, dnsResilientDispatcher, BACKOFF_MIN_MS, BACKOFF_MAX_MS, SELFTEST_INTERVAL_MS, SELFTEST_TIMEOUT_MS, NAMED_FATAL_PATTERNS, CloudflaredTunnel;
19476
+ var import_node_fs3, import_node_events, import_promises3, import_undici, import_cloudflared, dnsResolver, dnsCache, dnsResilientDispatcher, BACKOFF_MIN_MS, BACKOFF_MAX_MS, SELFTEST_INTERVAL_MS, SELFTEST_TIMEOUT_MS, NAMED_FATAL_PATTERNS, CloudflaredTunnel;
19426
19477
  var init_tunnel = __esm({
19427
19478
  "src/server/tunnel/index.ts"() {
19428
19479
  "use strict";
19429
19480
  import_node_fs3 = require("node:fs");
19430
19481
  import_node_events = require("node:events");
19431
- import_promises2 = require("node:dns/promises");
19482
+ import_promises3 = require("node:dns/promises");
19432
19483
  init_source();
19433
19484
  import_undici = __toESM(require_undici());
19434
19485
  import_cloudflared = require("cloudflared");
19435
- dnsResolver = new import_promises2.Resolver();
19486
+ dnsResolver = new import_promises3.Resolver();
19436
19487
  dnsResolver.setServers(["1.1.1.1", "8.8.8.8"]);
19437
19488
  dnsCache = new CacheableLookup({ resolver: dnsResolver });
19438
19489
  dnsResilientDispatcher = new import_undici.Agent({
@@ -19689,8 +19740,11 @@ async function podsUp(state, body) {
19689
19740
  await stopAndRemove(containerName);
19690
19741
  const dockerConfigDir = body.skipPull ? null : setupDockerConfig();
19691
19742
  try {
19692
- if (dockerConfigDir) {
19693
- await dockerRun(["pull", image], { DOCKER_CONFIG: dockerConfigDir });
19743
+ if (!body.skipPull) {
19744
+ await dockerRun(
19745
+ ["pull", image],
19746
+ dockerConfigDir ? { DOCKER_CONFIG: dockerConfigDir } : {}
19747
+ );
19694
19748
  }
19695
19749
  const runArgs = [
19696
19750
  "run",
@@ -19852,10 +19906,10 @@ async function dockerRun(args, envOverlay = {}) {
19852
19906
  function setupDockerConfig() {
19853
19907
  const token = process.env.GHCR_PULL_TOKEN;
19854
19908
  if (!token) {
19855
- throw new PodError(
19856
- "GHCR_PULL_TOKEN is not set in the rover's environment. Add it to .env.local and restart the rover daemon. (Will be replaced by per-call token from LS later.)",
19857
- 500
19909
+ console.log(
19910
+ "[rover] no GHCR_PULL_TOKEN set \u2014 pulling image anonymously (succeeds only if the image is public)"
19858
19911
  );
19912
+ return null;
19859
19913
  }
19860
19914
  const dir = (0, import_node_fs4.mkdtempSync)((0, import_node_path3.join)((0, import_node_os3.tmpdir)(), "launch-rover-docker-"));
19861
