@matthesketh/fleet 1.8.1 → 1.11.1

package/dist/core/env.js

@@ -0,0 +1,11 @@
+import { FleetError } from './errors.js';
+/** returns a required env var, or throws a clear error. use for secrets,
+ *  keys and credential paths where a silent default would be dangerous. */
+export function requireEnv(name) {
+    const value = process.env[name];
+    if (value === undefined || value === '') {
+        throw new FleetError(`required environment variable ${name} is not set — ` +
+            `it has no safe default and must be provided explicitly`);
+    }
+    return value;
+}

package/dist/core/exec.d.ts

@@ -9,6 +9,7 @@ export declare function execSafe(cmd: string, args: string[], opts?: {
     cwd?: string;
     env?: Record<string, string>;
     input?: string;
+    maxBuffer?: number;
 }): ExecResult;
 export declare function execGit(args: string[], opts: {
     cwd: string;

package/dist/core/exec.js

@@ -7,6 +7,10 @@ export function execSafe(cmd, args, opts = {}) {
         encoding: 'utf-8',
         stdio: 'pipe',
         input: opts.input,
+        // node's default is 1mb. restic --json on a long-running snapshot emits
+        // hundreds of progress lines that easily blow past that; bump to 256mb
+        // so a multi-hour run can't hit ENOBUFS just from status chatter.
+        maxBuffer: opts.maxBuffer ?? 256 * 1024 * 1024,
     });
     if (result.error) {
         return {

package/dist/core/file-lock.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Inter-process lock around a state-file path. Uses proper-lockfile (the same
+ * dependency the claude-cli runner uses for its mutex), which creates a
+ * <path>.lock directory atomically via mkdir(2).
+ *
+ * The wrapped path itself does not need to exist yet — `realpath: false`
+ * tells proper-lockfile to skip the realpath check, so we can lock around a
+ * registry/manifest file that hasn't been written for the first time. The
+ * parent directory of <path> must exist (we ensureDir below) so the .lock
+ * mkdir can succeed.
+ *
+ * Important: this lock is NOT reentrant. Callers should wrap the outermost
+ * read-modify-write boundary (e.g. a CLI command, an MCP tool handler, a
+ * cron entry) and let inner helpers do plain unlocked reads/writes; the lock
+ * bounds the whole RMW. Locking inside helpers that the outer caller already
+ * locked will deadlock.
+ */
+export declare function withFileLock<T>(path: string, fn: () => Promise<T> | T): Promise<T>;

package/dist/core/file-lock.js

@@ -0,0 +1,44 @@
+import { existsSync, mkdirSync } from 'node:fs';
+import { dirname } from 'node:path';
+import lockfile from 'proper-lockfile';
+/**
+ * Inter-process lock around a state-file path. Uses proper-lockfile (the same
+ * dependency the claude-cli runner uses for its mutex), which creates a
+ * <path>.lock directory atomically via mkdir(2).
+ *
+ * The wrapped path itself does not need to exist yet — `realpath: false`
+ * tells proper-lockfile to skip the realpath check, so we can lock around a
+ * registry/manifest file that hasn't been written for the first time. The
+ * parent directory of <path> must exist (we ensureDir below) so the .lock
+ * mkdir can succeed.
+ *
+ * Important: this lock is NOT reentrant. Callers should wrap the outermost
+ * read-modify-write boundary (e.g. a CLI command, an MCP tool handler, a
+ * cron entry) and let inner helpers do plain unlocked reads/writes; the lock
+ * bounds the whole RMW. Locking inside helpers that the outer caller already
+ * locked will deadlock.
+ */
+export async function withFileLock(path, fn) {
+    const dir = dirname(path);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    const release = await lockfile.lock(path, {
+        // Inter-process contention is normally microseconds (one process writes,
+        // releases). Retry up to ~5s of backoff so a slow disk / paused process
+        // doesn't immediately error out the second caller.
+        retries: { retries: 5, factor: 1.5, minTimeout: 50, maxTimeout: 500 },
+        // If a process crashes mid-lock, the .lock dir's mtime stops being
+        // refreshed. Anyone waiting longer than `stale` ms treats the lock as
+        // abandoned and steals it. 30s is generous for the kinds of operations
+        // that touch the registry/manifest (a write is < 100ms typically).
+        stale: 30_000,
+        // Allow locking paths that don't exist on disk yet (first-write case).
+        realpath: false,
+    });
+    try {
+        return await fn();
+    }
+    finally {
+        await release();
+    }
+}

