@openpalm/lib 0.11.0-beta.3 → 0.11.0-beta.7

package/src/control-plane/spec-to-env.ts

@@ -9,6 +9,7 @@ import type { StackSpec } from "./stack-spec.js";
 import { SPEC_DEFAULTS } from "./stack-spec.js";
 import { existsSync, readFileSync, writeFileSync } from "node:fs";
 import { mergeEnvContent } from "./env.js";
+import { resolveOperatorIds } from "./operator-ids.js";
 
 /**
  * Derive the system.env key-value pairs from the StackSpec.
@@ -18,9 +19,6 @@ export function deriveSystemEnvFromSpec(
   spec: StackSpec,
   homeDir: string,
 ): Record<string, string> {
-  const uid = typeof process.getuid === "function" ? (process.getuid() ?? 1000) : 1000;
-  const gid = typeof process.getgid === "function" ? (process.getgid() ?? 1000) : 1000;
-
   const ports = SPEC_DEFAULTS.ports;
   const image = SPEC_DEFAULTS.image;
 
@@ -28,17 +26,25 @@ export function deriveSystemEnvFromSpec(
 
   // Paths
   result["OP_HOME"] = homeDir;
-  result["OP_UID"] = String(uid);
-  result["OP_GID"] = String(gid);
+
+  // Operator UID/GID — auto-detect from OP_HOME owner (or process UID
+  // as fallback). Skipped on Windows where containers run in WSL2 and
+  // OP_UID has no meaning on the host process.
+  const ids = resolveOperatorIds(homeDir);
+  if (ids) {
+    result["OP_UID"] = String(ids.uid);
+    result["OP_GID"] = String(ids.gid);
+  }
   // Image
   result["OP_IMAGE_NAMESPACE"] = image.namespace;
   result["OP_IMAGE_TAG"] = image.tag;
 
-  // Ports
+  // Ports — only the services that publish to the host. Guardian is
+  // network-only (no host port mapping) so OP_GUARDIAN_PORT is no longer
+  // emitted; channels reach it via Docker DNS at http://guardian:8080.
   result["OP_ASSISTANT_PORT"] = String(ports.assistant);
   result["OP_ADMIN_PORT"] = String(ports.admin);
   result["OP_ADMIN_OPENCODE_PORT"] = String(ports.adminOpencode);
-  result["OP_GUARDIAN_PORT"] = String(ports.guardian);
   result["OP_ASSISTANT_SSH_PORT"] = String(ports.assistantSsh);
 
   void spec; // spec reserved for future use; ports/image come from SPEC_DEFAULTS
@@ -79,20 +85,25 @@ export function writeVoiceVars(config: VoiceVarsConfig, stackDir: string): void
   const base = existsSync(stackEnvPath) ? readFileSync(stackEnvPath, "utf-8") : "";
   const vars: Record<string, string> = {};
 
+  // OP_ prefix is mandatory: unprefixed TTS_*/STT_* names collide with
+  // other tooling (OpenAI clients, kokoro-fastapi, etc.) commonly set in
+  // operator shells. The UI server only reads OP_-prefixed vars from
+  // process.env, so a leaked host TTS_VOICE can't silently override the
+  // saved selection.
   const { tts, stt } = config;
   if (tts?.enabled !== false) {
-    if (tts?.engine) vars["TTS_ENGINE"] = tts.engine;
-    if (tts?.provider) vars["TTS_PROVIDER"] = tts.provider;
-    if (tts?.baseURL) vars["TTS_BASE_URL"] = tts.baseURL;
-    if (tts?.model) vars["TTS_MODEL"] = tts.model;
-    if (tts?.voice) vars["TTS_VOICE"] = tts.voice;
+    if (tts?.engine) vars["OP_TTS_ENGINE"] = tts.engine;
+    if (tts?.provider) vars["OP_TTS_PROVIDER"] = tts.provider;
+    if (tts?.baseURL) vars["OP_TTS_BASE_URL"] = tts.baseURL;
+    if (tts?.model) vars["OP_TTS_MODEL"] = tts.model;
+    if (tts?.voice) vars["OP_TTS_VOICE"] = tts.voice;
   }
   if (stt?.enabled !== false) {
-    if (stt?.engine) vars["STT_ENGINE"] = stt.engine;
-    if (stt?.provider) vars["STT_PROVIDER"] = stt.provider;
-    if (stt?.baseURL) vars["STT_BASE_URL"] = stt.baseURL;
-    if (stt?.model) vars["STT_MODEL"] = stt.model;
-    if (stt?.language) vars["STT_LANGUAGE"] = stt.language;
+    if (stt?.engine) vars["OP_STT_ENGINE"] = stt.engine;
+    if (stt?.provider) vars["OP_STT_PROVIDER"] = stt.provider;
+    if (stt?.baseURL) vars["OP_STT_BASE_URL"] = stt.baseURL;
+    if (stt?.model) vars["OP_STT_MODEL"] = stt.model;
+    if (stt?.language) vars["OP_STT_LANGUAGE"] = stt.language;
   }
 
   if (Object.keys(vars).length === 0) return;

package/src/control-plane/types.ts

@@ -8,8 +8,6 @@ export type CoreServiceName =
   | "assistant"
   | "guardian";
 
-export type OptionalServiceName = never;
-
 export type AccessScope = "host" | "lan";
 export type CallerType = "assistant" | "cli" | "ui" | "system" | "test" | "unknown";
 
@@ -51,5 +49,3 @@ export const CORE_SERVICES: CoreServiceName[] = [
   "guardian",
 ];
 
