npm - @openpalm/lib - Versions diffs - 0.10.2 → 0.11.0-beta.10 - Mend

@openpalm/lib 0.10.2 → 0.11.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

package/README.md +4 -2
package/package.json +11 -3
package/src/control-plane/akm-vault.test.ts +105 -0
package/src/control-plane/akm-vault.ts +311 -0
package/src/control-plane/channels.ts +11 -9
package/src/control-plane/cleanup-guardrails.test.ts +8 -9
package/src/control-plane/compose-args.test.ts +25 -33
package/src/control-plane/compose-args.ts +0 -4
package/src/control-plane/compose-errors.test.ts +106 -0
package/src/control-plane/compose-errors.ts +117 -0
package/src/control-plane/config-persistence.ts +148 -73
package/src/control-plane/core-assets.test.ts +104 -0
package/src/control-plane/core-assets.ts +111 -58
package/src/control-plane/docker.ts +70 -25
package/src/control-plane/env.test.ts +25 -1
package/src/control-plane/env.ts +84 -1
package/src/control-plane/home.ts +66 -69
package/src/control-plane/host-opencode.test.ts +260 -0
package/src/control-plane/host-opencode.ts +229 -0
package/src/control-plane/install-edge-cases.test.ts +190 -292
package/src/control-plane/install-lock.ts +157 -0
package/src/control-plane/lifecycle.ts +65 -75
package/src/control-plane/markdown-task.ts +200 -0
package/src/control-plane/migrate-0110.test.ts +177 -0
package/src/control-plane/migrate-0110.ts +99 -0
package/src/control-plane/operator-ids.test.ts +130 -0
package/src/control-plane/operator-ids.ts +89 -0
package/src/control-plane/paths.ts +80 -0
package/src/control-plane/provider-models.ts +154 -0
package/src/control-plane/registry-components.test.ts +105 -27
package/src/control-plane/registry.test.ts +247 -51
package/src/control-plane/registry.ts +404 -54
package/src/control-plane/rollback.ts +17 -16
package/src/control-plane/scheduler.ts +75 -262
package/src/control-plane/secret-mappings.ts +4 -8
package/src/control-plane/secrets.ts +97 -55
package/src/control-plane/setup-config.schema.json +5 -17
package/src/control-plane/setup-status.ts +9 -29
package/src/control-plane/setup-validation.ts +23 -23
package/src/control-plane/setup.test.ts +143 -244
package/src/control-plane/setup.ts +216 -133
package/src/control-plane/skeleton-guardrail.test.ts +151 -0
package/src/control-plane/spec-to-env.test.ts +75 -60
package/src/control-plane/spec-to-env.ts +68 -153
package/src/control-plane/stack-spec.test.ts +22 -84
package/src/control-plane/stack-spec.ts +9 -89
package/src/control-plane/types.ts +9 -29
package/src/control-plane/ui-assets.ts +385 -0
package/src/control-plane/validate.ts +44 -79
package/src/index.ts +102 -56
package/src/logger.test.ts +228 -0
package/src/logger.ts +71 -1
package/src/provider-constants.ts +22 -1
package/src/control-plane/audit.ts +0 -40
package/src/control-plane/env-schema-validation.test.ts +0 -118
package/src/control-plane/lock.test.ts +0 -194
package/src/control-plane/lock.ts +0 -176
package/src/control-plane/memory-config.ts +0 -298
package/src/control-plane/provider-config.ts +0 -34
package/src/control-plane/redact-schema.ts +0 -50
package/src/control-plane/secret-backend.test.ts +0 -359
package/src/control-plane/secret-backend.ts +0 -322
package/src/control-plane/spec-validator.ts +0 -159

package/src/control-plane/spec-to-env.test.ts CHANGED Viewed

