@matthesketh/fleet 1.2.0 → 1.7.0

package/dist/core/telegram.js

@@ -0,0 +1,32 @@
+import { readFileSync, existsSync } from 'node:fs';
+const TELEGRAM_CONFIG_PATH = '/etc/fleet/telegram.json';
+export function loadTelegramConfig() {
+    if (!existsSync(TELEGRAM_CONFIG_PATH))
+        return null;
+    try {
+        const raw = JSON.parse(readFileSync(TELEGRAM_CONFIG_PATH, 'utf-8'));
+        if (!raw.botToken || !raw.chatId)
+            return null;
+        return { botToken: String(raw.botToken), chatId: String(raw.chatId) };
+    }
+    catch {
+        return null;
+    }
+}
+export async function sendTelegram(config, message) {
+    try {
+        const res = await fetch(`https://api.telegram.org/bot${config.botToken}/sendMessage`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                chat_id: config.chatId,
+                text: message,
+                parse_mode: 'HTML',
+            }),
+        });
+        return res.ok;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/core/validate.d.ts

@@ -0,0 +1,7 @@
+export declare function assertAppName(name: string): void;
+export declare function assertServiceName(name: string): void;
+export declare function assertDomain(domain: string): void;
+export declare function assertBranch(branch: string): void;
+export declare function assertHealthPath(path: string): void;
+export declare function assertFilePath(path: string): void;
+export declare function assertSecretKey(key: string): void;

package/dist/core/validate.js

@@ -0,0 +1,42 @@
+const APP_NAME_RE = /^[a-zA-Z0-9][a-zA-Z0-9._-]*$/;
+const DOMAIN_RE = /^[a-zA-Z0-9][a-zA-Z0-9.-]*$/;
+const BRANCH_RE = /^[a-zA-Z0-9][a-zA-Z0-9._/-]*$/;
+const HEALTH_PATH_RE = /^\/[a-zA-Z0-9/_.-]*$/;
+const SERVICE_NAME_RE = /^[a-zA-Z0-9][a-zA-Z0-9@._-]*$/;
+// Secret keys must be valid env var names (alphanumeric + underscore, no leading digit)
+const SECRET_KEY_RE = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+function assert(value, label, pattern) {
+    if (!pattern.test(value)) {
+        throw new Error(`Invalid ${label}: "${value}" does not match ${pattern}`);
+    }
+}
+function assertNoTraversal(value, label) {
+    if (value.includes('\0'))
+        throw new Error(`Invalid ${label}: contains null byte`);
+    const parts = value.replace(/\\/g, '/').split('/');
+    if (parts.includes('..'))
+        throw new Error(`Invalid ${label}: contains path traversal`);
+}
+export function assertAppName(name) {
+    assert(name, 'app name', APP_NAME_RE);
+}
+export function assertServiceName(name) {
+    assert(name, 'service name', SERVICE_NAME_RE);
+}
+export function assertDomain(domain) {
+    assert(domain, 'domain', DOMAIN_RE);
+}
+export function assertBranch(branch) {
+    assert(branch, 'branch name', BRANCH_RE);
+    assertNoTraversal(branch, 'branch name');
+}
+export function assertHealthPath(path) {
+    assert(path, 'health path', HEALTH_PATH_RE);
+    assertNoTraversal(path, 'health path');
+}
+export function assertFilePath(path) {
+    assertNoTraversal(path, 'file path');
+}
+export function assertSecretKey(key) {
+    assert(key, 'secret key', SECRET_KEY_RE);
+}

package/dist/index.js

@@ -4,10 +4,6 @@ import { error } from './ui/output.js';
 import { FleetError } from './core/errors.js';
 const isMcp = process.argv.includes('mcp');
 const isInstallMcp = process.argv.includes('install-mcp');
-if (!isMcp && !isInstallMcp && process.getuid && process.getuid() !== 0) {
-    error('fleet must be run as root');
-    process.exit(1);
-}
 run(process.argv).catch((err) => {
     if (err instanceof FleetError) {
         error(err.message);

