@openpalm/lib 0.11.0-beta.1 → 0.11.0-beta.10

package/src/index.ts

@@ -25,15 +25,12 @@ export {
 export type {
   ControlPlaneState,
   CoreServiceName,
-  OptionalServiceName,
   ChannelInfo,
   CallerType,
   ArtifactMeta,
-  AuditEntry,
 } from "./control-plane/types.js";
 export {
   CORE_SERVICES,
-  OPTIONAL_SERVICES,
 } from "./control-plane/types.js";
 
 // ── Backups ───────────────────────────────────────────────────────────────
@@ -44,6 +41,8 @@ export {
 // ── Registry Catalog ─────────────────────────────────────────────────────
 export type {
   AddonMutationResult,
+  AddonProfile,
+  AddonProfileAvailability,
   RegistryAutomationEntry,
   RegistryComponentEntry,
   RegistryAddonConfig,
@@ -58,10 +57,13 @@ export {
   getRegistryAutomation,
   getRegistryAddonConfig,
   getAddonServiceNames,
+  getAddonProfiles,
+  getAddonProfileAvailability,
+  annotateAddonProfileAvailability,
+  getAddonProfileSelection,
+  setAddonProfileSelection,
   listAvailableAddonIds,
   listEnabledAddonIds,
-  enableAddon,
-  disableAddonByName,
   setAddonEnabled,
   installAutomationFromRegistry,
   uninstallAutomation,
@@ -96,9 +98,6 @@ export {
   RELEASE_TAG_REGEX,
 } from "./control-plane/env.js";
 
-// ── Audit ───────────────────────────────────────────────────────────────
-export { appendAudit } from "./control-plane/audit.js";
-
 // ── OpenCode Client ─────────────────────────────────────────────────────
 export { createOpenCodeClient } from "./control-plane/opencode-client.js";
 export type { ProxyResult, OpenCodeProvider } from "./control-plane/opencode-client.js";
@@ -114,11 +113,8 @@ export {
   maskSecretValue,
   ensureOpenCodeConfig,
 } from "./control-plane/secrets.js";
-export {
-  detectSecretBackend,
-  validatePassEntryName,
-} from "./control-plane/secret-backend.js";
-export type { SecretBackend } from "./control-plane/secret-backend.js";
+export { migrateAuth0110 } from "./control-plane/migrate-0110.js";
+export type { MigrateAuth0110Result } from "./control-plane/migrate-0110.js";
 // ── Setup Status ────────────────────────────────────────────────────────
 export {
   isSetupComplete,
@@ -147,6 +143,7 @@ export {
   ensureOpenCodeSystemConfig,
   refreshCoreAssets,
   seedStashAssets,
+  seedAssistantPersonaFiles,
 } from "./control-plane/core-assets.js";
 
 // ── Configuration Persistence ────────────────────────────────────────────
@@ -184,6 +181,7 @@ export {
   applyUninstall,
   applyUpgrade,
   performUpgrade,
+  applyTagChange,
   updateStackEnvToLatestImageTag,
   buildComposeFileList,
   buildManagedServices,
@@ -234,6 +232,13 @@ export {
   buildComposeCliArgs,
 } from "./control-plane/compose-args.js";
 
+// ── Compose Error Parsing ────────────────────────────────────────────────
+export type { ComposeServiceFailure } from "./control-plane/compose-errors.js";
+export {
+  parseComposeStderr,
+  summarizeComposeStderr,
+} from "./control-plane/compose-errors.js";
+
 // ── Stack Spec (v2) ──────────────────────────────────────────────────────
 export type {
   StackSpec,
@@ -250,6 +255,13 @@ export {
   writeVoiceVars,
 } from "./control-plane/spec-to-env.js";
 