@@ -1,21 +1,8 @@
 import { describe, test, expect, beforeEach, afterEach } from "bun:test";
-import { mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { mkdirSync, mkdtempSync, readFileSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
-import { deriveSystemEnvFromSpec, writeCapabilityVars } from "./spec-to-env.js";
-import type { StackSpec } from "./stack-spec.js";
-function makeSpec(overrides?: Partial<StackSpec>): StackSpec {
-  return {
-    version: 2,
-    capabilities: {
-      llm: "openai/gpt-4o",
-      embeddings: { provider: "openai", model: "text-embedding-3-small", dims: 1536 },
-      memory: { userId: "default_user" },
-    },
-    ...overrides,
-  };
-}
+import { deriveSystemEnvFromSpec, writeVoiceVars } from "./spec-to-env.js";
 let tempDir = "";
@@ -29,72 +16,100 @@ afterEach(() => {
 describe("deriveSystemEnvFromSpec", () => {
   test("produces OP_HOME", () => {
-    const result = deriveSystemEnvFromSpec(makeSpec(), "/home/op");
+    const result = deriveSystemEnvFromSpec("/home/op");
     expect(result.OP_HOME).toBe("/home/op");
   });
   test("produces default port values", () => {
-    const result = deriveSystemEnvFromSpec(makeSpec(), "/home/op");
+    const result = deriveSystemEnvFromSpec("/home/op");
     expect(result.OP_ASSISTANT_PORT).toBe("3800");
-    expect(result.OP_MEMORY_PORT).toBe("3898");
-    expect(result.OP_GUARDIAN_PORT).toBe("3899");
   });
-  test("does not include LLM provider in system env (lives in OP_CAP_* vars in stack.env)", () => {
-    const result = deriveSystemEnvFromSpec(makeSpec(), "/home/op");
-    expect(result.SYSTEM_LLM_PROVIDER).toBeUndefined();
-    expect(result.SYSTEM_LLM_MODEL).toBeUndefined();
+  test("does not emit OP_GUARDIAN_PORT (guardian is network-only, no host mapping)", () => {
+    const result = deriveSystemEnvFromSpec("/home/op");
+    expect(result.OP_GUARDIAN_PORT).toBeUndefined();
   });
-  test("does not include embedding config in system env (lives in OP_CAP_* vars in stack.env)", () => {
-    const result = deriveSystemEnvFromSpec(makeSpec(), "/home/op");
-    expect(result.EMBEDDING_MODEL).toBeUndefined();
-    expect(result.EMBEDDING_DIMS).toBeUndefined();
+  test("does not include the retired memory service port", () => {
+    const result = deriveSystemEnvFromSpec("/home/op");
+    const retired = "OP_" + "MEMORY_PORT";
+    expect(result[retired]).toBeUndefined();
+  });
+  test("does not include LLM provider in system env", () => {
+    const result = deriveSystemEnvFromSpec("/home/op");
+    expect(result.SYSTEM_LLM_PROVIDER).toBeUndefined();
+    expect(result.SYSTEM_LLM_MODEL).toBeUndefined();
   });
   test("does not include removed feature flags", () => {
-    const spec = makeSpec();
-    const result = deriveSystemEnvFromSpec(spec, "/home/op");
+    const result = deriveSystemEnvFromSpec("/home/op");
     expect(result.OP_OLLAMA_ENABLED).toBeUndefined();
     expect(result.OP_ADMIN_ENABLED).toBeUndefined();
   });
+  test("auto-detects OP_UID/OP_GID from the homeDir owner (not hard-coded 1000)", () => {
+    // tempDir is owned by the test process, which on a CI runner or
+    // dev box is typically NOT root and NOT necessarily UID 1000. The
+    // assertion that matters: we read the value off statSync, not a
+    // hard-coded constant.