package/dist/mcp/deps-tools.js

@@ -68,12 +68,20 @@ export function registerDepsTools(server) {
         saveConfig(config);
         return text(`Ignoring ${params.package}: ${params.reason}`);
     });
+    const ALLOWED_CONFIG_KEYS = new Set([
+        'scanIntervalHours', 'concurrency',
+    ]);
     server.tool('fleet_deps_config', 'Get or set dependency monitoring configuration', { key: z.string().optional(), value: z.string().optional() }, async ({ key, value }) => {
         const config = loadConfig();
         if (!key)
             return text(JSON.stringify(config, null, 2));
-        if (!value)
+        if (!value) {
+            if (!ALLOWED_CONFIG_KEYS.has(key))
+                return text(`Unknown config key: ${key}`);
             return text(JSON.stringify(config[key], null, 2));
+        }
+        if (!ALLOWED_CONFIG_KEYS.has(key))
+            return text(`Cannot set key: ${key}. Allowed: ${[...ALLOWED_CONFIG_KEYS].join(', ')}`);
         config[key] = value === 'true' ? true : value === 'false' ? false : isNaN(Number(value)) ? value : Number(value);
         saveConfig(config);
         return text(`Set ${key} = ${value}`);

package/dist/mcp/git-tools.js

@@ -1,6 +1,6 @@
 import { z } from 'zod';
 import { load, findApp } from '../core/registry.js';
-import { getGitStatus, getProjectRoot, gitAdd, gitCommit, gitCheckout, gitPush } from '../core/git.js';
+import { getGitStatus, getProjectRoot, gitAddTracked, gitCommit, gitCheckout, gitPush } from '../core/git.js';
 import { detectScenario, describeOnboardPlan, executeOnboard } from '../core/git-onboard.js';
 import * as github from '../core/github.js';
 import { AppNotFoundError } from '../core/errors.js';
@@ -70,7 +70,7 @@ export function registerGitTools(server) {
         gitPush(root, branch, true);
         return text(`Created and pushed branch ${branch} from ${from}`);
     });
-    server.tool('fleet_git_commit', 'Stage all changes and commit', {
+    server.tool('fleet_git_commit', 'Stage tracked file changes and commit', {
         app: z.string().describe('App name'),
         message: z.string().describe('Commit message'),
         dryRun: z.boolean().optional().default(false).describe('Preview without making changes'),
@@ -81,8 +81,8 @@ export function registerGitTools(server) {
             return text(hint);
         const root = getProjectRoot(app.composePath);
         if (dryRun)
-            return text(`Would stage all and commit: "${message}"`);
-        gitAdd(root);
+            return text(`Would stage tracked changes and commit: "${message}"`);
+        gitAddTracked(root);
         gitCommit(root, message);
         return text(`Committed: ${message}`);
     });