package/dist/core/git-onboard.js

@@ -4,23 +4,20 @@ import { load, findApp, save } from './registry.js';
 export function detectScenario(status) {
     if (!status.initialised)
         return 'fresh';
-    if (status.remoteUrl && status.remoteUrl.includes('heskethwebdesign/'))
-        return 'resume';
-    if (status.remoteUrl && status.remoteUrl.includes('wrxck/'))
-        return 'migrate';
     if (!status.remoteUrl)
         return 'no-remote';
-    return 'fresh';
+    // a remote already on the configured org is a resume; any other org is a migrate.
+    return status.remoteUrl.includes(`${github.githubOrg()}/`) ? 'resume' : 'migrate';
 }
 export function describeOnboardPlan(scenario, repoName, _status) {
-    const repoUrl = `git@github.com:heskethwebdesign/${repoName}.git`;
+    const repoUrl = `git@github.com:${github.githubOrg()}/${repoName}.git`;
     const steps = [];
     switch (scenario) {
         case 'fresh':
             steps.push('generate .gitignore');
             steps.push('git init -b main');
             steps.push('git add . && git commit -m "initial commit"');
-            steps.push(`create private repo heskethwebdesign/${repoName}`);
+            steps.push(`create private repo ${github.githubOrg()}/${repoName}`);
             steps.push(`add remote origin ${repoUrl}`);
             steps.push('push main');
             steps.push('create and push develop branch');
@@ -29,7 +26,7 @@ export function describeOnboardPlan(scenario, repoName, _status) {
             break;
         case 'migrate':
             steps.push('ensure .gitignore exists');
-            steps.push(`create private repo heskethwebdesign/${repoName}`);
+            steps.push(`create private repo ${github.githubOrg()}/${repoName}`);
             steps.push(`git remote set-url origin ${repoUrl}`);
             steps.push('git push --all origin');
             steps.push('ensure develop branch exists');
@@ -39,7 +36,7 @@ export function describeOnboardPlan(scenario, repoName, _status) {
         case 'no-remote':
             steps.push('ensure .gitignore exists');
             steps.push('commit any outstanding changes');
-            steps.push(`create private repo heskethwebdesign/${repoName}`);
+            steps.push(`create private repo ${github.githubOrg()}/${repoName}`);
             steps.push(`add remote origin ${repoUrl}`);
             steps.push('git push --all origin');
             steps.push('ensure develop branch exists');
@@ -79,7 +76,7 @@ export function executeOnboard(scenario, cwd, repoName, appName, status) {
             gitCommit(cwd, 'Initial commit');
             steps.push('created initial commit');
             github.createRepo(repoName);
-            steps.push(`created private repo heskethwebdesign/${repoName}`);
+            steps.push(`created private repo ${github.githubOrg()}/${repoName}`);
             gitAddRemote(cwd, 'origin', repoUrl);
             gitPush(cwd, 'main', true);
             steps.push('pushed main to origin');
@@ -90,7 +87,7 @@ export function executeOnboard(scenario, cwd, repoName, appName, status) {
         }
         case 'migrate': {
             github.createRepo(repoName);
-            steps.push(`created private repo heskethwebdesign/${repoName}`);
+            steps.push(`created private repo ${github.githubOrg()}/${repoName}`);
             gitSetRemoteUrl(cwd, repoUrl);
             steps.push(`updated remote to ${repoUrl}`);
             gitPushAll(cwd);
@@ -110,7 +107,7 @@ export function executeOnboard(scenario, cwd, repoName, appName, status) {
                 steps.push('created initial commit');
             }
             github.createRepo(repoName);
-            steps.push(`created private repo heskethwebdesign/${repoName}`);
+            steps.push(`created private repo ${github.githubOrg()}/${repoName}`);
             gitAddRemote(cwd, 'origin', repoUrl);
             gitPushAll(cwd);
             steps.push('added remote and pushed all branches');
@@ -139,7 +136,7 @@ export function executeOnboard(scenario, cwd, repoName, appName, status) {
     const reg = load();
     const app = findApp(reg, appName);
     if (app) {
-        app.gitRepo = `heskethwebdesign/${repoName}`;
+        app.gitRepo = `${github.githubOrg()}/${repoName}`;
         app.gitRemoteUrl = repoUrl;
         app.gitOnboardedAt = new Date().toISOString();
         save(reg);