+    if (process.platform === "win32") return;
+    const expected = statSync(tempDir);
+    const result = deriveSystemEnvFromSpec(tempDir);
+    expect(result.OP_UID).toBe(String(expected.uid));
+    expect(result.OP_GID).toBe(String(expected.gid));
+  });
 });
-describe("writeCapabilityVars", () => {
-  test("writes OP_CAP_* vars to stack.env", () => {
-    const spec = makeSpec({
-      capabilities: {
-        llm: "openai/gpt-4o",
-        embeddings: { provider: "openai", model: "text-embedding-3-small", dims: 1536 },
-        memory: { userId: "default_user" },
-      },
-    });
-    // Seed stack.env so writeCapabilityVars can read/merge it
-    const vaultDir = join(tempDir, "vault");
-    mkdirSync(join(vaultDir, "stack"), { recursive: true });
-    writeFileSync(join(vaultDir, "stack", "stack.env"), "# stack env\n");
-    writeCapabilityVars(spec, vaultDir);
-    const stackEnvContent = readFileSync(join(vaultDir, "stack", "stack.env"), "utf-8");
-    expect(stackEnvContent).toContain("OP_CAP_LLM_PROVIDER=openai");
-    expect(stackEnvContent).toContain("OP_CAP_LLM_MODEL=gpt-4o");
-    expect(stackEnvContent).toContain("OP_CAP_EMBEDDINGS_MODEL=text-embedding-3-small");
-    expect(stackEnvContent).toContain("OP_CAP_EMBEDDINGS_DIMS=1536");
-    expect(stackEnvContent).toContain("MEMORY_USER_ID=default_user");
+describe("writeVoiceVars", () => {
+  test("writes TTS vars to stack.env", () => {
+    mkdirSync(tempDir, { recursive: true });
+    writeFileSync(join(tempDir, "stack.env"), "# stack env\n");
+    writeVoiceVars({
+      tts: { baseURL: "https://tts.example.com/v1", model: "tts-1", voice: "alloy" },
+    }, tempDir);
+    const content = readFileSync(join(tempDir, "stack.env"), "utf-8");
+    expect(content).toContain("OP_TTS_BASE_URL=https://tts.example.com/v1");
+    expect(content).toContain("OP_TTS_MODEL=tts-1");
+    expect(content).toContain("OP_TTS_VOICE=alloy");
+  });
+  test("writes STT vars to stack.env", () => {
+    mkdirSync(tempDir, { recursive: true });
+    writeFileSync(join(tempDir, "stack.env"), "# stack env\n");
+    writeVoiceVars({
+      stt: { baseURL: "https://stt.example.com/v1", model: "whisper-1", language: "en" },
+    }, tempDir);
+    const content = readFileSync(join(tempDir, "stack.env"), "utf-8");
+    expect(content).toContain("OP_STT_BASE_URL=https://stt.example.com/v1");
+    expect(content).toContain("OP_STT_MODEL=whisper-1");
+    expect(content).toContain("OP_STT_LANGUAGE=en");
   });
-  test("does not create managed.env files", () => {
-    const spec = makeSpec();
+  test("creates stack.env if it does not exist", () => {
+    mkdirSync(tempDir, { recursive: true });
+    writeVoiceVars({
+      tts: { baseURL: "https://tts.example.com/v1", model: "tts-1" },
+    }, tempDir);
+    const content = readFileSync(join(tempDir, "stack.env"), "utf-8");
+    expect(content).toContain("OP_TTS_BASE_URL=https://tts.example.com/v1");
+  });
-    const vaultDir = join(tempDir, "vault");
-    mkdirSync(join(vaultDir, "stack"), { recursive: true });
-    writeFileSync(join(vaultDir, "stack", "stack.env"), "# stack env\n");
+  test("is a no-op when no vars are provided", () => {
+    mkdirSync(tempDir, { recursive: true });
+    const stackEnvPath = join(tempDir, "stack.env");
+    writeFileSync(stackEnvPath, "EXISTING=value\n");
-    writeCapabilityVars(spec, vaultDir);
+    writeVoiceVars({}, tempDir);
-    const managedEnvPath = join(vaultDir, "stack", "services", "memory", "managed.env");
-    expect(() => readFileSync(managedEnvPath)).toThrow();
+    // File should be unchanged
+    const content = readFileSync(stackEnvPath, "utf-8");
+    expect(content).toBe("EXISTING=value\n");
   });
 });

package/src/control-plane/spec-to-env.ts CHANGED Viewed

@@ -1,30 +1,20 @@
 /**
  * Config-to-env derivation pipeline.