package/dist/mcp/server.js

@@ -1,8 +1,10 @@
-import { z } from 'zod';
+import { existsSync, readFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { z } from 'zod';
 import { getStatusData } from '../commands/status.js';
-import { existsSync } from 'node:fs';
 import { load, findApp, save, addApp } from '../core/registry.js';
 import { startService, stopService, restartService } from '../core/systemd.js';
 import { getContainerLogs, getContainersByCompose } from '../core/docker.js';
@@ -10,12 +12,17 @@ import { checkHealth, checkAllHealth } from '../core/health.js';
 import { listSites, installConfig, testConfig, reload, removeConfig } from '../core/nginx.js';
 import { generateNginxConfig } from '../templates/nginx.js';
 import { composeBuild } from '../core/docker.js';
+import { execSafe } from '../core/exec.js';
 import { AppNotFoundError } from '../core/errors.js';
+import { assertAppName, assertServiceName, assertFilePath, assertDomain } from '../core/validate.js';
 import { loadManifest, listSecrets, isInitialized } from '../core/secrets.js';
 import { unsealAll, getStatus as getSecretsStatus } from '../core/secrets-ops.js';
 import { validateApp, validateAll } from '../core/secrets-validate.js';
+import { freezeApp, unfreezeApp } from '../commands/freeze.js';
 import { registerGitTools } from './git-tools.js';
 import { registerSecretsTools } from './secrets-tools.js';
+import { readContainerLogs, getLogStatus, effectivePolicy } from '../core/logs-policy.js';
+import { snapshotEgress } from '../core/egress.js';
 import { registerDepsTools } from './deps-tools.js';
 function requireApp(name) {
     const reg = load();
@@ -28,9 +35,11 @@ function text(msg) {
     return { content: [{ type: 'text', text: msg }] };
 }
 export async function startMcpServer() {
+    const __dirname = dirname(fileURLToPath(import.meta.url));
+    const pkg = JSON.parse(readFileSync(join(__dirname, '..', '..', 'package.json'), 'utf-8'));
     const server = new McpServer({
         name: 'fleet',
-        version: '1.0.0',
+        version: pkg.version,
     });
     server.tool('fleet_status', 'Dashboard data for all apps: systemd state, containers, health', async () => {
         const data = getStatusData();
@@ -55,17 +64,138 @@ export async function startMcpServer() {
         const ok = restartService(entry.serviceName);
         return text(ok ? `Restarted ${entry.name}` : `Failed to restart ${entry.name}`);
     });
-    server.tool('fleet_logs', 'Get recent container logs for an app', {
+    server.tool('fleet_logs', 'DEPRECATED — prefer fleet_logs_recent (token-conservative defaults) or fleet_logs_summary. Get recent container logs for an app.', {
         app: z.string().describe('App name'),
+        container: z.string().optional().describe('Container name (omit to list available containers, or get logs from first)'),
         lines: z.number().optional().default(100).describe('Number of log lines'),
-    }, async ({ app, lines }) => {
+    }, async ({ app, container, lines }) => {
         const entry = requireApp(app);
-        const container = entry.containers[0];
-        if (!container)
+        if (entry.containers.length === 0)
             return text('No containers registered');
-        const logs = getContainerLogs(container, lines);
+        if (!container && entry.containers.length > 1) {
+            return text(`${entry.name} has ${entry.containers.length} containers. Specify one:\n` +
+                entry.containers.map(c => `  - ${c}`).join('\n') +
+                `\n\nOr omit container to get logs from: ${entry.containers[0]}`);
+        }
+        const target = container ?? entry.containers[0];
+        if (!entry.containers.includes(target)) {
+            return text(`Container "${target}" not found in ${entry.name}. Available:\n` +
+                entry.containers.map(c => `  - ${c}`).join('\n'));
+        }
+        const logs = getContainerLogs(target, lines);
         return text(logs);
     });
+    // ── New token-conservative log tools ─────────────────────────────────────
+    server.tool('fleet_logs_recent', 'Get recent log lines for an app, filtered to a level and bounded in size. Defaults are SMALL (50 lines, last 15 minutes, warn+) — broaden only if needed. Returns {text, truncated, suggestion}.', {
+        app: z.string().describe('App name'),
+        container: z.string().optional().describe('Container (defaults to first)'),
+        lines: z.number().optional().default(50).describe('Tail N lines (default 50)'),
+        level: z.enum(['debug', 'info', 'warn', 'error']).optional().default('warn').describe('Min level (default warn — drops debug/info noise)'),
+        sinceMinutes: z.number().optional().default(15).describe('Look back this many minutes (default 15)'),
+        grep: z.string().optional().describe('Substring filter applied after level'),
+    }, async ({ app, container, lines, level, sinceMinutes, grep }) => {
+        const entry = requireApp(app);
+        if (entry.containers.length === 0)
+            return text('No containers registered');
+        const target = container ?? entry.containers[0];
+        if (!entry.containers.includes(target)) {