package/dist/core/github.d.ts

@@ -1,4 +1,6 @@
-export declare const GITHUB_ORG = "heskethwebdesign";
+/** the GitHub org this fleet instance publishes to — from operator config,
+ *  with no default: guessing another operator's org is never correct. */
+export declare function githubOrg(): string;
 export interface PullRequest {
     number: number;
     title: string;

package/dist/core/github.js

@@ -3,8 +3,11 @@ import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 import { execSafe } from './exec.js';
 import { GitError } from './errors.js';
+import { loadOperator } from './operator.js';
 import { assertAppName } from './validate.js';
-export const GITHUB_ORG = 'heskethwebdesign';
+/** the GitHub org this fleet instance publishes to — from operator config,
+ *  with no default: guessing another operator's org is never correct. */
+export function githubOrg() { return loadOperator().githubOrg; }
 export function isGhAuthenticated() {
     return execSafe('gh', ['auth', 'status'], { timeout: 10_000 }).ok;
 }
@@ -15,25 +18,25 @@ export function requireGhAuth() {
 }
 export function repoExists(name) {
     assertAppName(name);
-    return execSafe('gh', ['repo', 'view', `${GITHUB_ORG}/${name}`, '--json', 'name'], { timeout: 15_000 }).ok;
+    return execSafe('gh', ['repo', 'view', `${githubOrg()}/${name}`, '--json', 'name'], { timeout: 15_000 }).ok;
 }
 export function createRepo(name) {
     requireGhAuth();
     assertAppName(name);
     if (repoExists(name))
         return;
-    const r = execSafe('gh', ['repo', 'create', `${GITHUB_ORG}/${name}`, '--private'], { timeout: 30_000 });
+    const r = execSafe('gh', ['repo', 'create', `${githubOrg()}/${name}`, '--private'], { timeout: 30_000 });
     if (!r.ok)
         throw new GitError(`failed to create repo: ${r.stderr}`);
 }
 export function getRepoUrl(name) {
-    return `git@github.com:${GITHUB_ORG}/${name}.git`;
+    return `git@github.com:${githubOrg()}/${name}.git`;
 }
 export function createPullRequest(repo, opts) {
     requireGhAuth();
     const r = execSafe('gh', [
         'pr', 'create',
-        '--repo', `${GITHUB_ORG}/${repo}`,
+        '--repo', `${githubOrg()}/${repo}`,
         '--title', opts.title,
         '--body', opts.body ?? '',
         '--head', opts.head,
@@ -63,7 +66,7 @@ export function listPullRequests(repo, state = 'open') {
     requireGhAuth();
     const r = execSafe('gh', [
         'pr', 'list',
-        '--repo', `${GITHUB_ORG}/${repo}`,
+        '--repo', `${githubOrg()}/${repo}`,
         '--state', state,
         '--json', 'number,title,url,headRefName,baseRefName,state',
     ], { timeout: 15_000 });
@@ -97,7 +100,7 @@ export function protectBranch(repo, branch) {
     try {
         const r = execSafe('gh', [
             'api', '-X', 'PUT',
-            `repos/${GITHUB_ORG}/${repo}/branches/${branch}/protection`,
+            `repos/${githubOrg()}/${repo}/branches/${branch}/protection`,
             '--input', tmpFile,
         ], { timeout: 15_000 });
         return r.ok;