  *
- * Reads a StackSpec v2 and deterministically produces:
- * 1. System env vars for stack.env (non-secret infrastructure config)
- * 2. Resolved capability vars (OP_CAP_*) written to stack.env
+ * Produces system env vars for stack.env (non-secret infrastructure config).
+ * Voice channel vars (TTS/STT) are written separately via writeVoiceVars.
  */
-import type { StackSpec } from "./stack-spec.js";
-import { SPEC_DEFAULTS, parseCapabilityString } from "./stack-spec.js";
+import { SPEC_DEFAULTS } from "./stack-spec.js";
 import { existsSync, readFileSync, writeFileSync } from "node:fs";
-import { dirname } from "node:path";
-import { mergeEnvContent, parseEnvContent } from "./env.js";
-import { PROVIDER_DEFAULT_URLS, PROVIDER_KEY_MAP, OLLAMA_INSTACK_URL } from "../provider-constants.js";
-import { listEnabledAddonIds } from "./registry.js";
+import { mergeEnvContent } from "./env.js";
+import { resolveOperatorIds } from "./operator-ids.js";
 /**
  * Derive the system.env key-value pairs from the StackSpec.
  * Secrets (tokens, API keys, HMAC) are NOT included — the caller merges them.
  */
-export function deriveSystemEnvFromSpec(
-  spec: StackSpec,
-  homeDir: string,
-): Record<string, string> {
-  const uid = typeof process.getuid === "function" ? (process.getuid() ?? 1000) : 1000;
-  const gid = typeof process.getgid === "function" ? (process.getgid() ?? 1000) : 1000;
+export function deriveSystemEnvFromSpec(homeDir: string): Record<string, string> {
   const ports = SPEC_DEFAULTS.ports;
   const image = SPEC_DEFAULTS.image;
@@ -32,163 +22,88 @@ export function deriveSystemEnvFromSpec(
   // Paths
   result["OP_HOME"] = homeDir;
-  result["OP_UID"] = String(uid);
-  result["OP_GID"] = String(gid);
-  result["OP_DOCKER_SOCK"] = process.env.OP_DOCKER_SOCK ?? "/var/run/docker.sock";
+  // Operator UID/GID — auto-detect from OP_HOME owner (or process UID
+  // as fallback). Skipped on Windows where containers run in WSL2 and
+  // OP_UID has no meaning on the host process.
+  const ids = resolveOperatorIds(homeDir);
+  if (ids) {
+    result["OP_UID"] = String(ids.uid);
+    result["OP_GID"] = String(ids.gid);
+  }
   // Image
   result["OP_IMAGE_NAMESPACE"] = image.namespace;
   result["OP_IMAGE_TAG"] = image.tag;
-  // Ports
+  // Ports — only the services that publish to the host. Guardian is
+  // network-only (no host port mapping) so OP_GUARDIAN_PORT is no longer
+  // emitted; channels reach it via Docker DNS at http://guardian:8080.
   result["OP_ASSISTANT_PORT"] = String(ports.assistant);
   result["OP_ADMIN_PORT"] = String(ports.admin);
   result["OP_ADMIN_OPENCODE_PORT"] = String(ports.adminOpencode);
-  result["OP_MEMORY_PORT"] = String(ports.memory);
-  result["OP_GUARDIAN_PORT"] = String(ports.guardian);
   result["OP_ASSISTANT_SSH_PORT"] = String(ports.assistantSsh);
   return result;
 }
-// ── Capability Resolution ────────────────────────────────────────────────
-/**
- * Resolve all capabilities from stack.yml and write OP_CAP_* vars into stack.env.
- *
- * Reads raw API keys from the current stack.env, resolves provider → base URL → API key
- * for each capability, and merges the OP_CAP_* section into stack.env.
- *
- * Services consume these via compose ${VAR} substitution in their environment blocks.