+            return text(`Container "${target}" not in ${entry.name}. Have: ${entry.containers.join(', ')}`);
+        }
+        const result = readContainerLogs(target, { lines, level, sinceMinutes, grep, maxBytes: 200_000 });
+        const suffix = result.truncated
+            ? '\n\n[truncated at 200KB — narrow with smaller lines/sinceMinutes or add grep]'
+            : '';
+        return text(result.text + suffix);
+    });
+    server.tool('fleet_logs_summary', 'Cheap aggregate: counts of log lines by level + the top 10 distinct error/warning messages over a window. Use as a first pass before fleet_logs_recent.', {
+        app: z.string().describe('App name'),
+        container: z.string().optional().describe('Container (defaults to first)'),
+        sinceMinutes: z.number().optional().default(60).describe('Window in minutes (default 60)'),
+    }, async ({ app, container, sinceMinutes }) => {
+        const entry = requireApp(app);
+        const target = container ?? entry.containers[0];
+        if (!entry.containers.includes(target)) {
+            return text(`Container "${target}" not in ${entry.name}. Have: ${entry.containers.join(', ')}`);
+        }
+        const all = readContainerLogs(target, { lines: 5000, sinceMinutes, maxBytes: 5_000_000 });
+        const lines = all.text.split('\n').filter(l => l.trim());
+        const counts = { error: 0, warn: 0, info: 0, debug: 0, other: 0 };
+        const errMsgs = new Map();
+        for (const ln of lines) {
+            if (/error|err\b|fatal|critical|exception|panic/i.test(ln)) {
+                counts.error++;
+                // canonicalise: drop timestamps, IDs
+                const norm = ln.replace(/\b[0-9a-f]{8,}\b/gi, '<id>')
+                    .replace(/\b\d{4}-\d{2}-\d{2}T[\d:.]+Z?\b/g, '<ts>')
+                    .replace(/\d+/g, 'N')
+                    .slice(0, 200);
+                errMsgs.set(norm, (errMsgs.get(norm) ?? 0) + 1);
+            }
+            else if (/warn|warning/i.test(ln))
+                counts.warn++;
+            else if (/\binfo\b/i.test(ln))
+                counts.info++;
+            else if (/\bdebug|trace|verbose\b/i.test(ln))
+                counts.debug++;
+            else
+                counts.other++;
+        }
+        const top = [...errMsgs.entries()]
+            .sort((a, b) => b[1] - a[1])
+            .slice(0, 10)
+            .map(([msg, n]) => `  ${n.toString().padStart(4)} × ${msg}`);
+        const lines2 = [
+            `Container: ${target}  Window: ${sinceMinutes}m  Total: ${lines.length} lines`,
+            `By level: ${counts.error} error, ${counts.warn} warn, ${counts.info} info, ${counts.debug} debug, ${counts.other} other`,
+            '',
+            top.length ? 'Top distinct error/warn messages:' : 'No error/warn messages in window.',
+            ...top,
+        ];
+        return text(lines2.join('\n'));
+    });
+    server.tool('fleet_logs_search', 'Bounded grep across recent container logs. Returns matching lines with 0 lines of context, capped at max_results. Cheaper than fleet_logs_recent + manual filtering.', {
+        app: z.string().describe('App name'),
+        container: z.string().optional().describe('Container (defaults to first)'),
+        query: z.string().describe('Substring or regex'),
+        sinceMinutes: z.number().optional().default(60).describe('Window in minutes (default 60)'),
+        maxResults: z.number().optional().default(20).describe('Cap results (default 20)'),
+    }, async ({ app, container, query, sinceMinutes, maxResults }) => {
+        const entry = requireApp(app);
+        const target = container ?? entry.containers[0];
+        if (!entry.containers.includes(target)) {
+            return text(`Container "${target}" not in ${entry.name}. Have: ${entry.containers.join(', ')}`);
+        }
+        const result = readContainerLogs(target, { lines: 5000, sinceMinutes, grep: query, maxBytes: 1_000_000 });
+        const matches = result.text.split('\n').filter(l => l.trim());
+        const slice = matches.slice(0, maxResults);
+        const note = matches.length > maxResults
+            ? `\n\n[${matches.length - maxResults} more matches — narrow query or shorten window]`
+            : '';
+        return text(slice.join('\n') + note);
+    });
+    server.tool('fleet_egress_snapshot', 'Snapshot the current outbound TCP flows for an app and report which destinations are NOT in the configured allowlist. Use to seed allowlists or audit unexpected egress. v1 is observe-only — it never blocks traffic.', { app: z.string().describe('App name') }, async ({ app }) => {
+        const entry = requireApp(app);
+        const snap = snapshotEgress(entry);
+        return text(JSON.stringify({
+            takenAt: snap.takenAt,
+            app: snap.app,
+            uniqueRemotes: snap.uniqueRemotes,
+            violations: snap.violations,
+            flowCount: snap.flows.length,
+        }, null, 2));
+    });
+    server.tool('fleet_logs_status', 'Per-container log driver, current size, and policy applied. Use to check which apps need fleet logs setup.', { app: z.string().optional().describe('App name (omit for all)') }, async ({ app }) => {
