@openpalm/lib 0.11.0-beta.3 → 0.11.0-beta.6

package/src/control-plane/types.ts

@@ -8,8 +8,6 @@ export type CoreServiceName =
   | "assistant"
   | "guardian";
 
-export type OptionalServiceName = never;
-
 export type AccessScope = "host" | "lan";
 export type CallerType = "assistant" | "cli" | "ui" | "system" | "test" | "unknown";
 
@@ -51,5 +49,3 @@ export const CORE_SERVICES: CoreServiceName[] = [
   "guardian",
 ];
 
-export const OPTIONAL_SERVICES: OptionalServiceName[] = [];
-

package/src/control-plane/ui-assets.ts

@@ -12,7 +12,7 @@
  */
 import {
   existsSync, mkdirSync, readdirSync, copyFileSync,
-  writeFileSync, rmSync, realpathSync, renameSync,
+  readFileSync, writeFileSync, rmSync, realpathSync, renameSync,
 } from 'node:fs';
 import { join, dirname, relative } from 'node:path';
 import { fileURLToPath } from 'node:url';
@@ -156,7 +156,13 @@ export function resolveLocalUiBuild(): string | null {
     () => process.env.OPENPALM_REPO_ROOT
       ? join(process.env.OPENPALM_REPO_ROOT, 'packages', 'ui', 'build')
       : null,
-    // 2. Relative to this source file (dev / bun run)
+    // 2. Electron extraResources — ui-build/ is placed alongside the asar
+    () => {
+      const rp = (process as NodeJS.Process & { resourcesPath?: string }).resourcesPath;
+      if (!rp) return null;
+      return join(rp, 'ui-build');
+    },
+    // 3. Relative to this source file (dev / bun run)
     () => {
       const meta = fileURLToPath(import.meta.url);
       if (meta.startsWith('/$bunfs/')) return null;
@@ -164,7 +170,7 @@ export function resolveLocalUiBuild(): string | null {
       const candidate = join(dirname(meta), '..', '..', '..', '..', 'packages', 'ui', 'build');
       return existsSync(join(candidate, 'index.js')) ? candidate : null;
     },
-    // 3. Relative to compiled binary / Electron executable
+    // 4. Relative to compiled binary / Electron executable
     () => {
       const binDir = dirname(realpathSync(process.execPath));
       const candidate = join(binDir, '..', '..', '..', 'packages', 'ui', 'build');
@@ -173,17 +179,36 @@ export function resolveLocalUiBuild(): string | null {
   );
 }
 
+function readUiVersionFile(dir: string): string | null {
+  try { return readFileSync(join(dir, 'version.txt'), 'utf-8').trim(); } catch { return null; }
+}
+
 /**
  * Resolve the best available UI build directory at runtime.
  *
  * Priority:
- *   1. OP_HOME/state/ui/ — installed by seedUiBuild (production)
- *   2. Local packages/ui/build/ — dev / source install fallback
+ *   1. OP_HOME/state/ui/ — if its version.txt is NEWER than the bundled build
+ *   2. Bundled / local build (Electron extraResources, source checkout)
+ *   3. OP_HOME/state/ui/ — fallback when no bundled build exists
+ *
+ * This means GitHub-downloaded updates are applied automatically (disk wins
+ * when newer), but a fresh AppImage install always works without a download.
  */
 export function resolveUiBuildDir(): string {
   const stateBuild = join(resolveStateDir(), 'ui');
-  if (existsSync(join(stateBuild, 'index.js'))) return stateBuild;
-  return resolveLocalUiBuild() ?? stateBuild; // fall back even if missing (error surfaces later)
+  const localBuild = resolveLocalUiBuild();
+
+  if (existsSync(join(stateBuild, 'index.js')) && localBuild) {
+    const diskVer    = readUiVersionFile(stateBuild);
+    const bundledVer = readUiVersionFile(localBuild);
+    if (diskVer && bundledVer && compareVersionTags(diskVer, bundledVer) > 0) {
+      return stateBuild;
+    }
+    return localBuild;
+  }
+
+  if (localBuild) return localBuild;
+  return stateBuild;
 }
 
