@naisys/common-node 3.0.0-beta.5 → 3.0.0-beta.7

package/dist/agentConfigLoader.js

@@ -4,90 +4,77 @@ import yaml from "js-yaml";
 import * as path from "path";
 /** Loads agent yaml configs from a file or directory path, returns a map of userId → UserEntry */
 export function loadAgentConfigs(startupPath) {
-  const configEntries = [];
-  const usernameToPath = new Map();
-  const resolvedPath = path.resolve(startupPath);
-  if (fs.statSync(resolvedPath).isDirectory()) {
-    processDirectory(resolvedPath, undefined, configEntries, usernameToPath);
-  } else {
-    processFile(resolvedPath, undefined, configEntries, usernameToPath);
-  }
-  // Add admin if not present
-  const hasAdmin = configEntries.some(
-    (e) => e.username === adminAgentConfig.username,
-  );
-  if (!hasAdmin) {
-    configEntries.push({
-      username: adminAgentConfig.username,
-      leadEntryIndex: undefined,
-      config: adminAgentConfig,
-    });
-  }
-  // Build userId map (1-based sequential IDs)
-  const userMap = new Map();
-  for (let i = 0; i < configEntries.length; i++) {
-    const entry = configEntries[i];
-    const userId = i + 1;
-    const leadUserId =
-      entry.leadEntryIndex !== undefined ? entry.leadEntryIndex + 1 : undefined;
-    userMap.set(userId, {
-      userId,
-      username: entry.username,
-      enabled: true,
-      leadUserId,
-      config: entry.config,
-    });
-  }
-  return userMap;
+    const configEntries = [];
+    const usernameToPath = new Map();
+    const resolvedPath = path.resolve(startupPath);
+    if (fs.statSync(resolvedPath).isDirectory()) {
+        processDirectory(resolvedPath, undefined, configEntries, usernameToPath);
+    }
+    else {
+        processFile(resolvedPath, undefined, configEntries, usernameToPath);
+    }
+    // Add admin if not present
+    const hasAdmin = configEntries.some((e) => e.username === adminAgentConfig.username);
+    if (!hasAdmin) {
+        configEntries.push({
+            username: adminAgentConfig.username,
+            leadEntryIndex: undefined,
+            config: adminAgentConfig,
+        });
+    }
+    // Build userId map (1-based sequential IDs)
+    const userMap = new Map();
+    for (let i = 0; i < configEntries.length; i++) {
+        const entry = configEntries[i];
+        const userId = i + 1;
+        const leadUserId = entry.leadEntryIndex !== undefined ? entry.leadEntryIndex + 1 : undefined;
+        userMap.set(userId, {
+            userId,
+            username: entry.username,
+            enabled: true,
+            leadUserId,
+            config: entry.config,
+        });
+    }
+    return userMap;
 }
-function processDirectory(
-  dirPath,
-  leadEntryIndex,
-  configEntries,
-  usernameToPath,
-) {
-  const files = fs.readdirSync(dirPath);
-  for (const file of files) {
-    if (file.endsWith(".yaml") || file.endsWith(".yml")) {
-      processFile(
-        path.join(dirPath, file),
-        leadEntryIndex,
-        configEntries,
-        usernameToPath,
-      );
+function processDirectory(dirPath, leadEntryIndex, configEntries, usernameToPath) {
+    const files = fs.readdirSync(dirPath);