19915
  const auth = Buffer.from(`${GHCR_USERNAME}:${token}`, "utf-8").toString("base64");
@@ -20171,15 +20225,27 @@ function printUsage() {
20171
20225
  " --name=<host-name> Human-readable rover name (default: hostname)",
20172
20226
  " --port=<n> Local daemon port (default: 52749)",
20173
20227
  " --auto-install Allow setup to install Docker via brew / get-docker.sh",
20174
- " --yes / -y Skip confirmation prompts (assume yes)",
20228
+ " --yes / -y Skip confirmation prompts (assume yes). Also auto-starts",
20229
+ " an installed-but-stopped Docker daemon without prompting.",
20175
20230
  " --detach Spawn the daemon as a detached process and exit",
20176
20231
  ""
20177
20232
  ].join("\n")
20178
20233
  );
20179
20234
  }
20235
+ function ensureNodeVersion() {
20236
+ const raw = process.versions.node;
20237
+ const major = Number.parseInt(raw.split(".")[0] ?? "", 10);
20238
+ if (!Number.isFinite(major) || major < MIN_NODE_MAJOR) {
20239
+ throw new Error(
20240
+ `launch-rover requires Node >= ${MIN_NODE_MAJOR} (running ${raw}). Upgrade Node, then re-run \`launch-rover setup\`.`
20241
+ );
20242
+ }
20243
+ console.log(`[rover] node ok: v${raw}`);
20244
+ }
20180
20245
  async function runSetup(argv) {
20181
20246
  const args = parseArgs(argv);
20182
20247
  console.log(`[rover] setup org=${args.orgSlug} server=${args.serverUrl}`);
20248
+ ensureNodeVersion();
20183
20249
  await ensureDocker({ autoInstall: args.autoInstall, yes: args.yes });
20184
20250
  const dockerInfo = detectDocker();
20185
20251
  console.log(`[rover] docker ready: ${dockerInfo.version ?? "unknown"}`);
@@ -20314,7 +20380,7 @@ async function launchDaemon(args, ingress, state) {
20314
20380
  function runSetupReset(roverId) {
20315
20381
  clearRoverState(roverId);
20316
20382
  }
20317
- var import_node_os5, import_node_child_process3, import_node_path5, import_node_fs6, KIT_VERSION, DEFAULT_SERVER, DEFAULT_DAEMON_PORT;
20383
+ var import_node_os5, import_node_child_process3, import_node_path5, import_node_fs6, KIT_VERSION, DEFAULT_SERVER, DEFAULT_DAEMON_PORT, MIN_NODE_MAJOR;
20318
20384
  var init_setup = __esm({
20319
20385
  "src/server/rover/setup.ts"() {
20320
20386
  "use strict";
@@ -20331,6 +20397,7 @@ var init_setup = __esm({
20331
20397
  KIT_VERSION = require_package().version;
20332
20398
  DEFAULT_SERVER = "https://launchsecure-v2.vercel.app";
20333
20399
  DEFAULT_DAEMON_PORT = 52749;
20400
+ MIN_NODE_MAJOR = 18;
20334
20401
  }
20335
20402
  });
20336
20403
 