package/dist/core/logs-policy.d.ts

@@ -18,6 +18,11 @@ export declare function effectivePolicy(app: AppEntry): LogPolicy;
  */
 export declare function buildComposeOverride(app: AppEntry, policy: LogPolicy): string;
 export declare function overridePath(app: AppEntry): string;
+/** ensure the app repo's .gitignore covers .fleet/ so the auto-generated
+ *  override file doesn't get committed accidentally. no-op when there's no
+ *  .gitignore (operator may be using a different vcs or none at all) and
+ *  idempotent — never appends a duplicate entry. */
+export declare function ensureFleetGitignored(composePath: string): void;
 export declare function writeComposeOverride(app: AppEntry, policy: LogPolicy): string;
 export interface LogStatus {
     app: string;

package/dist/core/logs-policy.js

@@ -3,7 +3,7 @@
  * compose override file (.fleet/logging.override.yml) per app, plus journald
  * vacuum policy. Conservative defaults applied when unset.
  */
-import { existsSync, mkdirSync, writeFileSync, statSync } from 'node:fs';
+import { existsSync, mkdirSync, writeFileSync, readFileSync, statSync } from 'node:fs';
 import { join, dirname } from 'node:path';
 import { execSafe } from './exec.js';
 export const DEFAULT_POLICY = {
@@ -50,12 +50,31 @@ export function buildComposeOverride(app, policy) {
 export function overridePath(app) {
     return join(app.composePath, '.fleet', 'logging.override.yml');
 }
+/** ensure the app repo's .gitignore covers .fleet/ so the auto-generated
+ *  override file doesn't get committed accidentally. no-op when there's no
+ *  .gitignore (operator may be using a different vcs or none at all) and
+ *  idempotent — never appends a duplicate entry. */
+export function ensureFleetGitignored(composePath) {
+    const giPath = join(composePath, '.gitignore');
+    if (!existsSync(giPath))
+        return;
+    const current = readFileSync(giPath, 'utf-8');
+    // accept any of: .fleet, .fleet/, /.fleet, /.fleet/ — operators write all
+    // four forms.
+    if (/^\s*\/?\.fleet\/?\s*$/m.test(current))
+        return;
+    const append = current.endsWith('\n') ? '' : '\n';
+    writeFileSync(giPath, `${current}${append}\n# auto-added by fleet logs setup\n.fleet/\n`);
+}
 export function writeComposeOverride(app, policy) {
     const path = overridePath(app);
     const dir = dirname(path);
     if (!existsSync(dir))
         mkdirSync(dir, { recursive: true });
     writeFileSync(path, buildComposeOverride(app, policy));
+    // the override lands inside the operator's app repo. add .fleet/ to the
+    // app's .gitignore (if there is one) so it doesn't get committed.
+    ensureFleetGitignored(app.composePath);
     return path;
 }
 /** Best-effort docker-side log status. Uses `docker inspect` for driver + size. */

package/dist/core/operator.d.ts

@@ -0,0 +1,21 @@
+export interface OperatorConfig {
+    username: string;
+    homeDir: string;
+    domain: string;
+    githubOrg: string;
+}
+export type OperatorField = keyof OperatorConfig;
+export declare const OPERATOR_FIELDS: readonly OperatorField[];
+/** test-only: clears the memoised config. */
+export declare function _resetOperatorCache(): void;
+/** path the operator config is read from / written to. exported so the
+ *  fleet config command can print where it lives. */
+export declare function operatorPath(): string;
+/** loads operator identity from data/operator.json (gitignored, instance-local).
+ *  throws if the file is missing or incomplete — there is no safe default,
+ *  and guessing another operator's identity is never correct. */
+export declare function loadOperator(): OperatorConfig;
+/** persist the operator config to disk and clear the memoised copy so the
+ *  next loadOperator() picks up the new values. atomic write via .tmp +
+ *  rename so a crash mid-write never leaves a partial file behind. */
+export declare function saveOperator(cfg: OperatorConfig): void;