+// ── Operator UID/GID Detection ──────────────────────────────────────────
+export type { OperatorIds } from "./control-plane/operator-ids.js";
+export {
+  resolveOperatorIds,
+  hasUsableOperatorId,
+} from "./control-plane/operator-ids.js";
+
 // ── Setup ────────────────────────────────────────────────────────────────
 export type {
   SetupSpec,
@@ -297,4 +309,5 @@ export {
   resolveUiBuildDir,
   seedUiBuild,
   checkAndUpdateUiBuild,
+  readCurrentUiBuildVersion,
 } from "./control-plane/ui-assets.js";

package/src/logger.test.ts

@@ -34,7 +34,7 @@ describe('redactValue', () => {
   });
 
   test('leaves non-secret values alone', () => {
-    expect(redactValue('OWNER_NAME', 'alice')).toBe('alice');
+    expect(redactValue('OP_OWNER_NAME', 'alice')).toBe('alice');
     expect(redactValue('OP_HOME', '/openpalm')).toBe('/openpalm');
     expect(redactValue('OP_ASSISTANT_PORT', '3800')).toBe('3800');
   });
@@ -71,7 +71,7 @@ describe('isSensitiveEnvKey', () => {
   });
 
   test('returns false for ordinary keys', () => {
-    expect(isSensitiveEnvKey('OWNER_NAME')).toBe(false);
+    expect(isSensitiveEnvKey('OP_OWNER_NAME')).toBe(false);
     expect(isSensitiveEnvKey('OP_HOME')).toBe(false);
     expect(isSensitiveEnvKey('OP_ASSISTANT_PORT')).toBe(false);
   });
@@ -81,11 +81,11 @@ describe('redactExtra', () => {
   test('masks top-level secret string values', () => {
     const result = redactExtra({
       OPENAI_API_KEY: 'sk-abc',
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
     expect(result).toEqual({
       OPENAI_API_KEY: '***REDACTED***',
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
   });
 
@@ -93,13 +93,13 @@ describe('redactExtra', () => {
     const result = redactExtra({
       env: {
         OPENAI_API_KEY: 'sk-abc',
-        OWNER_NAME: 'alice',
+        OP_OWNER_NAME: 'alice',
       },
     });
     expect(result).toEqual({
       env: {
         OPENAI_API_KEY: '***REDACTED***',
-        OWNER_NAME: 'alice',
+        OP_OWNER_NAME: 'alice',
       },
     });
   });
@@ -108,13 +108,13 @@ describe('redactExtra', () => {
     const result = redactExtra({
       items: [
         { OPENAI_API_KEY: 'sk-1' },
-        { OWNER_NAME: 'bob' },
+        { OP_OWNER_NAME: 'bob' },
       ],
     });
     expect(result).toEqual({
       items: [
         { OPENAI_API_KEY: '***REDACTED***' },
-        { OWNER_NAME: 'bob' },
+        { OP_OWNER_NAME: 'bob' },
       ],
     });
   });
@@ -129,12 +129,12 @@ describe('redactExtra', () => {
     const result = redactExtra({
       OP_UI_TOKEN: 12345,
       OPENAI_API_KEY: true,
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
     expect(result).toEqual({
       OP_UI_TOKEN: '***REDACTED***',
       OPENAI_API_KEY: '***REDACTED***',
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
   });
 
@@ -181,10 +181,10 @@ describe('createLogger', () => {
 
   test('redacts sensitive keys in the extra payload before writing the log line', () => {
     const logger = createLogger('test');
-    logger.info('msg', { OPENAI_API_KEY: 'sk-leak', OWNER_NAME: 'alice' });
+    logger.info('msg', { OPENAI_API_KEY: 'sk-leak', OP_OWNER_NAME: 'alice' });
     expect(logged.length).toBe(1);
     expect(logged[0]).toContain('"OPENAI_API_KEY":"***REDACTED***"');
-    expect(logged[0]).toContain('"OWNER_NAME":"alice"');
+    expect(logged[0]).toContain('"OP_OWNER_NAME":"alice"');
     expect(logged[0]).not.toContain('sk-leak');
   });
 

package/src/logger.ts

@@ -13,7 +13,7 @@ export type LogLevel = 'debug' | 'info' | 'warn' | 'error';
  * with un-anchored alternations was sloppy enough to invite future bugs).
  *
  * Examples:
- *   OP_UI_TOKEN     → sensitive (suffix _TOKEN)
+ *   OP_UI_LOGIN_PASSWORD → sensitive (suffix _PASSWORD)
  *   CHANNEL_API_KEY    → sensitive (suffix _KEY)
  *   CHANNEL_FOO_HMAC   → sensitive (suffix _HMAC)
  *   HMAC_KEY           → sensitive (prefix HMAC_, suffix _KEY)