@@ -20383,7 +20450,7 @@ async function runTeardown(argv) {
20383
20450
  }
20384
20451
  const deadline = Date.now() + 3e3;
20385
20452
  while (Date.now() < deadline && isPidAlive(lock.pid)) {
20386
- await sleep(100);
20453
+ await sleep2(100);
20387
20454
  }
20388
20455
  if (isPidAlive(lock.pid) && parsed.force) {
20389
20456
  console.log("[rover] daemon did not exit, sending SIGKILL");
@@ -20451,7 +20518,7 @@ function isPidAlive(pid) {
20451
20518
  return false;
20452
20519
  }
20453
20520
  }
20454
- function sleep(ms) {
20521
+ function sleep2(ms) {
20455
20522
  return new Promise((resolve) => setTimeout(resolve, ms));
20456
20523
  }
20457
20524
  var import_node_fs7, import_node_os6, import_node_path6;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@launchsecure/launch-kit",
3
- "version": "0.0.35",
3
+ "version": "0.0.36",
4
4
  "description": "LaunchSecure toolkit — launch-sequencer (pipeline runner + terminal bridge), launch-radar (feedback webhook receiver), launch-chart (project graph MCP), launch-deck (visual playground MCP), launch-kit-beacon (feedback Web Component), launch-recall (file-watcher backup). launch-pod is the container image these run inside.",
5
5
  "license": "MIT",
6
6
  "author": "LaunchSecure - AutomateWithUs",
@@ -59,6 +59,24 @@
59
59
  "launch-rover": "./dist/server/rover-entry.js",
60
60
  "launch-bot": "./dist/server/launch-bot-entry.js"
61
61
  },
62
+ "scripts": {
63
+ "build": "pnpm build:client && pnpm build:chart-client && pnpm build:deck-client && pnpm build:council-client && pnpm build:beacon && pnpm build:server",
64
+ "build:beacon": "vite build --config vite.beacon.config.ts && tsc -p tsconfig.beacon.json --emitDeclarationOnly --outDir dist/beacon/types",
65
+ "test:beacon": "vitest run --config vite.beacon.config.ts",
66
+ "test:radar": "vitest run --config vite.radar.config.ts",
67
+ "test:chart": "vitest run --config vite.chart.test.config.ts",
68
+ "build:deck-client": "vite build --config vite.deck.config.ts",
69
+ "build:council-client": "vite build --config vite.council.config.ts",
70
+ "build:client": "vite build",
71
+ "build:chart-client": "vite build --config vite.chart.config.ts",
72
+ "build:server": "esbuild src/server/cli.ts src/server/fb-wizard.ts src/server/graph-mcp-entry.ts src/server/chart-serve.ts src/server/deck-mcp-entry.ts src/server/deck-serve.ts src/server/council-entry.ts src/server/council-serve.ts src/server/recall-entry.ts src/server/init-entry.ts src/server/orbit-entry.ts src/server/course-entry.ts src/server/beacon-monitor-entry.ts src/server/parse-worker-entry.ts src/server/radar-teardown-entry.ts src/server/radar-docker-init-entry.ts src/server/launch-radar-entry.ts src/server/rover-entry.ts src/server/launch-bot-entry.ts --bundle --platform=node --target=node18 --outdir=dist/server --external:node-pty --external:ws --external:typescript --external:web-tree-sitter --external:tree-sitter-typescript --external:cloudflared --external:pg --external:pg-native --external:pgsql-parser --external:libpg-query && rm -rf dist/server/public && cp -r ../claude-code-web/src/public dist/server/public && rm -rf dist/server/graph/queries && mkdir -p dist/server/graph && cp -r src/server/graph/queries dist/server/graph/queries",
73
+ "dev:client": "vite",
74
+ "dev:deck-serve": "cd ../.. && tsx watch packages/cli/src/server/deck-mcp-entry.ts serve",
75
+ "dev:chart": "pnpm build:server && pnpm build:chart-client && node dist/server/graph-mcp-entry.js serve",
76
+ "dev:server": "pnpm build:server && node dist/server/cli.js",
77
+ "dev": "pnpm build:server && concurrently -k -n client,server -c cyan,magenta \"vite\" \"node dist/server/cli.js\"",
78
+ "prepublishOnly": "pnpm build"
79
+ },
62
80
  "files": [
63
81
  "dist",
64
82
  "prompts",
@@ -79,6 +97,8 @@
79
97
  "ws": "^8.18.0"
80
98
  },
81
99
  "devDependencies": {
100
+ "@launchsecure/claude-code-web": "workspace:*",