 /**
@@ -224,6 +249,7 @@ export async function seedUiBuild(repoRef: string, stateDir: string): Promise<vo
   if (local) {
     logger.debug('seeding UI build from local source', { src: local });
     copyTree(local, uiDir);
+    writeFileSync(join(uiDir, 'version.txt'), repoRef.replace(/^v/, ''));
     return;
   }
 
@@ -260,6 +286,7 @@ export async function seedUiBuild(repoRef: string, stateDir: string): Promise<vo
 
     // Cross-platform extraction via the `tar` npm package — no shell dependency
     await tarExtract({ file: tmpTar, cwd: uiDir, strip: 1 });
+    writeFileSync(join(uiDir, 'version.txt'), repoRef.replace(/^v/, ''));
   } finally {
     rmSync(tmpTar, { force: true });
   }

package/src/index.ts

@@ -25,14 +25,12 @@ export {
 export type {
   ControlPlaneState,
   CoreServiceName,
-  OptionalServiceName,
   ChannelInfo,
   CallerType,
   ArtifactMeta,
 } from "./control-plane/types.js";
 export {
   CORE_SERVICES,
-  OPTIONAL_SERVICES,
 } from "./control-plane/types.js";
 
 // ── Backups ───────────────────────────────────────────────────────────────
@@ -44,6 +42,7 @@ export {
 export type {
   AddonMutationResult,
   AddonProfile,
+  AddonProfileAvailability,
   RegistryAutomationEntry,
   RegistryComponentEntry,
   RegistryAddonConfig,
@@ -59,12 +58,12 @@ export {
   getRegistryAddonConfig,
   getAddonServiceNames,
   getAddonProfiles,
+  getAddonProfileAvailability,
+  annotateAddonProfileAvailability,
   getAddonProfileSelection,
   setAddonProfileSelection,
   listAvailableAddonIds,
   listEnabledAddonIds,
-  enableAddon,
-  disableAddonByName,
   setAddonEnabled,
   installAutomationFromRegistry,
   uninstallAutomation,
@@ -116,11 +115,6 @@ export {
 } from "./control-plane/secrets.js";
 export { migrateAuth0110 } from "./control-plane/migrate-0110.js";
 export type { MigrateAuth0110Result } from "./control-plane/migrate-0110.js";
-export {
-  detectSecretBackend,
-  validatePassEntryName,
-} from "./control-plane/secret-backend.js";
-export type { SecretBackend } from "./control-plane/secret-backend.js";
 // ── Setup Status ────────────────────────────────────────────────────────
 export {
   isSetupComplete,
@@ -149,6 +143,7 @@ export {
   ensureOpenCodeSystemConfig,
   refreshCoreAssets,
   seedStashAssets,
+  seedAssistantPersonaFiles,
 } from "./control-plane/core-assets.js";
 
 // ── Configuration Persistence ────────────────────────────────────────────
@@ -259,6 +254,13 @@ export {
   writeVoiceVars,
 } from "./control-plane/spec-to-env.js";
 
+// ── Operator UID/GID Detection ──────────────────────────────────────────
+export type { OperatorIds } from "./control-plane/operator-ids.js";
+export {
+  resolveOperatorIds,
+  hasUsableOperatorId,
+} from "./control-plane/operator-ids.js";
+
 // ── Setup ────────────────────────────────────────────────────────────────
 export type {
   SetupSpec,

package/src/logger.test.ts

@@ -34,7 +34,7 @@ describe('redactValue', () => {
   });
 
   test('leaves non-secret values alone', () => {
-    expect(redactValue('OWNER_NAME', 'alice')).toBe('alice');
+    expect(redactValue('OP_OWNER_NAME', 'alice')).toBe('alice');
     expect(redactValue('OP_HOME', '/openpalm')).toBe('/openpalm');
     expect(redactValue('OP_ASSISTANT_PORT', '3800')).toBe('3800');
   });
@@ -71,7 +71,7 @@ describe('isSensitiveEnvKey', () => {
   });
 