- */
-export function writeCapabilityVars(spec: StackSpec, vaultDir: string): void {
-  const stackEnvPath = `${vaultDir}/stack/stack.env`;
-  const stackEnv = existsSync(stackEnvPath)
-    ? parseEnvContent(readFileSync(stackEnvPath, "utf-8"))
-    : {};
-  const resolveKey = (provider: string): string => {
-    const keyVar = PROVIDER_KEY_MAP[provider];
-    return keyVar ? (stackEnv[keyVar] || "") : "";
-  };
-  /** Providers that do NOT use an OpenAI-compatible /v1 path prefix. */
-  const NO_V1_SUFFIX = new Set(["ollama", "google"]);
-  const ensureV1 = (url: string, provider: string): string => {
-    if (!url || NO_V1_SUFFIX.has(provider)) return url;
-    return url.endsWith("/v1") ? url : `${url.replace(/\/+$/, "")}/v1`;
-  };
-  /** Map provider → env var for user-configured base URL overrides. */
-  const BASE_URL_ENV_MAP: Record<string, string> = {
-    openai: "OPENAI_BASE_URL",
-    anthropic: "ANTHROPIC_BASE_URL",
-    groq: "GROQ_BASE_URL",
-    mistral: "MISTRAL_BASE_URL",
-    together: "TOGETHER_BASE_URL",
-    deepseek: "DEEPSEEK_BASE_URL",
-    xai: "XAI_BASE_URL",
-    google: "GOOGLE_BASE_URL",
-    huggingface: "HF_BASE_URL",
-    ollama: "OLLAMA_BASE_URL",
-    lmstudio: "LMSTUDIO_BASE_URL",
-    "model-runner": "MODEL_RUNNER_BASE_URL",
-    "openai-compatible": "OPENAI_COMPATIBLE_BASE_URL",
-  };
-  const resolveUrl = (provider: string): string => {
-    if (provider === "ollama" && listEnabledAddonIds(dirname(vaultDir)).includes("ollama")) return OLLAMA_INSTACK_URL;
-    // Check stack.env for a user-configured base URL override for any provider
-    const urlEnvKey = BASE_URL_ENV_MAP[provider];
-    if (urlEnvKey && stackEnv[urlEnvKey]) {
-      return ensureV1(stackEnv[urlEnvKey], provider);
-    }
-    const defaultUrl = PROVIDER_DEFAULT_URLS[provider] || "";
-    return ensureV1(defaultUrl, provider);
+// ── Voice Channel Env Vars ────────────────────────────────────────────────
+export type VoiceVarsConfig = {
+  tts?: {
+    enabled?: boolean;
+    /** Engine name (e.g. "kokoro", "elevenlabs", "browser"). */
+    engine?: string;
+    /** Optional sub-provider qualifier when an engine fronts multiple providers. */
+    provider?: string;
+    baseURL?: string;
+    model?: string;
+    voice?: string;
   };
-  const caps: Record<string, string> = {};
-  /** Set a list of capability env vars to empty string (disabled capability). */
-  const clearCapVars = (prefix: string, fields: string[]): void => {
-    for (const f of fields) caps[`${prefix}_${f}`] = "";
+  stt?: {
+    enabled?: boolean;
+    engine?: string;
+    provider?: string;
+    baseURL?: string;
+    model?: string;
+    language?: string;
   };
+};
-  // ── LLM ──
