@openape/nest 1.1.1 → 2.0.0

package/dist/index.mjs

@@ -1,17 +1,9 @@
 #!/usr/bin/env node
 
 // src/index.ts
+import { watch } from "fs";
 import process3 from "process";
 
-// src/lib/intent-channel.ts
-import { readdirSync, readFileSync as readFileSync2, renameSync, statSync, unlinkSync, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2, chmodSync } from "fs";
-import { homedir as homedir2 } from "os";
-import { join as join2 } from "path";
-
-// src/api/agents.ts
-import { execFile } from "child_process";
-import { promisify } from "util";
-
 // src/lib/registry.ts
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
 import { homedir } from "os";
@@ -31,220 +23,23 @@ function readRegistry() {
     return emptyRegistry();
   }
 }
-function writeRegistry(reg) {
-  mkdirSync(REGISTRY_DIR, { recursive: true });
-  writeFileSync(REGISTRY_PATH, `${JSON.stringify(reg, null, 2)}
-`, { mode: 384 });
-}
 function listAgents() {
   return readRegistry().agents;
 }
-function findAgent(name) {
-  return readRegistry().agents.find((a) => a.name === name);
-}
-function upsertAgent(entry) {
-  const reg = readRegistry();
-  const existing = reg.agents.findIndex((a) => a.name === entry.name);
-  if (existing >= 0) reg.agents[existing] = entry;
-  else reg.agents.push(entry);
-  writeRegistry(reg);
-}
-function removeAgent(name) {
-  const reg = readRegistry();
-  const before = reg.agents.length;
-  reg.agents = reg.agents.filter((a) => a.name !== name);
-  if (reg.agents.length === before) return false;
-  writeRegistry(reg);
-  return true;
-}
-
-// src/api/agents.ts
-var execFileAsync = promisify(execFile);
-var NAME_REGEX = /^[a-z][a-z0-9-]{0,23}$/;
-async function handleAgentSpawn(ctx) {
-  const body = ctx.body;
-  const name = typeof body?.name === "string" ? body.name : "";
-  if (!NAME_REGEX.test(name)) {
-    throw new Error(`name must match ${NAME_REGEX} (got "${name}")`);
-  }
-  if (findAgent(name)) {
-    throw new Error(`agent "${name}" is already registered with this nest`);
-  }
-  const args = ["run", "--as", "root", "--wait", "--", "apes", "agents", "spawn", name];
-  const includeBridge = body?.bridge !== false;
-  if (includeBridge) {
-    args.push("--bridge");
-    if (typeof body?.bridgeKey === "string") args.push("--bridge-key", body.bridgeKey);
-    if (typeof body?.bridgeBaseUrl === "string") args.push("--bridge-base-url", body.bridgeBaseUrl);
-    if (typeof body?.bridgeModel === "string") args.push("--bridge-model", body.bridgeModel);
-  }
-  ctx.log(`nest: spawning agent "${name}" via apes...`);
-  const { stdout: _stdout } = await execFileAsync(ctx.apesBin, args, { maxBuffer: 4 * 1024 * 1024 });
-  const uid = await readUidFromDscl(name);
-  const entry = {
-    name,
-    uid,
-    home: `/Users/${name}`,
-    email: "",
-    // filled in on first sync — we don't know it locally
-    registeredAt: Math.floor(Date.now() / 1e3),
-    bridge: includeBridge ? {
-      baseUrl: typeof body?.bridgeBaseUrl === "string" ? body.bridgeBaseUrl : void 0,
-      apiKey: typeof body?.bridgeKey === "string" ? body.bridgeKey : void 0,
-      model: typeof body?.bridgeModel === "string" ? body.bridgeModel : void 0
-    } : void 0
-  };
-  upsertAgent(entry);
-  await ctx.supervisor.reconcile(listAgents());
-  return { name, email: entry.email, uid, home: entry.home };
-}
-async function handleAgentDestroy(ctx, name) {
-  if (!NAME_REGEX.test(name)) throw new Error(`invalid agent name "${name}"`);
-  const entry = findAgent(name);
-  if (!entry) throw new Error(`agent "${name}" not registered with this nest`);
-  ctx.log(`nest: destroying agent "${name}"...`);
-  const args = ["run", "--as", "root", "--", "apes", "agents", "destroy", name, "--force"];