+        const reg = load();
+        const apps = app ? [findApp(reg, app)].filter(Boolean) : reg.apps;
+        const out = [];
+        for (const a of apps) {
+            const policy = effectivePolicy(a);
+            const status = getLogStatus(a);
+            for (const s of status)
+                out.push({ ...s, sizeMB: s.totalBytes != null ? +(s.totalBytes / 1024 / 1024).toFixed(2) : null, policy });
+        }
+        return text(JSON.stringify(out, null, 2));
+    });
     server.tool('fleet_health', 'Run health checks for one or all apps', { app: z.string().optional().describe('App name (omit for all apps)') }, async ({ app }) => {
         const reg = load();
         if (app) {
@@ -91,6 +221,13 @@ export async function startMcpServer() {
         port: z.number().describe('Backend port'),
         type: z.enum(['proxy', 'spa', 'nextjs']).optional().default('proxy').describe('Config type'),
     }, async ({ domain, port, type }) => {
+        const DANGEROUS_PORTS = [5432, 3306, 27017, 6379, 9000];
+        if (port < 1024 || port > 65535) {
+            return text(`Invalid port ${port}: must be in range 1024-65535`);
+        }
+        if (DANGEROUS_PORTS.includes(port)) {
+            return text(`Port ${port} is not allowed (reserved for internal services)`);
+        }
         const config = generateNginxConfig({ domain, port, type });
         installConfig(domain, config);
         const test = testConfig();
@@ -144,6 +281,19 @@ export async function startMcpServer() {
         usesSharedDb: z.boolean().optional().default(false).describe('Uses shared database'),
         dependsOnDatabases: z.boolean().optional().default(false).describe('Depends on docker-databases'),
     }, async (params) => {
+        try {
+            assertAppName(params.name);
+            assertFilePath(params.composePath);
+            if (params.serviceName)
+                assertServiceName(params.serviceName);
+            if (params.composeFile)
+                assertFilePath(params.composeFile);
+            for (const d of (params.domains ?? []))
+                assertDomain(d);
+        }
+        catch (err) {
+            return text(`Validation error: ${err.message}`);
+        }
         if (!existsSync(params.composePath)) {
             return text(`Error: composePath does not exist: ${params.composePath}`);
         }
@@ -173,6 +323,41 @@ export async function startMcpServer() {
         const action = existing ? 'Updated' : 'Registered';
         return text(`${action} app "${params.name}":\n${JSON.stringify(entry, null, 2)}`);
     });
+    server.tool('fleet_freeze', 'Freeze a crash-looping service: stop it, disable it, and mark it frozen in the registry. Requires manual unfreezing.', {
+        app: z.string().describe('App name'),
+        reason: z.string().optional().describe('Reason for freezing'),
+    }, async ({ app, reason }) => {
+        freezeApp(app, reason);
+        return text(`Frozen ${app}${reason ? `: ${reason}` : ''}`);
+    });
+    server.tool('fleet_unfreeze', 'Unfreeze a frozen service: clear frozen state, enable and start the service.', { app: z.string().describe('App name') }, async ({ app }) => {
+        unfreezeApp(app);
+        return text(`Unfrozen ${app} — service enabled and started`);
+    });
+    server.tool('fleet_rollback', 'Roll back an app to its previous image (tagged <repo>:fleet-previous before the last build) and restart the service. Use this when a recent deploy or boot-refresh produced a broken image.', { app: z.string().describe('App name') }, async ({ app }) => {
+        const entry = requireApp(app);
+        // Resolve current image name via compose config
+        const config = execSafe('docker', ['compose', ...(entry.composeFile ? ['-f', entry.composeFile] : []), 'config', '--images'], { cwd: entry.composePath, timeout: 15_000 });
+        if (!config.ok)
+            return text(`Could not resolve image name for ${entry.name}: ${config.stderr}`);
+        const latest = config.stdout.split('\n').filter(Boolean)[0];
+        if (!latest)
+            return text(`Could not resolve image name for ${entry.name}`);
+        // Compute previous tag via lastIndexOf (handles registry:port/repo:tag)
+        const lastColon = latest.lastIndexOf(':');
+        const base = lastColon > 0 ? latest.slice(0, lastColon) : latest;
+        const previous = `${base}:fleet-previous`;
+        if (!execSafe('docker', ['image', 'inspect', previous], { timeout: 10_000 }).ok) {
+            return text(`No previous image found (${previous}) — nothing to roll back to`);
+        }
+        const tag = execSafe('docker', ['tag', previous, latest], { timeout: 10_000 });
+        if (!tag.ok)
+            return text(`docker tag failed: ${tag.stderr}`);
+        const ok = restartService(entry.serviceName);
+        return text(ok
+            ? `Rolled back ${entry.name} to ${previous}`
+            : `Tag flipped but service restart failed for ${entry.serviceName}`);
+    });
     registerGitTools(server);
     registerSecretsTools(server);
     registerDepsTools(server);