-  const { provider: llmP, model: llmM } = parseCapabilityString(spec.capabilities.llm);
-  caps.OP_CAP_LLM_PROVIDER = llmP;
-  caps.OP_CAP_LLM_MODEL = llmM;
-  caps.OP_CAP_LLM_BASE_URL = resolveUrl(llmP);
-  caps.OP_CAP_LLM_API_KEY = resolveKey(llmP);
-  // ── SLM ──
-  if (spec.capabilities.slm) {
-    const { provider: slmP, model: slmM } = parseCapabilityString(spec.capabilities.slm);
-    caps.OP_CAP_SLM_PROVIDER = slmP;
-    caps.OP_CAP_SLM_MODEL = slmM;
-    caps.OP_CAP_SLM_BASE_URL = resolveUrl(slmP);
-    caps.OP_CAP_SLM_API_KEY = resolveKey(slmP);
-  } else {
-    clearCapVars("OP_CAP_SLM", ["PROVIDER", "MODEL", "BASE_URL", "API_KEY"]);
-  }
-  // ── Embeddings ──
-  const emb = spec.capabilities.embeddings;
-  caps.OP_CAP_EMBEDDINGS_PROVIDER = emb.provider;
-  caps.OP_CAP_EMBEDDINGS_MODEL = emb.model;
-  caps.OP_CAP_EMBEDDINGS_BASE_URL = resolveUrl(emb.provider);
-  caps.OP_CAP_EMBEDDINGS_API_KEY = resolveKey(emb.provider);
-  caps.OP_CAP_EMBEDDINGS_DIMS = String(emb.dims);
-  // ── TTS ──
-  const tts = spec.capabilities.tts;
-  if (tts?.enabled) {
-    const p = tts.provider || llmP;
-    caps.OP_CAP_TTS_PROVIDER = p;
-    caps.OP_CAP_TTS_MODEL = tts.model || "";
-    caps.OP_CAP_TTS_BASE_URL = resolveUrl(p);
-    caps.OP_CAP_TTS_API_KEY = resolveKey(p);
-    caps.OP_CAP_TTS_VOICE = tts.voice || "";
-    caps.OP_CAP_TTS_FORMAT = tts.format || "";
-  } else {
-    clearCapVars("OP_CAP_TTS", ["PROVIDER", "MODEL", "BASE_URL", "API_KEY", "VOICE", "FORMAT"]);
-  }
-  // ── STT ──
-  const stt = spec.capabilities.stt;
-  if (stt?.enabled) {
-    const p = stt.provider || llmP;
-    caps.OP_CAP_STT_PROVIDER = p;
-    caps.OP_CAP_STT_MODEL = stt.model || "";
-    caps.OP_CAP_STT_BASE_URL = resolveUrl(p);
-    caps.OP_CAP_STT_API_KEY = resolveKey(p);
-    caps.OP_CAP_STT_LANGUAGE = stt.language || "";
-  } else {
-    clearCapVars("OP_CAP_STT", ["PROVIDER", "MODEL", "BASE_URL", "API_KEY", "LANGUAGE"]);
+/**
+ * Write TTS/STT env vars to stack.env for the voice channel container.
+ * `engine` always writes (even if it's the only field) so picking an
+ * engine without filling in URL/model still persists.
+ */
+export function writeVoiceVars(config: VoiceVarsConfig, stackDir: string): void {
+  const stackEnvPath = `${stackDir}/stack.env`;
+  const base = existsSync(stackEnvPath) ? readFileSync(stackEnvPath, "utf-8") : "";
+  const vars: Record<string, string> = {};
+  // OP_ prefix is mandatory: unprefixed TTS_*/STT_* names collide with
+  // other tooling (OpenAI clients, kokoro-fastapi, etc.) commonly set in
+  // operator shells. The UI server only reads OP_-prefixed vars from
+  // process.env, so a leaked host TTS_VOICE can't silently override the
+  // saved selection.