101
+ "@launchsecure/ui": "workspace:*",
82
102
  "@types/node": "^20.0.0",
83
103
  "@types/pg": "^8.11.10",
84
104
  "@types/react": "^18.3.12",
@@ -102,25 +122,6 @@
102
122
  "react-router-dom": "^6.28.0",
103
123
  "tailwindcss": "^3.4.19",
104
124
  "vite": "^5.4.11",
105
- "vitest": "^1.6.0",
106
- "@launchsecure/claude-code-web": "0.0.1",
107
- "@launchsecure/ui": "0.0.1"
108
- },
109
- "scripts": {
110
- "build": "pnpm build:client && pnpm build:chart-client && pnpm build:deck-client && pnpm build:council-client && pnpm build:beacon && pnpm build:server",
111
- "build:beacon": "vite build --config vite.beacon.config.ts && tsc -p tsconfig.beacon.json --emitDeclarationOnly --outDir dist/beacon/types",
112
- "test:beacon": "vitest run --config vite.beacon.config.ts",
113
- "test:radar": "vitest run --config vite.radar.config.ts",
114
- "test:chart": "vitest run --config vite.chart.test.config.ts",
115
- "build:deck-client": "vite build --config vite.deck.config.ts",
116
- "build:council-client": "vite build --config vite.council.config.ts",
117
- "build:client": "vite build",
118
- "build:chart-client": "vite build --config vite.chart.config.ts",
119
- "build:server": "esbuild src/server/cli.ts src/server/fb-wizard.ts src/server/graph-mcp-entry.ts src/server/chart-serve.ts src/server/deck-mcp-entry.ts src/server/deck-serve.ts src/server/council-entry.ts src/server/council-serve.ts src/server/recall-entry.ts src/server/init-entry.ts src/server/orbit-entry.ts src/server/course-entry.ts src/server/beacon-monitor-entry.ts src/server/parse-worker-entry.ts src/server/radar-teardown-entry.ts src/server/radar-docker-init-entry.ts src/server/launch-radar-entry.ts src/server/rover-entry.ts src/server/launch-bot-entry.ts --bundle --platform=node --target=node18 --outdir=dist/server --external:node-pty --external:ws --external:typescript --external:web-tree-sitter --external:tree-sitter-typescript --external:cloudflared --external:pg --external:pg-native --external:pgsql-parser --external:libpg-query && rm -rf dist/server/public && cp -r ../claude-code-web/src/public dist/server/public && rm -rf dist/server/graph/queries && mkdir -p dist/server/graph && cp -r src/server/graph/queries dist/server/graph/queries",
120
- "dev:client": "vite",
121
- "dev:deck-serve": "cd ../.. && tsx watch packages/cli/src/server/deck-mcp-entry.ts serve",
122
- "dev:chart": "pnpm build:server && pnpm build:chart-client && node dist/server/graph-mcp-entry.js serve",
123
- "dev:server": "pnpm build:server && node dist/server/cli.js",
124
- "dev": "pnpm build:server && concurrently -k -n client,server -c cyan,magenta \"vite\" \"node dist/server/cli.js\""
125
+ "vitest": "^1.6.0"
125
126
  }
126
- }
127
+ }
@@ -1,5 +1,5 @@
1
1
  ---
2
- description: Cold-start a session — read the last HANDOFF snapshot, the newest shipping log, the git summary, and (if LS is connected) your open work items, reconcile them, then categorize all pending work (resume in-flight · review/PR feedback · bugs · high-priority · low-hanging fruit · stale/dead · tech-debt/deferred, plus a non-pickable blocked list) and let you choose a list to work from before drilling into a specific item. Read-only; the complement to /kit:handoff. Does NOT branch, commit, or write files unless you confirm a next step.
2
+ description: Cold-start a session — read the last HANDOFF snapshot, the newest shipping log, the git summary, any in-flight orbits/worktrees, and (if LS is connected) your open work items, reconcile them, then categorize all pending work (resume in-flight · review/PR feedback · bugs · high-priority · low-hanging fruit · stale/dead · tech-debt/deferred, plus a non-pickable blocked list) and let you choose a list to work from before drilling into a specific item. Read-only; the complement to /kit:handoff. Does NOT branch, commit, or write files unless you confirm a next step.
3
3
  ---
4
4
 