package/dist/core/operator.js

@@ -0,0 +1,54 @@
+import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { FleetError } from './errors.js';
+const here = dirname(fileURLToPath(import.meta.url));
+export const OPERATOR_FIELDS = ['username', 'homeDir', 'domain', 'githubOrg'];
+const FIELDS = OPERATOR_FIELDS;
+let cache = null;
+/** test-only: clears the memoised config. */
+export function _resetOperatorCache() { cache = null; }
+/** path the operator config is read from / written to. exported so the
+ *  fleet config command can print where it lives. */
+export function operatorPath() {
+    return process.env.FLEET_OPERATOR_PATH ?? join(here, '..', '..', 'data', 'operator.json');
+}
+/** loads operator identity from data/operator.json (gitignored, instance-local).
+ *  throws if the file is missing or incomplete — there is no safe default,
+ *  and guessing another operator's identity is never correct. */
+export function loadOperator() {
+    if (cache)
+        return cache;
+    const path = operatorPath();
+    if (!existsSync(path)) {
+        throw new FleetError(`operator config not found at ${path} — ` +
+            `copy data/operator.example.json to data/operator.json and fill it in`);
+    }
+    const raw = JSON.parse(readFileSync(path, 'utf-8'));
+    for (const field of FIELDS) {
+        if (!raw[field])
+            throw new FleetError(`operator config ${path} is missing field: ${field}`);
+    }
+    cache = raw;
+    return cache;
+}
+/** persist the operator config to disk and clear the memoised copy so the
+ *  next loadOperator() picks up the new values. atomic write via .tmp +
+ *  rename so a crash mid-write never leaves a partial file behind. */
+export function saveOperator(cfg) {
+    for (const field of FIELDS) {
+        if (typeof cfg[field] !== 'string' || cfg[field].length === 0) {
+            throw new FleetError(`operator config: ${field} must be a non-empty string`);
+        }
+    }
+    const path = operatorPath();
+    const dir = dirname(path);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    const tmp = path + '.tmp';
+    writeFileSync(tmp, JSON.stringify(cfg, null, 2) + '\n', { mode: 0o600 });
+    // rename is atomic on the same filesystem; covers the crash-mid-write race
+    // a plain writeFileSync exposes.
+    renameSync(tmp, path);
+    cache = null;
+}

package/dist/core/registry.d.ts

@@ -61,3 +61,21 @@ export declare function findApp(reg: Registry, name: string): AppEntry | undefin
 export declare function addApp(reg: Registry, app: AppEntry): Registry;
 export declare function removeApp(reg: Registry, name: string): Registry;
 export declare function registryPath(): string;
+/**
+ * Run a read-modify-write transaction against the registry under an
+ * inter-process lock. The lock is held for the full load → mutate → save
+ * cycle, so concurrent CLI / cron / systemd / bot invocations don't lose
+ * each other's updates.
+ *
+ * The mutator may return a different Registry object (e.g. one returned by
+ * `addApp` / `removeApp`, which mutate in place but also return the registry
+ * for chaining) or simply mutate the input and return it. The returned value
+ * is what gets persisted.
+ *
+ * Returns void: callers needing the post-save state should re-load. Keeping
+ * this side-effecting matches how `load()` + `save()` are used today.
+ *
+ * Important: do not call this from inside another `withRegistry` block on the
+ * same process — proper-lockfile is not reentrant and will deadlock.
+ */
+export declare function withRegistry(fn: (reg: Registry) => Registry | Promise<Registry>): Promise<void>;