-  await execFileAsync(ctx.apesBin, args, { maxBuffer: 4 * 1024 * 1024 });
-  removeAgent(name);
-  await ctx.supervisor.reconcile(listAgents());
-  return { name, removed: true };
-}
-async function readUidFromDscl(name) {
-  try {
-    const { stdout } = await execFileAsync("/usr/bin/dscl", [".", "-read", `/Users/${name}`, "UniqueID"]);
-    const match = stdout.match(/UniqueID:\s*(\d+)/);
-    if (match) return Number(match[1]);
-  } catch {
-  }
-  return -1;
-}
-
-// src/lib/intent-channel.ts
-var POLL_MS = 1e3;
-var INTENTS_DIR = join2(homedir2(), "intents");
-var IntentChannel = class {
-  constructor(deps) {
-    this.deps = deps;
-    mkdirSync2(INTENTS_DIR, { recursive: true });
-    chmodSync(INTENTS_DIR, 504);
-  }
-  timer;
-  inflight = /* @__PURE__ */ new Set();
-  start() {
-    if (this.timer) return;
-    this.timer = setInterval(() => void this.tick(), POLL_MS);
-    this.deps.log(`intent-channel: polling ${INTENTS_DIR}`);
-  }
-  stop() {
-    if (this.timer) clearInterval(this.timer);
-    this.timer = void 0;
-  }
-  async tick() {
-    let entries;
-    try {
-      entries = readdirSync(INTENTS_DIR);
-    } catch {
-      return;
-    }
-    for (const f of entries) {
-      if (!f.endsWith(".json")) continue;
-      if (this.inflight.has(f)) continue;
-      this.inflight.add(f);
-      void this.process(f).finally(() => this.inflight.delete(f));
-    }
-  }
-  async process(filename) {
-    const path = join2(INTENTS_DIR, filename);
-    let intent;
-    try {
-      const raw = readFileSync2(path, "utf8");
-      intent = JSON.parse(raw);
-    } catch (err) {
-      this.deps.log(`intent-channel: failed to read ${filename}: ${err instanceof Error ? err.message : String(err)}`);
-      try {
-        unlinkSync(path);
-      } catch {
-      }
-      return;
-    }
-    this.deps.log(`intent-channel: processing ${intent.action} (id=${intent.id})`);
-    let response;
-    try {
-      const ctx = {
-        url: new URL("intent:/"),
-        body: intent,
-        log: this.deps.log,
-        apesBin: this.deps.apesBin,
-        caller: "<intent-channel>",
-        grantId: intent.id,
-        supervisor: this.deps.supervisor
-      };
-      let result;
-      switch (intent.action) {
-        case "spawn":
-          result = await handleAgentSpawn(ctx);
-          break;
-        case "destroy":
-          result = await handleAgentDestroy(ctx, intent.name);
-          break;
-        case "list":
-          result = { agents: listAgents() };
-          break;
-        default:
-          throw new Error(`unknown action: ${intent.action ?? "<undefined>"}`);
-      }
-      response = { ok: true, result };
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      this.deps.log(`intent-channel: ${intent.action} failed: ${msg}`);
-      response = { ok: false, error: msg };
-    }
-    const respTmp = `${path.replace(/\.json$/, "")}.response.tmp`;
-    const respFinal = `${path.replace(/\.json$/, "")}.response`;
-    writeFileSync2(respTmp, `${JSON.stringify(response)}
-`, { mode: 432 });
-    renameSync(respTmp, respFinal);
-    try {
-      unlinkSync(path);
-    } catch {
-    }
-  }
-};
-function reapStaleResponses(log2) {
-  let entries;
-  try {
-    entries = readdirSync(INTENTS_DIR);
-  } catch {
-    return;
-  }
-  const now = Date.now();
-  for (const f of entries) {
-    if (!f.endsWith(".response")) continue;
-    const path = join2(INTENTS_DIR, f);
-    try {
-      const st = statSync(path);
-      if (now - st.mtimeMs > 60 * 60 * 1e3) {
-        unlinkSync(path);
-        log2(`intent-channel: reaped stale ${f}`);
-      }
-    } catch {
-    }
-  }
-}
 