+    for (const file of files) {
+        if (file.endsWith(".yaml") || file.endsWith(".yml")) {
+            processFile(path.join(dirPath, file), leadEntryIndex, configEntries, usernameToPath);
+        }
     }
-  }
 }
 function processFile(filePath, leadEntryIndex, configEntries, usernameToPath) {
-  const absolutePath = path.resolve(filePath);
-  try {
-    const configYaml = fs.readFileSync(absolutePath, "utf8");
-    const configObj = yaml.load(configYaml);
-    const agentConfig = AgentConfigFileSchema.parse(configObj);
-    const username = agentConfig.username;
-    // Check for duplicate usernames from different files
-    const existingPath = usernameToPath.get(username);
-    if (existingPath && existingPath !== absolutePath) {
-      throw new Error(
-        `Duplicate username "${username}" found in multiple files:\n  ${existingPath}\n  ${absolutePath}`,
-      );
+    const absolutePath = path.resolve(filePath);
+    try {
+        const configYaml = fs.readFileSync(absolutePath, "utf8");
+        const configObj = yaml.load(configYaml);
+        const agentConfig = AgentConfigFileSchema.parse(configObj);
+        const username = agentConfig.username;
+        // Check for duplicate usernames from different files
+        const existingPath = usernameToPath.get(username);
+        if (existingPath && existingPath !== absolutePath) {
+            throw new Error(`Duplicate username "${username}" found in multiple files:\n  ${existingPath}\n  ${absolutePath}`);
+        }
+        usernameToPath.set(username, absolutePath);
+        const currentIndex = configEntries.length;
+        configEntries.push({
+            username,
+            leadEntryIndex,
+            config: agentConfig,
+        });
+        console.log(`Loaded user: ${username} from ${filePath}`);
+        // Check for a subdirectory matching the filename (without extension)
+        const ext = path.extname(absolutePath);
+        const baseName = path.basename(absolutePath, ext);
+        const subDir = path.join(path.dirname(absolutePath), baseName);
+        if (fs.existsSync(subDir) && fs.statSync(subDir).isDirectory()) {
+            processDirectory(subDir, currentIndex, configEntries, usernameToPath);
+        }
     }
-    usernameToPath.set(username, absolutePath);
-    const currentIndex = configEntries.length;
-    configEntries.push({
-      username,
-      leadEntryIndex,
-      config: agentConfig,
-    });
-    console.log(`Loaded user: ${username} from ${filePath}`);
-    // Check for a subdirectory matching the filename (without extension)
-    const ext = path.extname(absolutePath);
-    const baseName = path.basename(absolutePath, ext);
-    const subDir = path.join(path.dirname(absolutePath), baseName);
-    if (fs.existsSync(subDir) && fs.statSync(subDir).isDirectory()) {
-      processDirectory(subDir, currentIndex, configEntries, usernameToPath);
+    catch (e) {
+        throw new Error(`Failed to process agent config at ${filePath}: ${e}`);
     }
-  } catch (e) {
-    throw new Error(`Failed to process agent config at ${filePath}: ${e}`);
-  }
 }