+  const { tts, stt } = config;
+  if (tts?.enabled !== false) {
+    if (tts?.engine) vars["OP_TTS_ENGINE"] = tts.engine;
+    if (tts?.provider) vars["OP_TTS_PROVIDER"] = tts.provider;
+    if (tts?.baseURL) vars["OP_TTS_BASE_URL"] = tts.baseURL;
+    if (tts?.model) vars["OP_TTS_MODEL"] = tts.model;
+    if (tts?.voice) vars["OP_TTS_VOICE"] = tts.voice;
   }
-  // ── Reranking ──
-  const rr = spec.capabilities.reranking;
-  if (rr?.enabled) {
-    const p = rr.provider || llmP;
-    caps.OP_CAP_RERANKING_PROVIDER = p;
-    caps.OP_CAP_RERANKING_MODEL = rr.model || "";
-    caps.OP_CAP_RERANKING_BASE_URL = resolveUrl(p);
-    caps.OP_CAP_RERANKING_API_KEY = resolveKey(p);
-    caps.OP_CAP_RERANKING_TOP_K = rr.topK ? String(rr.topK) : "";
-    caps.OP_CAP_RERANKING_TOP_N = rr.topN ? String(rr.topN) : "";
-  } else {
-    clearCapVars("OP_CAP_RERANKING", ["PROVIDER", "MODEL", "BASE_URL", "API_KEY", "TOP_K", "TOP_N"]);
+  if (stt?.enabled !== false) {
+    if (stt?.engine) vars["OP_STT_ENGINE"] = stt.engine;
+    if (stt?.provider) vars["OP_STT_PROVIDER"] = stt.provider;
+    if (stt?.baseURL) vars["OP_STT_BASE_URL"] = stt.baseURL;
+    if (stt?.model) vars["OP_STT_MODEL"] = stt.model;
+    if (stt?.language) vars["OP_STT_LANGUAGE"] = stt.language;
   }
-  // ── Memory ──
-  caps.MEMORY_USER_ID = spec.capabilities.memory.userId || "default_user";
+  if (Object.keys(vars).length === 0) return;
-  // Merge into stack.env
-  const base = existsSync(stackEnvPath) ? readFileSync(stackEnvPath, "utf-8") : "";
-  let content = mergeEnvContent(base, caps, {
-    sectionHeader: "# ── Resolved Capabilities (from stack.yml) ─────────────────────────",
+  let content = mergeEnvContent(base, vars, {
+    sectionHeader: "# ── Voice Channel (TTS/STT) ──────────────────────────────────────────",
   });
   if (!content.endsWith("\n")) content += "\n";
   writeFileSync(stackEnvPath, content, { mode: 0o600 });

package/src/control-plane/stack-spec.test.ts CHANGED Viewed

@@ -1,8 +1,7 @@
 /**
  * Stack spec parser tests.
  *
- * Verifies that readStackSpec / writeStackSpec produce consistent results
- * and that all addon resolution goes through the canonical lib functions.
+ * Verifies that readStackSpec / writeStackSpec produce consistent results.
  */
 import { describe, it, expect, beforeEach, afterEach } from "bun:test";
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
@@ -12,10 +11,6 @@ import {
   readStackSpec,
   writeStackSpec,
   STACK_SPEC_FILENAME,
-  stackSpecPath,
-  parseCapabilityString,
-  formatCapabilityString,
-  updateCapability,
 } from "./stack-spec.js";
 import type { StackSpec } from "./stack-spec.js";
@@ -29,37 +24,33 @@ afterEach(() => {
   rmSync(configDir, { recursive: true, force: true });
 });
-// ── Helpers ─────────────────────────────────────────────────────────────
-function makeSpec(): StackSpec {
-  return {
-    version: 2,
-    capabilities: {
-      llm: "openai/gpt-4o",
-      embeddings: { provider: "openai", model: "text-embedding-3-small", dims: 1536 },
-      memory: { userId: "test-user" },
-    },
-  };
-}
+const MINIMAL_SPEC: StackSpec = { version: 2 };
 // ── readStackSpec / writeStackSpec round-trip ────────────────────────────
 describe("readStackSpec / writeStackSpec round-trip", () => {
-  it("round-trips a spec with capabilities only", () => {
-    const spec = makeSpec();
-    writeStackSpec(configDir, spec);
+  it("round-trips a minimal spec", () => {
+    writeStackSpec(configDir, MINIMAL_SPEC);
     const read = readStackSpec(configDir);
     expect(read).not.toBeNull();
     expect(read!.version).toBe(2);
-    expect(read!.capabilities.llm).toBe("openai/gpt-4o");
   });