 // src/lib/pm2-supervisor.ts
-import { execFile as execFile2 } from "child_process";
-import { mkdirSync as mkdirSync3, writeFileSync as writeFileSync3 } from "fs";
-import { join as join3 } from "path";
+import { execFile } from "child_process";
+import { mkdirSync as mkdirSync2, writeFileSync as writeFileSync2 } from "fs";
+import { join as join2 } from "path";
 import process from "process";
-import { promisify as promisify2 } from "util";
-var execFileAsync2 = promisify2(execFile2);
+import { promisify } from "util";
+var execFileAsync = promisify(execFile);
 var AGENTS_DIR = "/var/openape/agents";
 function pm2AppName(agentName) {
   return `openape-bridge-${agentName}`;
 }
 function ecosystemPath(agentName) {
-  return join3(AGENTS_DIR, agentName, "ecosystem.config.js");
+  return join2(AGENTS_DIR, agentName, "ecosystem.config.js");
 }
 function ecosystemContents(apesBin, agentName) {
   void apesBin;
@@ -264,6 +59,21 @@ module.exports = {
 }
 `;
 }
+function startScriptPath(agentName) {
+  return join2(AGENTS_DIR, agentName, "start.sh");
+}
+function startScriptContents(agentName) {
+  const ecosystem = ecosystemPath(agentName);
+  const log2 = `/var/log/openape/${agentName}-pm2.log`;
+  return `#!/bin/bash
+# Auto-generated by Pm2Supervisor for agent '${agentName}'.
+set -e
+export HOME="/Users/${agentName}"
+export PM2_HOME="$HOME/.pm2"
+mkdir -p "$(dirname "${log2}")"
+exec pm2 startOrReload ${ecosystem} >> ${log2} 2>&1 < /dev/null
+`;
+}
 var Pm2Supervisor = class {
   constructor(deps) {
     this.deps = deps;
@@ -278,7 +88,7 @@ var Pm2Supervisor = class {
       try {
         await this.startOrReload(agent.name);
       } catch (err) {
-        this.deps.log(`pm2-supervisor: ${agent.name} startOrReload failed: ${err instanceof Error ? err.message.split("\n")[0] : String(err)}`);
+        this.deps.log(`pm2-supervisor: ${agent.name} reconcile errored: ${err instanceof Error ? err.message.split("\n")[0] : String(err)}`);
       } finally {
         this.inflight.delete(agent.name);
       }
@@ -300,30 +110,65 @@ var Pm2Supervisor = class {
   async stopAll() {
   }
   async startOrReload(agentName) {
-    mkdirSync3(AGENTS_DIR, { recursive: true, mode: 493 });
-    const dir = join3(AGENTS_DIR, agentName);
-    mkdirSync3(dir, { recursive: true, mode: 493 });
+    mkdirSync2(AGENTS_DIR, { recursive: true, mode: 493 });
+    const dir = join2(AGENTS_DIR, agentName);
+    mkdirSync2(dir, { recursive: true, mode: 493 });
     const path = ecosystemPath(agentName);
-    writeFileSync3(path, ecosystemContents(this.deps.apesBin, agentName), { mode: 420 });
-    await this.runAsAgent(agentName, ["pm2", "startOrReload", path]);
-    this.deps.log(`pm2-supervisor: ${agentName} bridge (re)started via pm2`);
+    writeFileSync2(path, ecosystemContents(this.deps.apesBin, agentName), { mode: 420 });
+    const startPath = startScriptPath(agentName);
+    writeFileSync2(startPath, startScriptContents(agentName), { mode: 493 });
+    void path;
+    try {
+      await this.runAsAgent(agentName, ["bash", startPath]);
+    } catch {
+    }
+    let online = false;
+    try {
+      const { stdout } = await this.runAsAgent(agentName, ["pm2", "jlist"]);
+      const json = stdout.match(/\[\s*\{.*\}\s*\]/s)?.[0];
+      if (json) {
+        const list = JSON.parse(json);
+        online = list.some((p) => p.name === pm2AppName(agentName) && p.pm2_env?.status === "online");
+      }
+    } catch {
+    }
+    if (online) {
+      this.deps.log(`pm2-supervisor: ${agentName} bridge online (pm2)`);
+    } else {
+      this.deps.log(`pm2-supervisor: ${agentName} bridge NOT online \u2014 see /var/log/openape/${agentName}-pm2.log`);
+    }
   }
   /** Run a pm2 subcommand AS the agent — escapes-helper does the
-   *  setuid switch, then exec's pm2 in the agent's uid. */
+   *  setuid switch, then exec's pm2 in the agent's uid.
+   *
+   *  cwd: the agent process inherits cwd from the spawning Nest
+   *  daemon, whose cwd is /var/openape/nest (mode 750, no access for
+   *  other uids). Without setting cwd to a world-readable dir, the
+   *  child's first `process.cwd()` call (which Node does internally
+   *  during module loading) throws EACCES. /tmp is the most portable
+   *  always-writable location.
+   */
   async runAsAgent(agentName, args) {
-    return execFileAsync2(
-      this.deps.apesBin,
-      ["run", "--as", agentName, "--wait", "--", ...args],
-      { maxBuffer: 1024 * 1024, env: process.env, timeout: 6e4 }
-    );
+    try {
+      return await execFileAsync(
+        this.deps.apesBin,
+        ["run", "--as", agentName, "--wait", "--", ...args],
+        { maxBuffer: 1024 * 1024, env: process.env, timeout: 6e4, cwd: "/tmp" }
+      );
+    } catch (err) {
+      const e = err;
+      const detail = (e.stderr ?? "").trim().split("\n").slice(-3).join(" / ");
+      const stdoutDetail = (e.stdout ?? "").trim().split("\n").slice(-2).join(" / ");
+      throw new Error(`${e.message?.split("\n")[0] ?? "execFile failed"} | stderr: ${detail || "<empty>"} | stdout: ${stdoutDetail || "<empty>"}`);
+    }
   }
 };
 