package/dist/bearerToken.js

@@ -3,6 +3,7 @@
  * Returns undefined if the header is missing or not in Bearer format.
  */
 export function extractBearerToken(authHeader) {
-  if (!authHeader?.startsWith("Bearer ")) return undefined;
-  return authHeader.slice(7);
+    if (!authHeader?.startsWith("Bearer "))
+        return undefined;
+    return authHeader.slice(7);
 }

package/dist/customModelsLoader.js

@@ -3,37 +3,37 @@ import fs from "fs";
 import yaml from "js-yaml";
 import path from "path";
 export function loadCustomModels(folder) {
-  if (!folder) {
-    return { llmModels: [], imageModels: [] };
-  }
-  const filePath = path.join(folder, "custom-models.yaml");
-  if (!fs.existsSync(filePath)) {
-    return { llmModels: [], imageModels: [] };
-  }
-  const raw = fs.readFileSync(filePath, "utf-8");
-  const parsed = yaml.load(raw);
-  const result = CustomModelsFileSchema.parse(parsed);
-  return {
-    llmModels: result.llmModels ?? [],
-    imageModels: result.imageModels ?? [],
-  };
+    if (!folder) {
+        return { llmModels: [], imageModels: [] };
+    }
+    const filePath = path.join(folder, "custom-models.yaml");
+    if (!fs.existsSync(filePath)) {
+        return { llmModels: [], imageModels: [] };
+    }
+    const raw = fs.readFileSync(filePath, "utf-8");
+    const parsed = yaml.load(raw);
+    const result = CustomModelsFileSchema.parse(parsed);
+    return {
+        llmModels: result.llmModels ?? [],
+        imageModels: result.imageModels ?? [],
+    };
 }
 export function saveCustomModels(data) {
-  const folder = process.env.NAISYS_FOLDER;
-  if (!folder) {
-    throw new Error("NAISYS_FOLDER environment variable is not set");
-  }
-  // Validate before writing
-  CustomModelsFileSchema.parse(data);
-  // Omit empty arrays from output
-  const output = {};
-  if (data.llmModels && data.llmModels.length > 0) {
-    output.llmModels = data.llmModels;
-  }
-  if (data.imageModels && data.imageModels.length > 0) {
-    output.imageModels = data.imageModels;
-  }
-  const filePath = path.join(folder, "custom-models.yaml");
-  const yamlStr = yaml.dump(output, { lineWidth: -1 });
-  fs.writeFileSync(filePath, yamlStr, "utf-8");
+    const folder = process.env.NAISYS_FOLDER;
+    if (!folder) {
+        throw new Error("NAISYS_FOLDER environment variable is not set");
+    }
+    // Validate before writing
+    CustomModelsFileSchema.parse(data);
+    // Omit empty arrays from output
+    const output = {};
+    if (data.llmModels && data.llmModels.length > 0) {
+        output.llmModels = data.llmModels;
+    }
+    if (data.imageModels && data.imageModels.length > 0) {
+        output.imageModels = data.imageModels;
+    }
+    const filePath = path.join(folder, "custom-models.yaml");
+    const yamlStr = yaml.dump(output, { lineWidth: -1 });
+    fs.writeFileSync(filePath, yamlStr, "utf-8");
 }