5
5
  # /kit:kickoff
@@ -28,7 +28,7 @@ Parse `$ARGUMENTS`:
28
28
 
29
29
  ## Step 1 — Gather the sources (don't show yet)
30
30
 
31
- Pull from four layers in parallel. Each is independently optional; a missing one is noted, not fatal.
31
+ Pull from five layers in parallel. Each is independently optional; a missing one is noted, not fatal.
32
32
 
33
33
  **1a. The HANDOFF snapshot** — read `doc/handoff/HANDOFF.md` if it exists. Extract its four live sections: **Where we are**, **What's next** (the priority-ordered 1–3), **Open threads**, and the embedded **Kickoff prompt**. This is the human-curated "what's next," highest signal. If the file doesn't exist, note "no HANDOFF yet — first kickoff" and lean on git + work items.
34
34
 
@@ -40,6 +40,8 @@ Pull from four layers in parallel. Each is independently optional; a missing one
40
40
  - `git status --porcelain` — uncommitted work. Filter out generated noise (`.launchsecure/graphs/*.json`, `node_modules`, `dist`, `.next`). What remains is genuine in-flight work — a **"resume this"** candidate.
41
41
  - Current branch + whether it's ahead/behind base.
42
42
 
43
+ > ⚠️ Everything in 1c is scoped to the **current** worktree only. In-flight work in other worktrees/orbits is invisible here — 1e covers it. Do not present a "resume in-flight" list without running 1e first.
44
+
43
45
  **1d. Work items (only if LS connected)** — build the backlog candidates:
44
46
  - `mcp__launch-secure__work_items_list({ assignee_email: "<git email>", status: "IN_PROGRESS" })` — things you already started; strongest "resume" candidates.
45
47
  - `mcp__launch-secure__work_items_list({ assignee_email: "<git email>", status: "TODO" })` — your queued backlog.
@@ -48,6 +50,15 @@ Pull from four layers in parallel. Each is independently optional; a missing one
48
50
 
49
51
  > Use the hosted `launch-secure` MCP by default. Only use `local-launch-secure` if the active course points there (see `/kit:course`). Don't ask for org/project slugs — the `.mcp.json` headers default to the current project.
50
52
 
53
+ **1e. Orbits / other worktrees** — the in-flight work that 1c structurally can't see. A feature usually lives in its own orbit (isolated worktree + forked DB), so the current tree being clean does NOT mean nothing is in flight. Enumerate + classify them:
54
+ - **Primary: `mcp__launch-orbit__orbit_check({ all: true })`** (if launch-orbit is wired) — sweeps every orbit registered for THIS repo and returns, per orbit, a `recommendation` + two verdicts. This replaces the hand-rolled dirty/ahead/merged math — orbit_check already runs `git status`, the merged-vs-base check, AND the DB/data drop-safety checks, then tells you which orbits still hold work vs. are safe to drop:
55
+ - **not `dropSafe`** (uncommitted changes or commits ahead of base) → a **🔧 Resume in-flight** candidate. Pull the "N dirty, M ahead" label from its `git.clean` / `git.merged` check summaries, and use the report's `actions[]` for what's needed to land it.
56
+ - **`dropSafe`** (merged + clean, nothing to lose) → a **🪦 Stale / dead** candidate ("orbit ‹slug› merged + clean — safe to drop"). Note: `healthy:false` here is usually just the DB being down, not real work — don't promote it to resume on that alone.
57
+ - `mcp__launch-orbit__orbit_list` — use for the stable slug + `age` metadata to label candidates and sort 🔧 Resume in-flight (freshest first).
58
+ - `git worktree list` — also surfaces **bare** worktrees created outside launch-orbit (these won't appear in orbit_check/orbit_list). For each such non-orbit worktree other than the current one, fall back to raw git: `git -C <path> status --porcelain` (uncommitted, filter the generated noise from 1c) + `git -C <path> rev-list --count <base>..HEAD` (commits ahead). Same rule: dirty/ahead → resume; clean + 0-ahead → stale/dead.
59
+ - `orbit_check` / `orbit_list` span **all** projects on the machine — keep only orbits whose `path` is under this repo's root.
60
+ - **Fallback (launch-orbit not wired):** classify every worktree from `git worktree list` with the raw-git pair above — still works, just without the DB/data drop-safety signal.
61
+
51
62
  ## Step 2 — Reconcile + flag drift
52
63
 
53
64
  Before showing anything, cross-check the sources against each other. This is the honesty pass — the inverse of what `/kit:standup` does for shipped work.
@@ -65,7 +76,7 @@ Pool every candidate from the reconciled sources (HANDOFF "What's next" + "Open
65
76
 