   test('returns false for ordinary keys', () => {
-    expect(isSensitiveEnvKey('OWNER_NAME')).toBe(false);
+    expect(isSensitiveEnvKey('OP_OWNER_NAME')).toBe(false);
     expect(isSensitiveEnvKey('OP_HOME')).toBe(false);
     expect(isSensitiveEnvKey('OP_ASSISTANT_PORT')).toBe(false);
   });
@@ -81,11 +81,11 @@ describe('redactExtra', () => {
   test('masks top-level secret string values', () => {
     const result = redactExtra({
       OPENAI_API_KEY: 'sk-abc',
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
     expect(result).toEqual({
       OPENAI_API_KEY: '***REDACTED***',
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
   });
 
@@ -93,13 +93,13 @@ describe('redactExtra', () => {
     const result = redactExtra({
       env: {
         OPENAI_API_KEY: 'sk-abc',
-        OWNER_NAME: 'alice',
+        OP_OWNER_NAME: 'alice',
       },
     });
     expect(result).toEqual({
       env: {
         OPENAI_API_KEY: '***REDACTED***',
-        OWNER_NAME: 'alice',
+        OP_OWNER_NAME: 'alice',
       },
     });
   });
@@ -108,13 +108,13 @@ describe('redactExtra', () => {
     const result = redactExtra({
       items: [
         { OPENAI_API_KEY: 'sk-1' },
-        { OWNER_NAME: 'bob' },
+        { OP_OWNER_NAME: 'bob' },
       ],
     });
     expect(result).toEqual({
       items: [
         { OPENAI_API_KEY: '***REDACTED***' },
-        { OWNER_NAME: 'bob' },
+        { OP_OWNER_NAME: 'bob' },
       ],
     });
   });
@@ -129,12 +129,12 @@ describe('redactExtra', () => {
     const result = redactExtra({
       OP_UI_TOKEN: 12345,
       OPENAI_API_KEY: true,
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
     expect(result).toEqual({
       OP_UI_TOKEN: '***REDACTED***',
       OPENAI_API_KEY: '***REDACTED***',
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
   });
 
@@ -181,10 +181,10 @@ describe('createLogger', () => {
 
   test('redacts sensitive keys in the extra payload before writing the log line', () => {
     const logger = createLogger('test');
-    logger.info('msg', { OPENAI_API_KEY: 'sk-leak', OWNER_NAME: 'alice' });
+    logger.info('msg', { OPENAI_API_KEY: 'sk-leak', OP_OWNER_NAME: 'alice' });
     expect(logged.length).toBe(1);
     expect(logged[0]).toContain('"OPENAI_API_KEY":"***REDACTED***"');
-    expect(logged[0]).toContain('"OWNER_NAME":"alice"');
+    expect(logged[0]).toContain('"OP_OWNER_NAME":"alice"');
     expect(logged[0]).not.toContain('sk-leak');
   });
 