package/dist/expandEnv.js

@@ -1,10 +1,7 @@
 import os from "os";
 /** Expand ~ to the user's home directory in NAISYS_FOLDER */
 export function expandNaisysFolder() {
-  if (process.env.NAISYS_FOLDER?.startsWith("~")) {
-    process.env.NAISYS_FOLDER = process.env.NAISYS_FOLDER.replace(
-      "~",
-      os.homedir(),
-    );
-  }
+    if (process.env.NAISYS_FOLDER?.startsWith("~")) {
+        process.env.NAISYS_FOLDER = process.env.NAISYS_FOLDER.replace("~", os.homedir());
+    }
 }

package/dist/hashToken.js

@@ -1,5 +1,5 @@
 import { createHash } from "crypto";
 /** Hash a token (session cookie, API key) with SHA-256 for safe cache keys / DB lookup. */
 export function hashToken(token) {
-  return createHash("sha256").update(token).digest("hex");
+    return createHash("sha256").update(token).digest("hex");
 }

package/dist/hubCertVerification.js

@@ -8,34 +8,33 @@ import tls from "tls";
  * Returns undefined if the file does not exist.
  */
 export function readHubAccessKeyFile() {
-  const naisysFolder = process.env.NAISYS_FOLDER || "";
-  const accessKeyPath = join(naisysFolder, "cert", "hub-access-key");
-  if (!existsSync(accessKeyPath)) return undefined;
-  return readFileSync(accessKeyPath, "utf-8").trim();
+    const naisysFolder = process.env.NAISYS_FOLDER || "";
+    const accessKeyPath = join(naisysFolder, "cert", "hub-access-key");
+    if (!existsSync(accessKeyPath))
+        return undefined;
+    return readFileSync(accessKeyPath, "utf-8").trim();
 }
 /**
  * Resolve the hub access key from environment variable or local cert file.
  * Returns undefined if neither is available.
  */
 export function resolveHubAccessKey() {
-  return process.env.HUB_ACCESS_KEY || readHubAccessKeyFile();
+    return process.env.HUB_ACCESS_KEY || readHubAccessKeyFile();
 }
 /** Parse a hub access key in format "<fingerprintPrefix>+<secret>" */
 export function parseHubAccessKey(accessKey) {
-  const plusIndex = accessKey.indexOf("+");
-  if (plusIndex === -1) {
-    throw new Error(
-      `Invalid hub access key format, expected <fingerprint>+<secret>, got ${accessKey}`,
-    );
-  }
-  return {
-    fingerprintPrefix: accessKey.substring(0, plusIndex),
-    secret: accessKey.substring(plusIndex + 1),
-  };
+    const plusIndex = accessKey.indexOf("+");
+    if (plusIndex === -1) {
+        throw new Error(`Invalid hub access key format, expected <fingerprint>+<secret>, got ${accessKey}`);
+    }
+    return {
+        fingerprintPrefix: accessKey.substring(0, plusIndex),
+        secret: accessKey.substring(plusIndex + 1),
+    };
 }
 /** Compute SHA-256 fingerprint of a DER-encoded certificate */
 export function computeCertFingerprint(derCert) {
-  return createHash("sha256").update(derCert).digest("hex");
+    return createHash("sha256").update(derCert).digest("hex");
 }
 /**
  * Connect to a TLS server, verify that the certificate fingerprint matches
@@ -43,32 +42,27 @@ export function computeCertFingerprint(derCert) {
  * trusted CA in subsequent connections.
  */
 export async function verifyHubCertificate(host, port, fingerprintPrefix) {
-  return new Promise((resolve, reject) => {
-    const sock = tls.connect(port, host, { rejectUnauthorized: false }, () => {
-      const cert = sock.getPeerCertificate(true);
-      sock.destroy();
-      if (!cert?.raw) {
-        reject(new Error("No certificate received from hub"));
-        return;
-      }
-      const fingerprint = computeCertFingerprint(cert.raw);
-      if (!fingerprint.startsWith(fingerprintPrefix)) {
-        reject(
-          new Error(
-            `Hub certificate fingerprint mismatch: expected prefix ${fingerprintPrefix}, got ${fingerprint.substring(0, fingerprintPrefix.length)}`,
-          ),
-        );
-        return;
-      }
-      // Convert DER to PEM so it can be used as a trusted CA
-      const pem =
-        "-----BEGIN CERTIFICATE-----\n" +
-        cert.raw.toString("base64") +
-        "\n-----END CERTIFICATE-----\n";
-      resolve(pem);
+    return new Promise((resolve, reject) => {
+        const sock = tls.connect(port, host, { rejectUnauthorized: false }, () => {
+            const cert = sock.getPeerCertificate(true);
+            sock.destroy();
+            if (!cert?.raw) {
+                reject(new Error("No certificate received from hub"));
+                return;
+            }
+            const fingerprint = computeCertFingerprint(cert.raw);
+            if (!fingerprint.startsWith(fingerprintPrefix)) {
+                reject(new Error(`Hub certificate fingerprint mismatch: expected prefix ${fingerprintPrefix}, got ${fingerprint.substring(0, fingerprintPrefix.length)}`));
+                return;
+            }
+            // Convert DER to PEM so it can be used as a trusted CA
+            const pem = "-----BEGIN CERTIFICATE-----\n" +
+                cert.raw.toString("base64") +
+                "\n-----END CERTIFICATE-----\n";
+            resolve(pem);
+        });
+        sock.on("error", reject);
     });
-    sock.on("error", reject);
-  });
 }
 /**
  * Create an https.Agent that trusts only the given PEM certificate.
@@ -76,9 +70,9 @@ export async function verifyHubCertificate(host, port, fingerprintPrefix) {
  * to the same cert (no TOCTOU gap since Node's TLS layer enforces it).
  */
 export function createPinnedHttpsAgent(certPem) {
-  return new https.Agent({
-    ca: certPem,
-    // Skip hostname check — cert is already pinned by fingerprint
-    checkServerIdentity: () => undefined,
-  });
+    return new https.Agent({
+        ca: certPem,
+        // Skip hostname check — cert is already pinned by fingerprint
+        checkServerIdentity: () => undefined,
+    });
 }