package/dist/templates/systemd.js

@@ -1,5 +1,5 @@
 export function generateServiceFile(opts) {
-    const fileFlag = opts.composeFile ? ` -f ${opts.composeFile}` : '';
+    const fileFlag = opts.composeFile ? ` -f "${opts.composeFile}"` : '';
     const dbDep = opts.dependsOnDatabases ? ' docker-databases.service' : '';
     return `[Unit]
 Description=${opts.description}
@@ -12,10 +12,10 @@ Type=oneshot
 RemainAfterExit=yes
 WorkingDirectory=${opts.workingDirectory}
 ExecStartPre=-/usr/bin/docker compose${fileFlag} down
-ExecStart=/usr/bin/docker compose${fileFlag} up -d --force-recreate
+ExecStart=/usr/bin/env fleet boot-start ${opts.serviceName}
 ExecStop=/usr/bin/docker compose${fileFlag} down --timeout 30
 ExecReload=/usr/bin/docker compose${fileFlag} restart
-TimeoutStartSec=300
+TimeoutStartSec=900
 TimeoutStopSec=60
 Restart=on-failure
 RestartSec=10

package/dist/templates/unseal.js

@@ -1,4 +1,8 @@
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
 import { load } from '../core/registry.js';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const fleetBin = join(__dirname, '..', '..', 'dist', 'index.js');
 export function generateUnsealService() {
     const reg = load();
     const serviceNames = reg.apps.map(a => a.serviceName + '.service');
@@ -12,7 +16,7 @@ Before=${allServices}
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=/usr/bin/node /home/matt/fleet/dist/index.js secrets unseal
+ExecStart=/usr/bin/node ${fleetBin} secrets unseal
 ExecStop=/bin/rm -rf /run/fleet-secrets
 TimeoutStartSec=30
 

package/dist/tui/components/KeyHint.js

@@ -44,6 +44,16 @@ const viewHints = {
         { key: 'Esc', label: 'back' },
         { key: 'q', label: 'quit' },
     ],
+    'logs-multi': [
+        { key: 'Tab', label: 'switch focus' },
+        { key: 'j/k', label: 'pick' },
+        { key: 'Space', label: 'toggle' },
+        { key: 'a', label: 'all/none' },
+        { key: 'p', label: 'pause' },
+        { key: 'c', label: 'clear' },
+        { key: 'L', label: 'level' },
+        { key: 'q', label: 'quit' },
+    ],
 };
 export function KeyHint() {
     const { currentView, confirmAction } = useAppState();