 // src/lib/troop-sync.ts
-import { execFile as execFile3 } from "child_process";
+import { execFile as execFile2 } from "child_process";
 import process2 from "process";
-import { promisify as promisify3 } from "util";
-var execFileAsync3 = promisify3(execFile3);
+import { promisify as promisify2 } from "util";
+var execFileAsync2 = promisify2(execFile2);
 var TICK_MS = 5 * 60 * 1e3;
 var TroopSync = class {
   constructor(deps) {
@@ -357,7 +202,7 @@ var TroopSync = class {
   }
   async syncOne(name) {
     try {
-      await execFileAsync3(
+      await execFileAsync2(
         this.deps.apesBin,
         ["run", "--as", name, "--wait", "--", "apes", "agents", "sync"],
         { maxBuffer: 1024 * 1024, env: process2.env, timeout: 6e4 }
@@ -370,34 +215,47 @@ var TroopSync = class {
 
 // src/index.ts
 var APES_BIN = process3.env.OPENAPE_APES_BIN ?? "apes";
+var RECONCILE_DEBOUNCE_MS = 1e3;
 function log(line) {
   process3.stderr.write(`${(/* @__PURE__ */ new Date()).toISOString()}  ${line}
 `);
 }
 var supervisor = new Pm2Supervisor({ apesBin: APES_BIN, log });
 var troopSync = new TroopSync({ apesBin: APES_BIN, log });
-var intentChannel = new IntentChannel({ apesBin: APES_BIN, supervisor, log });
-void supervisor.reconcile(listAgents()).then(
-  () => log("nest: pm2-supervisor reconciled with registry")
-).catch((err) => {
-  log(`nest: pm2-supervisor reconcile failed: ${err instanceof Error ? err.message : String(err)}`);
-});
+async function reconcile() {
+  try {
+    await supervisor.reconcile(listAgents());
+    log("nest: pm2-supervisor reconciled with registry");
+  } catch (err) {
+    log(`nest: reconcile failed: ${err instanceof Error ? err.message : String(err)}`);
+  }
+}
+void reconcile();
 troopSync.start();
-intentChannel.start();
-var reaperTimer = setInterval(reapStaleResponses, 60 * 60 * 1e3, log);
+var reconcileTimer;
+try {
+  watch(REGISTRY_PATH, () => {
+    if (reconcileTimer) clearTimeout(reconcileTimer);
+    reconcileTimer = setTimeout(() => {
+      void reconcile();
+    }, RECONCILE_DEBOUNCE_MS);
+  });
+  log(`nest: watching ${REGISTRY_PATH} for registry changes`);
+} catch (err) {
+  log(`nest: registry watch failed (${err instanceof Error ? err.message : String(err)}) \u2014 falling back to 5s poll`);
+  setInterval(() => {
+    void reconcile();
+  }, 5e3).unref();
+}
 process3.on("SIGTERM", () => {
   log("nest: SIGTERM \u2014 stopping");
-  void supervisor.stopAll();
   troopSync.stop();
-  intentChannel.stop();
-  clearInterval(reaperTimer);
+  if (reconcileTimer) clearTimeout(reconcileTimer);
   process3.exit(0);
 });
 process3.on("SIGINT", () => {
   log("nest: SIGINT \u2014 stopping");
-  void supervisor.stopAll();
   troopSync.stop();
-  intentChannel.stop();
-  clearInterval(reaperTimer);
+  if (reconcileTimer) clearTimeout(reconcileTimer);
   process3.exit(0);
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openape/nest",
-  "version": "1.1.1",
+  "version": "2.0.0",
   "description": "OpenApe Nest — local control-plane daemon that supervises agent processes on this computer. Talks to troop SP for ownership state, spawns/destroys agents via DDISA always-grants, supervises chat-bridge children (replacing per-agent launchd plists).",
   "type": "module",
   "license": "MIT",
@@ -17,8 +17,8 @@
   },
   "dependencies": {
     "ofetch": "^1.4.1",
-    "@openape/core": "0.16.0",
-    "@openape/cli-auth": "0.4.0"
+    "@openape/cli-auth": "0.4.0",
+    "@openape/core": "0.16.0"
   },
   "devDependencies": {
     "@antfu/eslint-config": "^7.6.1",