package/dist/logFileService.js

@@ -1,55 +1,58 @@
 import fsp from "node:fs/promises";
 const MAX_READ_BYTES = 256 * 1024;
 export async function tailLogFile(filePath, lineCount, minLevel) {
-  let stat;
-  try {
-    stat = await fsp.stat(filePath);
-  } catch {
-    return { entries: [], fileSize: 0 };
-  }
-  const fileSize = stat.size;
-  if (fileSize === 0) {
-    return { entries: [], fileSize: 0 };
-  }
-  const readSize = Math.min(fileSize, MAX_READ_BYTES);
-  const position = fileSize - readSize;
-  const buffer = Buffer.alloc(readSize);
-  const handle = await fsp.open(filePath, "r");
-  try {
-    await handle.read(buffer, 0, readSize, position);
-  } finally {
-    await handle.close();
-  }
-  const text = buffer.toString("utf-8");
-  const lines = text.split("\n").filter((line) => line.trim().length > 0);
-  // If we didn't read from the start, drop the first line (likely partial)
-  if (position > 0 && lines.length > 0) {
-    lines.shift();
-  }
-  const OMIT_KEYS = new Set(["level", "time", "msg", "pid", "hostname"]);
-  const entries = [];
-  for (const line of lines) {
+    let stat;
     try {
-      const parsed = JSON.parse(line);
-      const level = parsed.level ?? 30;
-      if (minLevel != null && level < minLevel) continue;
-      const extra = {};
-      for (const key of Object.keys(parsed)) {
-        if (!OMIT_KEYS.has(key)) {
-          extra[key] = parsed[key];
+        stat = await fsp.stat(filePath);
+    }
+    catch {
+        return { entries: [], fileSize: 0 };
+    }
+    const fileSize = stat.size;
+    if (fileSize === 0) {
+        return { entries: [], fileSize: 0 };
+    }
+    const readSize = Math.min(fileSize, MAX_READ_BYTES);
+    const position = fileSize - readSize;
+    const buffer = Buffer.alloc(readSize);
+    const handle = await fsp.open(filePath, "r");
+    try {
+        await handle.read(buffer, 0, readSize, position);
+    }
+    finally {
+        await handle.close();
+    }
+    const text = buffer.toString("utf-8");
+    const lines = text.split("\n").filter((line) => line.trim().length > 0);
+    // If we didn't read from the start, drop the first line (likely partial)
+    if (position > 0 && lines.length > 0) {
+        lines.shift();
+    }
+    const OMIT_KEYS = new Set(["level", "time", "msg", "pid", "hostname"]);
+    const entries = [];
+    for (const line of lines) {
+        try {
+            const parsed = JSON.parse(line);
+            const level = parsed.level ?? 30;
+            if (minLevel != null && level < minLevel)
+                continue;
+            const extra = {};
+            for (const key of Object.keys(parsed)) {
+                if (!OMIT_KEYS.has(key)) {
+                    extra[key] = parsed[key];
+                }
+            }
+            const detail = Object.keys(extra).length > 0 ? JSON.stringify(extra) : undefined;
+            entries.push({
+                level,
+                time: parsed.time ?? 0,
+                msg: parsed.msg ?? "",
+                detail,
+            });
+        }
+        catch {
+            // skip malformed lines
         }
-      }
-      const detail =
-        Object.keys(extra).length > 0 ? JSON.stringify(extra) : undefined;
-      entries.push({
-        level,
-        time: parsed.time ?? 0,
-        msg: parsed.msg ?? "",
-        detail,
-      });
-    } catch {
-      // skip malformed lines
     }
-  }
-  return { entries: entries.slice(-lineCount), fileSize };
+    return { entries: entries.slice(-lineCount), fileSize };
 }