   it("writes to the canonical filename", () => {
-    writeStackSpec(configDir, makeSpec());
+    writeStackSpec(configDir, MINIMAL_SPEC);
     const expectedPath = join(configDir, STACK_SPEC_FILENAME);
+    expect(expectedPath).toBe(join(configDir, "stack.yml"));
+    expect(readStackSpec(configDir)).not.toBeNull();
+  });
+  it("ignores legacy capabilities fields on read", () => {
+    // On upgraded installs, old stack.yml may have capabilities — should still parse
+    writeFileSync(join(configDir, STACK_SPEC_FILENAME),
+      "version: 2\ncapabilities:\n  llm: openai/gpt-4o\n  embeddings:\n    provider: openai\n    model: text-embedding-3-small\n    dims: 1536\n"
+    );
     const read = readStackSpec(configDir);
     expect(read).not.toBeNull();
-    expect(stackSpecPath(configDir)).toBe(expectedPath);
+    expect(read!.version).toBe(2);
   });
 });
@@ -80,71 +71,18 @@ describe("readStackSpec edge cases", () => {
     expect(readStackSpec(configDir)).toBeNull();
   });
-  it("returns null when capabilities is missing", () => {
+  it("returns valid spec for version 2 with no other fields", () => {
     writeFileSync(join(configDir, STACK_SPEC_FILENAME), "version: 2\n");
-    expect(readStackSpec(configDir)).toBeNull();
-  });
-});
-// ── Capability helpers ──────────────────────────────────────────────────
-describe("parseCapabilityString", () => {
-  it("splits provider/model", () => {
-    expect(parseCapabilityString("openai/gpt-4o")).toEqual({ provider: "openai", model: "gpt-4o" });
-  });
-  it("handles model with slashes", () => {
-    expect(parseCapabilityString("ollama/qwen/2.5-coder:3b")).toEqual({ provider: "ollama", model: "qwen/2.5-coder:3b" });
-  });
-  it("handles missing slash", () => {
-    expect(parseCapabilityString("openai")).toEqual({ provider: "openai", model: "" });
-  });
-});
-describe("formatCapabilityString", () => {
-  it("joins provider and model", () => {
-    expect(formatCapabilityString("openai", "gpt-4o")).toBe("openai/gpt-4o");
+    const spec = readStackSpec(configDir);
+    expect(spec).not.toBeNull();
+    expect(spec!.version).toBe(2);
   });
 });
-// ── updateCapability ────────────────────────────────────────────────────
+// ── STACK_SPEC_FILENAME ───────────────────────────────────────────────────
-describe("updateCapability", () => {
-  it("updates a single capability key", () => {
-    writeStackSpec(configDir, makeSpec());
-    updateCapability(configDir, "llm", "anthropic/claude-sonnet-4");
-    const read = readStackSpec(configDir);
-    expect(read).not.toBeNull();
-    expect(read!.capabilities.llm).toBe("anthropic/claude-sonnet-4");
-  });
-  it("throws when spec is missing", () => {
-    expect(() => updateCapability(configDir, "llm", "test")).toThrow("stack.yml not found or invalid");
-  });
-});
-// ── stackSpecPath / STACK_SPEC_FILENAME ──────────────────────────────────
-describe("stackSpecPath", () => {
-  it("returns configDir/stack.yml", () => {
-    expect(stackSpecPath("/foo/config")).toBe("/foo/config/stack.yml");
-  });
-  it("uses STACK_SPEC_FILENAME constant", () => {
+describe("STACK_SPEC_FILENAME", () => {
+  it("is stack.yml", () => {
     expect(STACK_SPEC_FILENAME).toBe("stack.yml");
-    expect(stackSpecPath(configDir)).toBe(`${configDir}/${STACK_SPEC_FILENAME}`);
-  });
-});
-// ── writeStackSpec creates directory ─────────────────────────────────────
-describe("writeStackSpec", () => {
-  it("creates configDir if it does not exist", () => {
-    const nestedDir = join(configDir, "nested", "deep");
-    writeStackSpec(nestedDir, makeSpec());
-    const read = readStackSpec(nestedDir);
-    expect(read).not.toBeNull();
-    expect(read!.version).toBe(2);
   });
 });