package/src/control-plane/admin-token.ts

@@ -1,73 +0,0 @@
-/**
- * Admin token file management.
- *
- * Token lives at {homeDir}/state/admin/token, mode 0600.
- * - ensureAdminToken: idempotent — skips write if file already exists and is non-empty.
- * - rotateAdminToken: overwrites unconditionally. Only called by `openpalm admin rotate-token`.
- *
- * Windows note: chmodSync(path, 0o600) is a no-op on Windows.
- * NFS/CIFS warning: mode bits are ignored on network shares. ensureAdminToken warns via console.
- */
-import { existsSync, mkdirSync, writeFileSync, chmodSync, readFileSync } from "node:fs";
-import { join } from "node:path";
-import { randomBytes } from "node:crypto";
-
-function getAdminStateDir(homeDir: string): string {
-  return join(homeDir, "state", "admin");
-}
-
-function generateToken(): string {
-  return randomBytes(32).toString("hex");
-}
-
-/**
- * Ensure an admin token file exists at {homeDir}/state/admin/token.
- * Idempotent: if the file already exists and is non-empty, returns the existing token.
- * Creates the directory if necessary. Sets mode 0600 (no-op on Windows).
- *
- * @param homeDir  The OP_HOME directory (e.g. ~/.openpalm)
- * @returns        The admin token (new or existing)
- */
-export function ensureAdminToken(homeDir: string): string {
-  const dir = getAdminStateDir(homeDir);
-  mkdirSync(dir, { recursive: true });
-
-  const tokenPath = join(dir, "token");
-
-  if (existsSync(tokenPath)) {
-    const existing = readFileSync(tokenPath, "utf8").trim();
-    if (existing.length > 0) return existing;
-  }
-
-  const token = generateToken();
-  writeFileSync(tokenPath, token, { encoding: "utf8", mode: 0o600 });
-  try {
-    // Some platforms require a separate chmod call to enforce the mode.
-    chmodSync(tokenPath, 0o600);
-  } catch {
-    // Windows — ignore silently
-  }
-  return token;
-}
-
-/**
- * Rotate the admin token. Overwrites the token file unconditionally.
- * Only call this from `openpalm admin rotate-token`.
- *
- * @param homeDir  The OP_HOME directory
- * @returns        The new admin token
- */
-export function rotateAdminToken(homeDir: string): string {
-  const dir = getAdminStateDir(homeDir);
-  mkdirSync(dir, { recursive: true });
-
-  const tokenPath = join(dir, "token");
-  const token = generateToken();
-  writeFileSync(tokenPath, token, { encoding: "utf8", mode: 0o600 });
-  try {
-    chmodSync(tokenPath, 0o600);
-  } catch {
-    // Windows — ignore silently
-  }
-  return token;
-}