package/dist/migrationHelper.js

@@ -9,121 +9,113 @@ const execAsync = promisify(exec);
  * Uses `better-sqlite3` directly (synchronous, no Prisma dependency) for the version check.
  */
 export async function deployPrismaMigrations(options) {
-  const { packageDir, databasePath, expectedVersion, envOverrides } = options;
-  // Ensure database directory exists
-  const databaseDir = dirname(databasePath);
-  if (!existsSync(databaseDir)) {
-    mkdirSync(databaseDir, { recursive: true });
-  }
-  let currentVersion;
-  // Check version if database file already exists
-  if (existsSync(databasePath)) {
-    const db = new Database(databasePath);
-    try {
-      const row = db
-        .prepare("SELECT version FROM schema_version WHERE id = 1")
-        .get();
-      currentVersion = row?.version;
-    } catch {
-      // "no such table" → treat as new DB, proceed with migration
+    const { packageDir, databasePath, expectedVersion, envOverrides } = options;
+    // Ensure database directory exists
+    const databaseDir = dirname(databasePath);
+    if (!existsSync(databaseDir)) {
+        mkdirSync(databaseDir, { recursive: true });
     }
-    // Switch from WAL to DELETE journal mode before closing. This merges any
-    // pending WAL data and removes the -wal/-shm files entirely. Without this,
-    // prisma migrate (a separate process) sees the leftover SHM file and fails
-    // with "database is locked".
-    try {
-      db.pragma("journal_mode=DELETE");
-    } catch {
-      // Failed — another process may genuinely hold the lock
+    let currentVersion;
+    // Check version if database file already exists
+    if (existsSync(databasePath)) {
+        const db = new Database(databasePath);
+        try {
+            const row = db
+                .prepare("SELECT version FROM schema_version WHERE id = 1")
+                .get();
+            currentVersion = row?.version;
+        }
+        catch {
+            // "no such table" → treat as new DB, proceed with migration
+        }
+        // Switch from WAL to DELETE journal mode before closing. This merges any
+        // pending WAL data and removes the -wal/-shm files entirely. Without this,
+        // prisma migrate (a separate process) sees the leftover SHM file and fails
+        // with "database is locked".
+        try {
+            db.pragma("journal_mode=DELETE");
+        }
+        catch {
+            // Failed — another process may genuinely hold the lock
+        }
+        db.close();
+        if (currentVersion === expectedVersion) {
+            return; // Fast path — already at expected version
+        }
     }
-    db.close();
-    if (currentVersion === expectedVersion) {
-      return; // Fast path — already at expected version
+    // Log migration status
+    if (currentVersion !== undefined) {
+        if (currentVersion > expectedVersion) {
+            throw new Error(`Database version ${currentVersion} is newer than expected ${expectedVersion}. Manual intervention required.`);
+        }
+        console.log(`Migrating database from version ${currentVersion} to ${expectedVersion}...`);
     }
-  }
-  // Log migration status
-  if (currentVersion !== undefined) {
-    if (currentVersion > expectedVersion) {
-      throw new Error(
-        `Database version ${currentVersion} is newer than expected ${expectedVersion}. Manual intervention required.`,
-      );
+    else {
+        console.log(`Creating new database with schema version ${expectedVersion}...`);
     }
-    console.log(
-      `Migrating database from version ${currentVersion} to ${expectedVersion}...`,
-    );
-  } else {
-    console.log(
-      `Creating new database with schema version ${expectedVersion}...`,
-    );
-  }
-  // Run prisma migrate deploy
-  const schemaPath = join(packageDir, "prisma", "schema.prisma");
-  const absoluteDbPath = resolve(databasePath).replace(/\\/g, "/");
-  let stdout;
-  let stderr;
-  try {
-    ({ stdout, stderr } = await execAsync(
-      `npx prisma migrate deploy --schema="${schemaPath}"`,
-      {
-        cwd: packageDir,
-        env: {
-          ...process.env,
-          // Resolve to absolute so prisma.config.ts gets a correct path
-          // regardless of this subprocess's cwd (which is packageDir)
-          NAISYS_FOLDER: resolve(process.env.NAISYS_FOLDER || ""),
-          ...envOverrides,
-        },
-      },
-    ));
-  } catch (error) {
-    const msg = error instanceof Error ? error.message : String(error);
-    if (msg.includes("database is locked")) {
-      // Stale WAL/SHM files from a crashed process — remove and retry
-      const walPath = absoluteDbPath + "-wal";
-      const shmPath = absoluteDbPath + "-shm";
-      let removed = false;
-      for (const staleFile of [walPath, shmPath]) {
-        if (existsSync(staleFile)) {