package/src/control-plane/admin-token.ts

@@ -1,73 +0,0 @@
-/**
- * Admin token file management.
- *
- * Token lives at {homeDir}/state/admin/token, mode 0600.
- * - ensureAdminToken: idempotent — skips write if file already exists and is non-empty.
- * - rotateAdminToken: overwrites unconditionally. Only called by `openpalm admin rotate-token`.
- *
- * Windows note: chmodSync(path, 0o600) is a no-op on Windows.
- * NFS/CIFS warning: mode bits are ignored on network shares. ensureAdminToken warns via console.
- */
-import { existsSync, mkdirSync, writeFileSync, chmodSync, readFileSync } from "node:fs";
-import { join } from "node:path";
-import { randomBytes } from "node:crypto";
-
-function getAdminStateDir(homeDir: string): string {
-  return join(homeDir, "state", "admin");
-}
-
-function generateToken(): string {
-  return randomBytes(32).toString("hex");
-}
-
-/**
- * Ensure an admin token file exists at {homeDir}/state/admin/token.
- * Idempotent: if the file already exists and is non-empty, returns the existing token.
- * Creates the directory if necessary. Sets mode 0600 (no-op on Windows).
- *
- * @param homeDir  The OP_HOME directory (e.g. ~/.openpalm)
- * @returns        The admin token (new or existing)
- */
-export function ensureAdminToken(homeDir: string): string {
-  const dir = getAdminStateDir(homeDir);
-  mkdirSync(dir, { recursive: true });
-
-  const tokenPath = join(dir, "token");
-
-  if (existsSync(tokenPath)) {
-    const existing = readFileSync(tokenPath, "utf8").trim();
-    if (existing.length > 0) return existing;
-  }
-
-  const token = generateToken();
-  writeFileSync(tokenPath, token, { encoding: "utf8", mode: 0o600 });
-  try {
-    // Some platforms require a separate chmod call to enforce the mode.
-    chmodSync(tokenPath, 0o600);
-  } catch {
-    // Windows — ignore silently
-  }
-  return token;
-}
-
-/**
- * Rotate the admin token. Overwrites the token file unconditionally.
- * Only call this from `openpalm admin rotate-token`.
- *
- * @param homeDir  The OP_HOME directory
- * @returns        The new admin token
- */
-export function rotateAdminToken(homeDir: string): string {
-  const dir = getAdminStateDir(homeDir);
-  mkdirSync(dir, { recursive: true });
-
-  const tokenPath = join(dir, "token");
-  const token = generateToken();
-  writeFileSync(tokenPath, token, { encoding: "utf8", mode: 0o600 });
-  try {
-    chmodSync(tokenPath, 0o600);
-  } catch {
-    // Windows — ignore silently
-  }
-  return token;
-}

package/src/control-plane/audit.ts

@@ -1,41 +0,0 @@
-/**
- * Audit logging for the OpenPalm control plane.
- */
-import { mkdirSync, appendFileSync } from "node:fs";
-import type { ControlPlaneState, AuditEntry, CallerType } from "./types.js";
-
-const MAX_AUDIT_MEMORY = 1000;
-
-export function appendAudit(
-  state: ControlPlaneState,
-  actor: string,
-  action: string,
-  args: Record<string, unknown>,
-  ok: boolean,
-  requestId = "",
-  callerType: CallerType = "unknown"
-): void {
-  const entry: AuditEntry = {
-    at: new Date().toISOString(),
-    requestId,
-    actor,
-    callerType,
-    action,
-    args,
-    ok
-  };
-  state.audit.push(entry);
-  if (state.audit.length > MAX_AUDIT_MEMORY) {
-    state.audit = state.audit.slice(-MAX_AUDIT_MEMORY);
-  }
-  try {
-    const logsDir = `${state.stateDir}/logs`;
-    mkdirSync(logsDir, { recursive: true });
-    appendFileSync(
-      `${logsDir}/admin-audit.jsonl`,
-      JSON.stringify(entry) + "\n"
-    );
-  } catch {
-    // best-effort persistence
-  }
-}