package/src/control-plane/lock.test.ts

@@ -1,194 +0,0 @@
-/**
- * Tests for orchestrator lock — acquisition, contention, stale cleanup,
- * corrupt file handling, release, and idempotent release.
- */
-import { describe, it, expect, beforeEach, afterEach } from "bun:test";
-import { mkdirSync, mkdtempSync, rmSync, writeFileSync, existsSync, readFileSync } from "node:fs";
-import { join } from "node:path";
-import { tmpdir } from "node:os";
-import {
-  acquireLock,
-  releaseLock,
-  lockPath,
-  LockAcquisitionError,
-} from "./lock.js";
-import type { LockHandle, LockInfo } from "./lock.js";
-
-let opHome: string;
-
-beforeEach(() => {
-  opHome = mkdtempSync(join(tmpdir(), "lock-test-"));
-  mkdirSync(join(opHome, "data"), { recursive: true });
-});
-
-afterEach(() => {
-  rmSync(opHome, { recursive: true, force: true });
-});
-
-// ── Acquisition ──────────────────────────────────────────────────────────
-
-describe("acquireLock", () => {
-  it("creates a lock file with correct JSON content", () => {
-    const handle = acquireLock(opHome, "install");
-    expect(existsSync(handle.path)).toBe(true);
-
-    const content = JSON.parse(readFileSync(handle.path, "utf-8"));
-    expect(content.pid).toBe(process.pid);
-    expect(content.operation).toBe("install");
-    expect(typeof content.acquiredAt).toBe("string");
-
-    releaseLock(handle);
-  });
-
-  it("returns a handle with correct info", () => {
-    const handle = acquireLock(opHome, "update");
-    expect(handle.info.pid).toBe(process.pid);
-    expect(handle.info.operation).toBe("update");
-    expect(handle.path).toBe(lockPath(opHome));
-
-    releaseLock(handle);
-  });
-
-  it("places lock at {opHome}/data/.openpalm.lock", () => {
-    const handle = acquireLock(opHome, "test");
-    expect(handle.path).toBe(join(opHome, "data", ".openpalm.lock"));
-    releaseLock(handle);
-  });
-});
-
-// ── Contention ───────────────────────────────────────────────────────────
-
-describe("contention", () => {
-  it("throws LockAcquisitionError when lock is already held by this process", () => {
-    const handle = acquireLock(opHome, "install");
-
-    try {
-      expect(() => acquireLock(opHome, "update")).toThrow(LockAcquisitionError);
-    } finally {
-      releaseLock(handle);
-    }
-  });
-
-  it("error includes holder details", () => {
-    const handle = acquireLock(opHome, "install");
-
-    try {
-      acquireLock(opHome, "update");
-      expect.unreachable("should have thrown");
-    } catch (err) {
-      expect(err).toBeInstanceOf(LockAcquisitionError);
-      const lockErr = err as LockAcquisitionError;
-      expect(lockErr.holder.pid).toBe(process.pid);
-      expect(lockErr.holder.operation).toBe("install");
-    } finally {
-      releaseLock(handle);
-    }
-  });
-});
-
-// ── Stale PID cleanup ────────────────────────────────────────────────────
-
-describe("stale PID cleanup", () => {
-  it("cleans up stale lock from a dead PID and acquires", () => {
-    // Write a lock file with a PID that does not exist
-    const stalePid = 99999999; // Very unlikely to be a real process
-    const staleInfo: LockInfo = {
-      pid: stalePid,
-      operation: "old-install",
-      acquiredAt: "2020-01-01T00:00:00.000Z",
-    };
-    writeFileSync(lockPath(opHome), JSON.stringify(staleInfo) + "\n");
-
-    // Should succeed because the PID is dead
-    const handle = acquireLock(opHome, "new-install");
-    expect(handle.info.pid).toBe(process.pid);
-    expect(handle.info.operation).toBe("new-install");
-
-    releaseLock(handle);
-  });
-});
-
-// ── Corrupt file handling ────────────────────────────────────────────────
-
-describe("corrupt lock file", () => {
-  it("recovers from a corrupt lock file", () => {
-    writeFileSync(lockPath(opHome), "not valid json{{{");
-
-    const handle = acquireLock(opHome, "install");
-    expect(handle.info.pid).toBe(process.pid);
-
-    releaseLock(handle);
-  });
-
-  it("recovers from an empty lock file", () => {
-    writeFileSync(lockPath(opHome), "");
-
-    const handle = acquireLock(opHome, "install");
-    expect(handle.info.pid).toBe(process.pid);
-
-    releaseLock(handle);
-  });
-
-  it("recovers from a lock file with missing fields", () => {
-    writeFileSync(lockPath(opHome), JSON.stringify({ pid: 1 }));
-
-    const handle = acquireLock(opHome, "install");
-    expect(handle.info.pid).toBe(process.pid);
-
-    releaseLock(handle);
-  });
-});
-
-// ── Release ──────────────────────────────────────────────────────────────
-
-describe("releaseLock", () => {
-  it("removes the lock file", () => {
-    const handle = acquireLock(opHome, "install");
-    expect(existsSync(handle.path)).toBe(true);
-
-    releaseLock(handle);
-    expect(existsSync(handle.path)).toBe(false);
-  });
-
-  it("is idempotent — second release is a no-op", () => {
-    const handle = acquireLock(opHome, "install");
-    releaseLock(handle);
-    expect(existsSync(handle.path)).toBe(false);
-
-    // Second release should not throw
-    releaseLock(handle);
-    expect(existsSync(handle.path)).toBe(false);
-  });
-
-  it("does not remove lock owned by a different PID", () => {
-    // Simulate a lock file owned by someone else
-    const otherInfo: LockInfo = {
-      pid: 99999999,
-      operation: "other",
-      acquiredAt: new Date().toISOString(),
-    };
-    writeFileSync(lockPath(opHome), JSON.stringify(otherInfo) + "\n");
-
-    // Create a handle that claims to own the lock
-    const fakeHandle: LockHandle = {
-      path: lockPath(opHome),
-      info: {
-        pid: process.pid, // Different from file content
-        operation: "mine",
-        acquiredAt: new Date().toISOString(),
-      },
-    };
-
-    releaseLock(fakeHandle);
-    // Lock file should still exist because PID doesn't match
-    expect(existsSync(lockPath(opHome))).toBe(true);
-  });
-});
-
-// ── lockPath ─────────────────────────────────────────────────────────────
-
-describe("lockPath", () => {
-  it("returns the correct path", () => {
-    expect(lockPath("/home/user/.openpalm")).toBe("/home/user/.openpalm/data/.openpalm.lock");
-  });
-});