-          console.log(`Removing stale file: ${staleFile}`);
-          unlinkSync(staleFile);
-          removed = true;
-        }
-      }
-      if (removed) {
-        console.log("Retrying migration after removing stale WAL files...");
-        ({ stdout, stderr } = await execAsync(
-          `npx prisma migrate deploy --schema="${schemaPath}"`,
-          {
+    // Run prisma migrate deploy
+    const schemaPath = join(packageDir, "prisma", "schema.prisma");
+    const absoluteDbPath = resolve(databasePath).replace(/\\/g, "/");
+    let stdout;
+    let stderr;
+    try {
+        ({ stdout, stderr } = await execAsync(`npx prisma migrate deploy --schema="${schemaPath}"`, {
             cwd: packageDir,
             env: {
-              ...process.env,
-              NAISYS_FOLDER: resolve(process.env.NAISYS_FOLDER || ""),
-              ...envOverrides,
+                ...process.env,
+                // Resolve to absolute so prisma.config.ts gets a correct path
+                // regardless of this subprocess's cwd (which is packageDir)
+                NAISYS_FOLDER: resolve(process.env.NAISYS_FOLDER || ""),
+                ...envOverrides,
             },
-          },
-        ));
-      } else {
-        throw new Error(
-          `Database is locked: ${absoluteDbPath}\n` +
-            `Another process may be using the database.`,
-        );
-      }
-    } else {
-      throw error;
+        }));
+    }
+    catch (error) {
+        const msg = error instanceof Error ? error.message : String(error);
+        if (msg.includes("database is locked")) {
+            // Stale WAL/SHM files from a crashed process — remove and retry
+            const walPath = absoluteDbPath + "-wal";
+            const shmPath = absoluteDbPath + "-shm";
+            let removed = false;
+            for (const staleFile of [walPath, shmPath]) {
+                if (existsSync(staleFile)) {
+                    console.log(`Removing stale file: ${staleFile}`);
+                    unlinkSync(staleFile);
+                    removed = true;
+                }
+            }
+            if (removed) {
+                console.log("Retrying migration after removing stale WAL files...");
+                ({ stdout, stderr } = await execAsync(`npx prisma migrate deploy --schema="${schemaPath}"`, {
+                    cwd: packageDir,
+                    env: {
+                        ...process.env,
+                        NAISYS_FOLDER: resolve(process.env.NAISYS_FOLDER || ""),
+                        ...envOverrides,
+                    },
+                }));
+            }
+            else {
+                throw new Error(`Database is locked: ${absoluteDbPath}\n` +
+                    `Another process may be using the database.`);
+            }
+        }
+        else {
+            throw error;
+        }
+    }
+    if (stdout)
+        console.log(stdout);
+    if (stderr && !stderr.includes("Loaded Prisma config")) {
+        console.error(stderr);
+    }
+    // Upsert schema_version row via raw SQL
+    const db = new Database(absoluteDbPath);
+    try {
+        db.prepare("INSERT OR REPLACE INTO schema_version (id, version, updated) VALUES (1, ?, ?)").run(expectedVersion, new Date().toISOString());
+    }
+    finally {
+        db.close();
     }
-  }
-  if (stdout) console.log(stdout);
-  if (stderr && !stderr.includes("Loaded Prisma config")) {
-    console.error(stderr);
-  }
-  // Upsert schema_version row via raw SQL
-  const db = new Database(absoluteDbPath);
-  try {
-    db.prepare(
-      "INSERT OR REPLACE INTO schema_version (id, version, updated) VALUES (1, ?, ?)",
-    ).run(expectedVersion, new Date().toISOString());
-  } finally {
-    db.close();
-  }
-  console.log("Database migration completed.");
+    console.log("Database migration completed.");
 }

package/dist/sessionCookie.js

@@ -1,10 +1,10 @@
 export const SESSION_COOKIE_NAME = "naisys_session";
 export function sessionCookieOptions(expiresAt) {
-  return {
-    path: "/",
-    httpOnly: true,
-    sameSite: "lax",
-    secure: process.env.NODE_ENV === "production",
-    maxAge: Math.floor((expiresAt.getTime() - Date.now()) / 1000),
-  };
+    return {
+        path: "/",
+        httpOnly: true,
+        sameSite: "lax",
+        secure: process.env.NODE_ENV === "production",
+        maxAge: Math.floor((expiresAt.getTime() - Date.now()) / 1000),
+    };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naisys/common-node",
-  "version": "3.0.0-beta.5",
+  "version": "3.0.0-beta.7",
   "type": "module",
   "description": "[internal] Node-only utilities for NAISYS",
   "files": [
@@ -16,7 +16,7 @@
     "npm:publish": "npm publish --access public"
   },
   "dependencies": {
-    "@naisys/common": "3.0.0-beta.5",
+    "@naisys/common": "3.0.0-beta.7",
     "better-sqlite3": "^12.6.2",
     "js-yaml": "^4.1.1"
   },