package/dist/core/registry.js

@@ -1,6 +1,7 @@
 import { readFileSync, existsSync, mkdirSync, copyFileSync, renameSync, openSync, writeSync, fsyncSync, closeSync } from 'node:fs';
 import { dirname, join } from 'node:path';
 import { fileURLToPath } from 'node:url';
+import { withFileLock } from './file-lock.js';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 function resolveRegistryPath() {
     return process.env.FLEET_REGISTRY_PATH
@@ -92,3 +93,28 @@ export function removeApp(reg, name) {
 export function registryPath() {
     return resolveRegistryPath();
 }
+/**
+ * Run a read-modify-write transaction against the registry under an
+ * inter-process lock. The lock is held for the full load → mutate → save
+ * cycle, so concurrent CLI / cron / systemd / bot invocations don't lose
+ * each other's updates.
+ *
+ * The mutator may return a different Registry object (e.g. one returned by
+ * `addApp` / `removeApp`, which mutate in place but also return the registry
+ * for chaining) or simply mutate the input and return it. The returned value
+ * is what gets persisted.
+ *
+ * Returns void: callers needing the post-save state should re-load. Keeping
+ * this side-effecting matches how `load()` + `save()` are used today.
+ *
+ * Important: do not call this from inside another `withRegistry` block on the
+ * same process — proper-lockfile is not reentrant and will deadlock.
+ */
+export async function withRegistry(fn) {
+    const path = resolveRegistryPath();
+    await withFileLock(path, async () => {
+        const reg = load();
+        const next = await fn(reg);
+        save(next);
+    });
+}

package/dist/core/routines/schema.d.ts

@@ -204,15 +204,14 @@ export declare const RoutineSchema: z.ZodObject<{
     createdAt: z.ZodOptional<z.ZodString>;
     updatedAt: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
-    enabled: boolean;
     name: string;
+    enabled: boolean;
     id: string;
     notify: {
         config: Record<string, unknown>;
         kind: "email" | "stdout" | "webhook" | "slack";
         on: "always" | "failure" | "success";
     }[];
-    description: string;
     schedule: {
         kind: "manual";
     } | {
@@ -221,6 +220,8 @@ export declare const RoutineSchema: z.ZodObject<{
         randomizedDelaySec: number;
         persistent: boolean;
     };
+    tags: string[];
+    description: string;
     targets: string[];
     perTarget: boolean;
     task: {
@@ -244,7 +245,6 @@ export declare const RoutineSchema: z.ZodObject<{
         tool: string;
         args: Record<string, unknown>;
     };
-    tags: string[];
     updatedAt?: string | undefined;
     createdAt?: string | undefined;
 }, {
@@ -286,10 +286,10 @@ export declare const RoutineSchema: z.ZodObject<{
         config?: Record<string, unknown> | undefined;
         on?: "always" | "failure" | "success" | undefined;
     }[] | undefined;
+    tags?: string[] | undefined;
     description?: string | undefined;
     targets?: string[] | undefined;
     perTarget?: boolean | undefined;
-    tags?: string[] | undefined;
     createdAt?: string | undefined;
 }>;
 export type Routine = z.infer<typeof RoutineSchema>;
@@ -303,13 +303,13 @@ export declare const RunEventSchema: z.ZodDiscriminatedUnion<"kind", [z.ZodObjec
 }, "strip", z.ZodTypeAny, {
     at: string;
     kind: "start";
-    routineId: string;
     target: string | null;
+    routineId: string;
 }, {
     at: string;
     kind: "start";
-    routineId: string;
     target: string | null;
+    routineId: string;
 }>, z.ZodObject<{
     kind: z.ZodLiteral<"stdout">;
     chunk: z.ZodString;
@@ -370,14 +370,14 @@ export declare const RunEventSchema: z.ZodDiscriminatedUnion<"kind", [z.ZodObjec
     error: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     at: string;
-    status: "timeout" | "ok" | "failed" | "aborted" | "queued" | "running";
+    status: "aborted" | "timeout" | "ok" | "queued" | "running" | "failed";
     kind: "end";
     exitCode: number;
     durationMs: number;
     error?: string | undefined;
 }, {
     at: string;
-    status: "timeout" | "ok" | "failed" | "aborted" | "queued" | "running";
+    status: "aborted" | "timeout" | "ok" | "queued" | "running" | "failed";
     kind: "end";
     exitCode: number;
     durationMs: number;
@@ -397,16 +397,16 @@ export declare const SignalSchema: z.ZodObject<{
     collectedAt: z.ZodString;
     ttlMs: z.ZodNumber;
 }, "strip", z.ZodTypeAny, {
-    detail: string;
-    kind: "git-clean" | "git-ahead" | "git-behind" | "open-prs" | "pr-age-max" | "deps-outdated" | "deps-vulns" | "build-ok" | "tests-ok" | "env-schema-ok" | "container-up" | "ci-status" | "cache-age";
     value: string | number | boolean | null;
+    kind: "git-clean" | "git-ahead" | "git-behind" | "open-prs" | "pr-age-max" | "deps-outdated" | "deps-vulns" | "build-ok" | "tests-ok" | "env-schema-ok" | "container-up" | "ci-status" | "cache-age";
+    detail: string;
     repo: string;
     state: "warn" | "error" | "unknown" | "ok";
     collectedAt: string;
     ttlMs: number;
 }, {
-    kind: "git-clean" | "git-ahead" | "git-behind" | "open-prs" | "pr-age-max" | "deps-outdated" | "deps-vulns" | "build-ok" | "tests-ok" | "env-schema-ok" | "container-up" | "ci-status" | "cache-age";
     value: string | number | boolean | null;
+    kind: "git-clean" | "git-ahead" | "git-behind" | "open-prs" | "pr-age-max" | "deps-outdated" | "deps-vulns" | "build-ok" | "tests-ok" | "env-schema-ok" | "container-up" | "ci-status" | "cache-age";
     repo: string;
     state: "warn" | "error" | "unknown" | "ok";
     collectedAt: string;