66
77
  Then sort each remaining item into **one** bucket — most-specific bucket wins, in this precedence:
67
78
 
68
- 1. **🔧 Resume in-flight** — uncommitted local work + `IN_PROGRESS` work items. The strongest "continue what you started" signal; always wins if present.
79
+ 1. **🔧 Resume in-flight** — uncommitted local work in the current tree (1c) + **dirty/ahead orbits & other worktrees (1e)** + `IN_PROGRESS` work items. The strongest "continue what you started" signal; always wins if present. Sort orbit/worktree candidates by recency (`age` / most-recently-touched first) — the freshest dirty orbit is usually what you were last on, even if it isn't the current tree.
69
80
  2. **👀 Review / PR feedback** — work waiting on *your* action on something already in motion: open PRs you authored or are assigned to review, unresolved review comments, `needs-review`/`changes-requested` tags. Time-sensitive (someone's blocked on you), so it outranks fresh work.
70
81
  3. **🐛 Bugs / broken** — defects: work items of type `bug` or tagged `bug`/`defect`/`regression`, and `broken`/`failing`/`revert`/`not patched` follow-up flags from commit bodies. Distinct from feature backlog regardless of priority.
71
82
  4. **🔥 High-priority** — items the project marks urgent: a work-item priority/severity field at its top value, tags like `p0`/`p1`/`urgent`, **and** everything in HANDOFF "What's next" (human-curated = high priority by definition), minus anything Step 2 flagged stale.
@@ -87,6 +98,7 @@ One compact block: orientation header, then each **non-empty** bucket with up to
87
98
 
88
99
  🔧 Resume in-flight (N)
89
100
  - <item — handle/branch/file · short why>
101
+ - <orbit ‹slug› [branch] · N dirty, M ahead · touched <age>>
90
102
  …up to 5… (+N more)
91
103
 
92
104
  👀 Review / PR feedback (N)
@@ -131,7 +143,10 @@ Readable in under a minute. The 🚧 Blocked list is informational only — neve
131
143
  Once a specific item is chosen:
132
144
 
133
145
  1. **Produce its kickoff prompt.** If the chosen slice matches the one HANDOFF already wrote a "Kickoff prompt for the next session" for, **reuse that verbatim** in a fenced block. Otherwise synthesize one in the **same shape** handoff uses (Starting **‹item — Title›** · read CLAUDE.md + HANDOFF + relevant Briefs · then the 1–6 design-shape questions: Surface, Fields/inputs, Eligibility, Data path, feature-specific, Out-of-scope). Make it specific to the chosen slice, not generic.
134
- 2. **Offer the setup as a confirmed next step — do not do it unprompted.** In one line, offer to: branch off the base (`git checkout <base> && git pull && git checkout -b <slice-branch>`) **or** create an isolated orbit (`/kit:orbit`) if the slice wants a forked DB. Wait for an explicit "yes" / branch name before running any git or orbit command — this is a state mutation and falls under the per-action confirmation rule.
146
+ 2. **Offer the setup as a confirmed next step — do not do it unprompted.** Tailor the offer to what was picked:
147
+ - **Picked an existing orbit/worktree (1e candidate):** it already exists — offer to switch into it (`mcp__launch-orbit__orbit_switch` to activate, then work in its `path`), NOT to create a branch. Never re-create an orbit that's already live.
148
+ - **Picked a fresh slice:** offer to branch off the base (`git checkout <base> && git pull && git checkout -b <slice-branch>`) **or** create an isolated orbit (`/kit:orbit`) if the slice wants a forked DB.
149
+ Wait for an explicit "yes" / branch name before running any git or orbit command — this is a state mutation and falls under the per-action confirmation rule.
135
150
  3. If the chosen slice is a `TODO` work item and the user confirms starting it, offer (don't auto-run) to move it to `IN_PROGRESS` via `mcp__launch-secure__work_item_move` / `work_item_update`.
136
151
 