package/src/control-plane/lock.test.ts

@@ -1,194 +0,0 @@
-/**
- * Tests for orchestrator lock — acquisition, contention, stale cleanup,
- * corrupt file handling, release, and idempotent release.
- */
-import { describe, it, expect, beforeEach, afterEach } from "bun:test";
-import { mkdirSync, mkdtempSync, rmSync, writeFileSync, existsSync, readFileSync } from "node:fs";
-import { join } from "node:path";
-import { tmpdir } from "node:os";
-import {
-  acquireLock,
-  releaseLock,
-  lockPath,
-  LockAcquisitionError,
-} from "./lock.js";
-import type { LockHandle, LockInfo } from "./lock.js";
-
-let opHome: string;
-
-beforeEach(() => {
-  opHome = mkdtempSync(join(tmpdir(), "lock-test-"));
-  mkdirSync(join(opHome, "data"), { recursive: true });
-});
-
-afterEach(() => {
-  rmSync(opHome, { recursive: true, force: true });
-});
-
-// ── Acquisition ──────────────────────────────────────────────────────────
-
-describe("acquireLock", () => {
-  it("creates a lock file with correct JSON content", () => {
-    const handle = acquireLock(opHome, "install");
-    expect(existsSync(handle.path)).toBe(true);
-
-    const content = JSON.parse(readFileSync(handle.path, "utf-8"));
-    expect(content.pid).toBe(process.pid);
-    expect(content.operation).toBe("install");
-    expect(typeof content.acquiredAt).toBe("string");
-
-    releaseLock(handle);
-  });
-
-  it("returns a handle with correct info", () => {
-    const handle = acquireLock(opHome, "update");
-    expect(handle.info.pid).toBe(process.pid);
-    expect(handle.info.operation).toBe("update");
-    expect(handle.path).toBe(lockPath(opHome));
-
-    releaseLock(handle);
-  });
-
-  it("places lock at {opHome}/data/.openpalm.lock", () => {
-    const handle = acquireLock(opHome, "test");
-    expect(handle.path).toBe(join(opHome, "data", ".openpalm.lock"));
-    releaseLock(handle);
-  });
-});
-
-// ── Contention ───────────────────────────────────────────────────────────
-
-describe("contention", () => {
-  it("throws LockAcquisitionError when lock is already held by this process", () => {
-    const handle = acquireLock(opHome, "install");
-
-    try {
-      expect(() => acquireLock(opHome, "update")).toThrow(LockAcquisitionError);
-    } finally {
-      releaseLock(handle);
-    }
-  });
-
-  it("error includes holder details", () => {
-    const handle = acquireLock(opHome, "install");
-
-    try {
-      acquireLock(opHome, "update");
-      expect.unreachable("should have thrown");
-    } catch (err) {
-      expect(err).toBeInstanceOf(LockAcquisitionError);
-      const lockErr = err as LockAcquisitionError;
-      expect(lockErr.holder.pid).toBe(process.pid);
-      expect(lockErr.holder.operation).toBe("install");
-    } finally {
-      releaseLock(handle);
-    }
-  });
-});
-
-// ── Stale PID cleanup ────────────────────────────────────────────────────
-
-describe("stale PID cleanup", () => {
-  it("cleans up stale lock from a dead PID and acquires", () => {
-    // Write a lock file with a PID that does not exist