package/dist/core/routines/schema.js

@@ -1,6 +1,17 @@
 import { z } from 'zod';
 const ROUTINE_ID_REGEX = /^[a-z][a-z0-9-]{0,62}$/;
 const NO_SHELL_META = /^[^`$;&|><\n\r\\"]*$/;
+// Printable ASCII only — no newlines, no control chars. Routine names and
+// descriptions are interpolated into systemd unit files; a newline would let
+// a hostile name inject directives like [Service]/User=root/ExecStart=…
+// that the systemd loader then runs as root after daemon-reload. Keep this
+// strict — widen explicitly if a future feature truly needs more.
+const ROUTINE_TEXT_REGEX = /^[\x20-\x7E]+$/;
+// systemd's documented OnCalendar grammar: weekdays, dates, times — all
+// printable ASCII without quotes, semicolons, control chars or newlines.
+// Same injection concern as above. Widen if "~" (last weekday) etc. is
+// actually needed.
+const ON_CALENDAR_REGEX = /^[A-Za-z0-9*\-/:., \t]+$/;
 const DEFAULT_WALLCLOCK_MS = 15 * 60 * 1000;
 const DEFAULT_TOKEN_CAP = 100_000;
 const DEFAULT_MAX_USD = 5;
@@ -38,15 +49,15 @@ export const RoutineScheduleSchema = z.union([
     z.object({ kind: z.literal('manual') }),
     z.object({
         kind: z.literal('calendar'),
-        onCalendar: z.string().min(1).max(200),
+        onCalendar: z.string().min(1).max(200).regex(ON_CALENDAR_REGEX, 'systemd OnCalendar tokens only (letters, digits, *-/:., space, tab)'),
         randomizedDelaySec: z.number().int().nonnegative().max(3600).default(0),
         persistent: z.boolean().default(true),
     }),
 ]);
 export const RoutineSchema = z.object({
     id: z.string().regex(ROUTINE_ID_REGEX, 'lowercase alphanumeric and dashes only'),
-    name: z.string().min(1).max(100),
-    description: z.string().max(2000).default(''),
+    name: z.string().min(1).max(100).regex(ROUTINE_TEXT_REGEX, 'printable ASCII only, no newlines or control chars'),
+    description: z.string().max(2000).regex(/^[\x20-\x7E]*$/, 'printable ASCII only, no newlines or control chars').default(''),
     schedule: RoutineScheduleSchema,
     enabled: z.boolean().default(true),
     targets: z.array(z.string().min(1)).default([]),