package/dist/tui/exec-bridge.js

@@ -1,4 +1,4 @@
-import { execFile } from 'node:child_process';
+import { execFile, spawn } from 'node:child_process';
 import { fileURLToPath } from 'node:url';
 import { dirname, join } from 'node:path';
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -32,26 +32,40 @@ export function runFleetJson(args) {
     });
 }
 export function streamFleetCommand(args) {
-    const child = execFile('node', [FLEET_BIN, ...args], {
-        maxBuffer: 10 * 1024 * 1024,
+    const child = spawn('node', [FLEET_BIN, ...args], {
+        stdio: ['ignore', 'pipe', 'pipe'],
     });
     const callbacks = [];
-    child.stdout?.on('data', (chunk) => {
-        const lines = chunk.toString().split('\n').filter(Boolean);
-        for (const line of lines) {
+    const buffered = [];
+    const MAX_BUFFER = 1000;
+    function dispatch(line) {
+        if (callbacks.length === 0) {
+            if (buffered.length >= MAX_BUFFER)
+                buffered.shift();
+            buffered.push(line);
+        }
+        else {
             for (const cb of callbacks)
                 cb(line);
         }
+    }
+    child.stdout.on('data', (chunk) => {
+        for (const line of chunk.toString().split('\n').filter(Boolean)) {
+            dispatch(line);
+        }
     });
-    child.stderr?.on('data', (chunk) => {
-        const lines = chunk.toString().split('\n').filter(Boolean);
-        for (const line of lines) {
-            for (const cb of callbacks)
-                cb(line);
+    child.stderr.on('data', (chunk) => {
+        for (const line of chunk.toString().split('\n').filter(Boolean)) {
+            dispatch(line);
         }
     });
     return {
         kill: () => child.kill(),
-        onData: (cb) => callbacks.push(cb),
+        onData: (cb) => {
+            callbacks.push(cb);
+            for (const line of buffered)
+                cb(line);
+            buffered.length = 0;
+        },
     };
 }

package/dist/tui/hooks/use-fleet-data.js

@@ -1,8 +1,11 @@
 import { useState, useEffect, useCallback, useRef } from 'react';
+import { useStableState } from '@matthesketh/ink-stable-state';
 import { runFleetJson } from '../exec-bridge.js';
 import { useInterval } from './use-interval.js';
 export function useFleetData(autoRefreshMs = 10_000) {
-    const [status, setStatus] = useState(null);
+    // useStableState short-circuits setStatus when the polled payload is
+    // structurally equal to the previous one — no flicker on identical refreshes.
+    const [status, setStatus] = useStableState(null);
     const [loading, setLoading] = useState(true);
     const [error, setError] = useState(null);
     const initialised = useRef(false);
@@ -21,7 +24,7 @@ export function useFleetData(autoRefreshMs = 10_000) {
             }
             setLoading(false);
         });
-    }, []);
+    }, [setStatus]);
     useEffect(() => {
         refresh();
     }, [refresh]);

package/dist/tui/hooks/use-health.js

@@ -1,8 +1,11 @@
 import { useState, useEffect, useCallback, useRef } from 'react';
+import { useStableState } from '@matthesketh/ink-stable-state';
 import { runFleetJson } from '../exec-bridge.js';
 import { useInterval } from './use-interval.js';
 export function useHealth(autoRefreshMs = 15_000) {
-    const [results, setResults] = useState([]);
+    // useStableState short-circuits setState when the new payload is structurally
+    // equal to the previous one — no flicker on identical poll cycles.
+    const [results, setResults] = useStableState([]);
     const [loading, setLoading] = useState(true);
     const [error, setError] = useState(null);
     const initialised = useRef(false);
@@ -20,7 +23,7 @@ export function useHealth(autoRefreshMs = 15_000) {
             }
             setLoading(false);
         });
-    }, []);
+    }, [setResults]);
     useEffect(() => {
         refresh();
     }, [refresh]);