137
152
  ## Edge cases
@@ -141,6 +156,7 @@ Once a specific item is chosen:
141
156
  - **Clean tree, nothing in flight, empty backlog** — say so plainly ("nothing in flight; HANDOFF's next is ‹X›") and just present HANDOFF's "What's next" as the candidates. Don't invent work.
142
157
  - **HANDOFF wildly out of sync with git** (many stale "next" items already shipped) — lead with the drift block and suggest the previous session likely forgot `/kit:handoff`; offer to reconstruct current-state from git, but don't write HANDOFF here (that's `/kit:handoff`'s job).
143
158
  - **Mid-branch resume** (current branch already ahead of base) — surface "continue this branch" at the top of the 🔧 Resume in-flight list, and skip the branch-creation offer in Step 6 unless the user picks a different item.
159
+ - **In-flight work lives in an orbit, not the current tree** (the common case — current tree clean but a dirty/ahead orbit exists per 1e) — do NOT report "nothing in flight." Lead 🔧 Resume in-flight with the freshest dirty/ahead orbit, and in Step 6 offer `orbit_switch` into it rather than a new branch.
144
160
  - **Everything lands in one bucket** (e.g. all candidates are stale) — that's fine; show the single list and skip Stage A (no choice to make), going straight to picking an item.
145
161
 
146
162
  ## Notes for the assistant
@@ -13,17 +13,19 @@ Parse `$ARGUMENTS` — first token is the subcommand:
13
13
  - **switch &lt;branch&gt;** — activate an orbit: atomically repoint the `current` anchor at its worktree, then operate under that anchor.
14
14
  - **deactivate** — clear the `current` anchor so work targets the main checkout again.
15
15
  - **doctor** — surface registry inconsistencies.
16
- - **check &lt;branch&gt; --target=&lt;target-branch&gt;**run pre-merge gates WITHOUT merging.
16
+ - **check &lt;branch&gt;** — `[--all] [--deep] [--base=<ref>] [--json]` orbit **cleanliness** report: DROP-SAFE + HEALTHY verdicts, recommendation + concrete actions. (Different from `check-merge` this is "is it safe to delete / sane to keep working in", not "will it merge".)
17
+ - **check-merge &lt;branch&gt; --target=&lt;target-branch&gt;** — run pre-merge gates WITHOUT merging.
17
18
  - **merge &lt;branch&gt; --target=&lt;target-branch&gt;** — `[--cleanup=full|none] [--skip-gate=<id>,…]` — run gates + merge.
18
- - **drop &lt;branch&gt;** — `[--no-backup]` — tear down (backup, drop DB, remove worktree, deregister).
19
+ - **drop &lt;branch&gt;** — `[--no-backup] [--force]` — tear down (drop-safety guard, then backup, drop DB, remove worktree, deregister).
19
20
 
20
21
  Examples:
21
22
  - `/kit:orbit create feat-channel-rename --profile=fe`
22
- - `/kit:orbit check feat-channel-rename --target=implementation`
23
+ - `/kit:orbit check feat-channel-rename` · `/kit:orbit check --all`
24
+ - `/kit:orbit check-merge feat-channel-rename --target=implementation`
23
25
  - `/kit:orbit merge feat-channel-rename --target=implementation`
24
26
  - `/kit:orbit doctor`
25
27
 
26
- ## Preflight (runs on create / check / merge)
28
+ ## Preflight (runs on create / check-merge / merge)
27
29
 
28
30
  1. Confirm `mcp__launch-orbit__orbit_doctor` returns no critical inconsistencies for THIS project. If it does, surface them and stop — the operator probably wants `/kit:orbit drop <stale-branch>` first.
29
31
  2. Confirm `orbit.json` exists at the repo root. If missing, tell the user to add one (point at the orbit docs) and stop.
@@ -61,7 +63,23 @@ Switching to a *different* orbit just repoints the anchor — re-run `nextAction
61
63
 