-    const stalePid = 99999999; // Very unlikely to be a real process
-    const staleInfo: LockInfo = {
-      pid: stalePid,
-      operation: "old-install",
-      acquiredAt: "2020-01-01T00:00:00.000Z",
-    };
-    writeFileSync(lockPath(opHome), JSON.stringify(staleInfo) + "\n");
-
-    // Should succeed because the PID is dead
-    const handle = acquireLock(opHome, "new-install");
-    expect(handle.info.pid).toBe(process.pid);
-    expect(handle.info.operation).toBe("new-install");
-
-    releaseLock(handle);
-  });
-});
-
-// ── Corrupt file handling ────────────────────────────────────────────────
-
-describe("corrupt lock file", () => {
-  it("recovers from a corrupt lock file", () => {
-    writeFileSync(lockPath(opHome), "not valid json{{{");
-
-    const handle = acquireLock(opHome, "install");
-    expect(handle.info.pid).toBe(process.pid);
-
-    releaseLock(handle);
-  });
-
-  it("recovers from an empty lock file", () => {
-    writeFileSync(lockPath(opHome), "");
-
-    const handle = acquireLock(opHome, "install");
-    expect(handle.info.pid).toBe(process.pid);
-
-    releaseLock(handle);
-  });
-
-  it("recovers from a lock file with missing fields", () => {
-    writeFileSync(lockPath(opHome), JSON.stringify({ pid: 1 }));
-
-    const handle = acquireLock(opHome, "install");
-    expect(handle.info.pid).toBe(process.pid);
-
-    releaseLock(handle);
-  });
-});
-
-// ── Release ──────────────────────────────────────────────────────────────
-
-describe("releaseLock", () => {
-  it("removes the lock file", () => {
-    const handle = acquireLock(opHome, "install");
-    expect(existsSync(handle.path)).toBe(true);
-
-    releaseLock(handle);
-    expect(existsSync(handle.path)).toBe(false);
-  });
-
-  it("is idempotent — second release is a no-op", () => {
-    const handle = acquireLock(opHome, "install");
-    releaseLock(handle);
-    expect(existsSync(handle.path)).toBe(false);
-
-    // Second release should not throw
-    releaseLock(handle);
-    expect(existsSync(handle.path)).toBe(false);
-  });
-
-  it("does not remove lock owned by a different PID", () => {
-    // Simulate a lock file owned by someone else
-    const otherInfo: LockInfo = {
-      pid: 99999999,
-      operation: "other",
-      acquiredAt: new Date().toISOString(),
-    };
-    writeFileSync(lockPath(opHome), JSON.stringify(otherInfo) + "\n");
-
-    // Create a handle that claims to own the lock
-    const fakeHandle: LockHandle = {
-      path: lockPath(opHome),
-      info: {
-        pid: process.pid, // Different from file content
-        operation: "mine",
-        acquiredAt: new Date().toISOString(),
-      },
-    };
-
-    releaseLock(fakeHandle);
-    // Lock file should still exist because PID doesn't match
-    expect(existsSync(lockPath(opHome))).toBe(true);
-  });
-});
-
-// ── lockPath ─────────────────────────────────────────────────────────────
-
-describe("lockPath", () => {
-  it("returns the correct path", () => {
-    expect(lockPath("/home/user/.openpalm")).toBe("/home/user/.openpalm/data/.openpalm.lock");
-  });
-});