62
64
  `mcp__launch-orbit__orbit_doctor` → list every issue with a one-line fix (e.g. `orphan-registration` → `/kit:orbit drop <branch>`).
63
65
 
64
- ### check
66
+ ### check (cleanliness)
67
+
68
+ `mcp__launch-orbit__orbit_check(branch)` (or `all: true` to sweep this repo's orbits; `deep: true` adds the prisma schema-drift check) → render the two-verdict report:
69
+
70
+ ```
71
+ orbit feat-channel-rename [feat-channel-rename] DROP-SAFE: NO HEALTHY: YES
72
+ recommendation: KEEP — unmerged or uncommitted work would be lost on drop.
73
+ Drop-safety: ✗ uncommitted changes · ✗ 3 commits ahead · ✓ no orbit-only rows
74
+ Working-health: ✓ registry · ⚠ env drift · ✓ DB reachable · ✓ ports free
75
+ Actions:
76
+ → Commit or stash the uncommitted changes …
77
+ → Merge feat-channel-rename into implementation …
78
+ ```
79
+
80
+ Use it to answer "can I drop this / is it sane to keep working in" — e.g. before cleaning up stale orbits, or at session start. The report carries a `recommendation` + `actions[]`; surface those verbatim. DB checks skip gracefully if the cluster is down.
81
+
82
+ ### check-merge (pre-merge gates)
65
83
 
66
84
  `mcp__launch-orbit__orbit_check_mergeable(branch, target)` → render the gate report:
67
85
 
@@ -76,7 +94,7 @@ result: BLOCKED — fix build-lint then retry.
76
94
 
77
95
  ### merge
78
96
 
79
- 1. Run `check` first (same report). If `passed: false`, stop with the report — don't attempt the merge.
97
+ 1. Run `check-merge` first (same report). If `passed: false`, stop with the report — don't attempt the merge.
80
98
  2. If `passed: true`, call `mcp__launch-orbit__orbit_merge(branch, target, cleanup, skipGates)` and surface the result.
81
99
  3. Default `cleanup: "full"` (orbit is dropped post-merge after pg_dump). The operator must pass `--cleanup=none` to keep the orbit around.
82
100
  4. After a successful merge, recommend `/kit:standup` to surface the change in the next standup, and `/kit:diagram` if it touched the schema.
@@ -85,11 +103,13 @@ result: BLOCKED — fix build-lint then retry.
85
103
 
86
104
  `mcp__launch-orbit__orbit_drop(branch, backup: !args.noBackup)` → idempotent. Surface `backups[]` paths.
87
105
 
106
+ **Drop-safety guard (default on).** `orbit_drop` runs the drop-safety checks first and THROWS if the orbit still has uncommitted/unmerged work or orbit-only DB data. When that happens, surface the blockers and DON'T pass `force: true` reflexively — relay the verdict, let the operator decide. Only pass `force: true` after they explicitly confirm "drop anyway, I'll lose that work". (Tip: run `/kit:orbit check <branch>` first to see the full report and the recommended actions.)
107
+
88
108
  ## Conventions encoded here
89
109
 
90
110
  - **No bare `--target=master`.** Default merge target is `implementation` per project CLAUDE.md ("implementation branch is parent for all impl branches"). If the operator types `--target=master`, double-check by asking once.
91
111
  - **No `--skip-gate` without a reason in the next message.** Surface a banner: `"Skipping gates: <ids>. Reason?"` — let the operator answer in chat; do NOT proceed silently.
92
- - **Always run `check` before `merge`.** The skill enforces this — even if the operator runs `merge` directly, the skill runs `check` first.
112
+ - **Always run `check-merge` before `merge`.** The skill enforces this — even if the operator runs `merge` directly, the skill runs `check-merge` first.
93
113
  - **Layer awareness.** Pre-flight always prints `detect_project_stack` layers so the operator sees parity (or absence) between chart layers and orbit gate scope.
94
114
 
95
115
  ## Constraints
File without changes