package/src/control-plane/lock.ts

@@ -1,176 +0,0 @@
-/**
- * Orchestrator lock — prevents concurrent mutating operations.
- *
- * Uses O_CREAT | O_EXCL for atomic exclusive file creation.
- * Lock file lives at {dataDir}/.openpalm.lock containing JSON
- * with { pid, operation, acquiredAt }.
- *
- * Uses node:fs (not Bun) since lib must be Node-compatible for SvelteKit admin.
- */
-import { openSync, writeSync, closeSync, readFileSync, unlinkSync, mkdirSync, constants } from "node:fs";
-import { dirname } from "node:path";
-
-// ── Types ────────────────────────────────────────────────────────────────
-
-export type LockInfo = {
-  pid: number;
-  operation: string;
-  acquiredAt: string;
-};
-
-export type LockHandle = {
-  path: string;
-  info: LockInfo;
-};
-
-// ── Error ────────────────────────────────────────────────────────────────
-
-export class LockAcquisitionError extends Error {
-  public readonly holder: LockInfo;
-
-  constructor(holder: LockInfo) {
-    super(
-      `Cannot acquire lock: already held by PID ${holder.pid} ` +
-      `for "${holder.operation}" since ${holder.acquiredAt}`
-    );
-    this.name = "LockAcquisitionError";
-    this.holder = holder;
-  }
-}
-
-// ── Path ─────────────────────────────────────────────────────────────────
-
-export function lockPath(opHome: string): string {
-  return `${opHome}/data/.openpalm.lock`;
-}
-
-// ── Stale PID Detection ──────────────────────────────────────────────────
-
-function isProcessAlive(pid: number): boolean {
-  try {
-    process.kill(pid, 0);
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-// ── Read existing lock info ──────────────────────────────────────────────
-
-function readLockInfo(path: string): LockInfo | null {
-  try {
-    const content = readFileSync(path, "utf-8");
-    const parsed = JSON.parse(content);
-    if (
-      typeof parsed.pid === "number" &&
-      typeof parsed.operation === "string" &&
-      typeof parsed.acquiredAt === "string"
-    ) {
-      return parsed as LockInfo;
-    }
-    return null;
-  } catch {
-    return null;
-  }
-}
-
-// ── Acquire / Release ────────────────────────────────────────────────────
-
-export function acquireLock(opHome: string, operation: string): LockHandle {
-  const path = lockPath(opHome);
-  mkdirSync(dirname(path), { recursive: true });
-  const info: LockInfo = {
-    pid: process.pid,
-    operation,
-    acquiredAt: new Date().toISOString(),
-  };
-  const content = JSON.stringify(info) + "\n";
-
-  try {
-    // Atomic exclusive create — fails if file already exists
-    const fd = openSync(path, constants.O_WRONLY | constants.O_CREAT | constants.O_EXCL, 0o644);
-    try {
-      writeSync(fd, content);
-    } finally {
-      closeSync(fd);
-    }
-    return { path, info };
-  } catch (err: unknown) {
-    // File already exists — check if it's stale
-    if ((err as NodeJS.ErrnoException).code === "EEXIST") {
-      const existing = readLockInfo(path);
-
-      if (existing && !isProcessAlive(existing.pid)) {
-        // Stale lock — remove and retry once
-        try {
-          unlinkSync(path);
-        } catch {
-          // Race: another process already removed it; fall through to retry
-        }
-        // Retry acquisition
-        try {
-          const fd = openSync(path, constants.O_WRONLY | constants.O_CREAT | constants.O_EXCL, 0o644);
-          try {
-            writeSync(fd, content);
-          } finally {
-            closeSync(fd);
-          }
-          return { path, info };
-        } catch (retryErr: unknown) {
-          if ((retryErr as NodeJS.ErrnoException).code === "EEXIST") {
-            // Another process won the race — read the new holder
-            const newHolder = readLockInfo(path);
-            throw new LockAcquisitionError(
-              newHolder ?? { pid: 0, operation: "unknown", acquiredAt: "unknown" }
-            );
-          }
-          throw retryErr;
-        }
-      }
-
-      // Lock is held by a live process (or corrupt file — treat as held)
-      if (existing) {
-        throw new LockAcquisitionError(existing);
-      }
-
-      // Corrupt lock file — remove and retry
-      try {
-        unlinkSync(path);
-      } catch {
-        // ignore
-      }
-      try {
-        const fd = openSync(path, constants.O_WRONLY | constants.O_CREAT | constants.O_EXCL, 0o644);
-        try {
-          writeSync(fd, content);
-        } finally {
-          closeSync(fd);
-        }
-        return { path, info };
-      } catch (retryErr: unknown) {
-        if ((retryErr as NodeJS.ErrnoException).code === "EEXIST") {
-          const newHolder = readLockInfo(path);
-          throw new LockAcquisitionError(
-            newHolder ?? { pid: 0, operation: "unknown", acquiredAt: "unknown" }
-          );
-        }
-        throw retryErr;
-      }
-    }
-
-    throw err;
-  }
-}
-
-export function releaseLock(handle: LockHandle): void {
-  // Verify ownership before deleting — only remove if we still own it
-  const existing = readLockInfo(handle.path);
-  if (!existing) return; // Already gone — idempotent
-  if (existing.pid !== handle.info.pid) return; // Not ours — don't touch
-
-  try {
-    unlinkSync(handle.path);
-  } catch {
-    // Already removed — idempotent
-  }
-}