-export const OPTIONAL_SERVICES: OptionalServiceName[] = [];
-

package/src/control-plane/ui-assets.ts

@@ -12,7 +12,7 @@
  */
 import {
   existsSync, mkdirSync, readdirSync, copyFileSync,
-  writeFileSync, rmSync, realpathSync, renameSync,
+  readFileSync, writeFileSync, rmSync, realpathSync, renameSync,
 } from 'node:fs';
 import { join, dirname, relative } from 'node:path';
 import { fileURLToPath } from 'node:url';
@@ -156,7 +156,13 @@ export function resolveLocalUiBuild(): string | null {
     () => process.env.OPENPALM_REPO_ROOT
       ? join(process.env.OPENPALM_REPO_ROOT, 'packages', 'ui', 'build')
       : null,
-    // 2. Relative to this source file (dev / bun run)
+    // 2. Electron extraResources — ui-build/ is placed alongside the asar
+    () => {
+      const rp = (process as NodeJS.Process & { resourcesPath?: string }).resourcesPath;
+      if (!rp) return null;
+      return join(rp, 'ui-build');
+    },
+    // 3. Relative to this source file (dev / bun run)
     () => {
       const meta = fileURLToPath(import.meta.url);
       if (meta.startsWith('/$bunfs/')) return null;
@@ -164,7 +170,7 @@ export function resolveLocalUiBuild(): string | null {
       const candidate = join(dirname(meta), '..', '..', '..', '..', 'packages', 'ui', 'build');
       return existsSync(join(candidate, 'index.js')) ? candidate : null;
     },
-    // 3. Relative to compiled binary / Electron executable
+    // 4. Relative to compiled binary / Electron executable
     () => {
       const binDir = dirname(realpathSync(process.execPath));
       const candidate = join(binDir, '..', '..', '..', 'packages', 'ui', 'build');
@@ -173,17 +179,36 @@ export function resolveLocalUiBuild(): string | null {
   );
 }
 
+function readUiVersionFile(dir: string): string | null {
+  try { return readFileSync(join(dir, 'version.txt'), 'utf-8').trim(); } catch { return null; }
+}
+
 /**
  * Resolve the best available UI build directory at runtime.
  *
  * Priority:
- *   1. OP_HOME/state/ui/ — installed by seedUiBuild (production)
- *   2. Local packages/ui/build/ — dev / source install fallback
+ *   1. OP_HOME/state/ui/ — if its version.txt is NEWER than the bundled build
+ *   2. Bundled / local build (Electron extraResources, source checkout)
+ *   3. OP_HOME/state/ui/ — fallback when no bundled build exists
+ *
+ * This means GitHub-downloaded updates are applied automatically (disk wins
+ * when newer), but a fresh AppImage install always works without a download.
  */
 export function resolveUiBuildDir(): string {
   const stateBuild = join(resolveStateDir(), 'ui');
-  if (existsSync(join(stateBuild, 'index.js'))) return stateBuild;
-  return resolveLocalUiBuild() ?? stateBuild; // fall back even if missing (error surfaces later)
+  const localBuild = resolveLocalUiBuild();
+
+  if (existsSync(join(stateBuild, 'index.js')) && localBuild) {
+    const diskVer    = readUiVersionFile(stateBuild);
+    const bundledVer = readUiVersionFile(localBuild);
+    if (diskVer && bundledVer && compareVersionTags(diskVer, bundledVer) > 0) {
+      return stateBuild;
+    }
+    return localBuild;
+  }
+
+  if (localBuild) return localBuild;
+  return stateBuild;
 }
 
 /**
@@ -216,14 +241,21 @@ function parseChecksumsFile(content: string): Map<string, string> {
   return map;
 }
 
-export async function seedUiBuild(repoRef: string, stateDir: string): Promise<void> {
+export function readCurrentUiBuildVersion(stateDir: string): string | null {
+  const versionFile = join(stateDir, 'ui', 'version.txt');
+  if (!existsSync(versionFile)) return null;
+  return readFileSync(versionFile, 'utf-8').trim() || null;
+}
+
+export async function seedUiBuild(repoRef: string, stateDir: string, options?: { forceRemote?: boolean }): Promise<void> {
   const uiDir = join(stateDir, 'ui');
   mkdirSync(uiDir, { recursive: true });
 
-  const local = resolveLocalUiBuild();
+  const local = options?.forceRemote ? null : resolveLocalUiBuild();
   if (local) {
     logger.debug('seeding UI build from local source', { src: local });
     copyTree(local, uiDir);
+    writeFileSync(join(uiDir, 'version.txt'), repoRef.replace(/^v/, ''));
     return;
   }
 
@@ -258,8 +290,12 @@ export async function seedUiBuild(repoRef: string, stateDir: string): Promise<vo
 
     writeFileSync(tmpTar, tarData);
 
+    // Clear stale files before extracting so old build files don't persist
+    rmSync(uiDir, { recursive: true, force: true });
+    mkdirSync(uiDir, { recursive: true });
     // Cross-platform extraction via the `tar` npm package — no shell dependency
     await tarExtract({ file: tmpTar, cwd: uiDir, strip: 1 });
+    writeFileSync(join(uiDir, 'version.txt'), repoRef.replace(/^v/, ''));
   } finally {
     rmSync(tmpTar, { force: true });
   }

package/src/index.ts

@@ -25,14 +25,12 @@ export {
 export type {
   ControlPlaneState,
   CoreServiceName,
-  OptionalServiceName,
   ChannelInfo,
   CallerType,
   ArtifactMeta,
 } from "./control-plane/types.js";
 export {
   CORE_SERVICES,
-  OPTIONAL_SERVICES,
 } from "./control-plane/types.js";
 
 // ── Backups ───────────────────────────────────────────────────────────────
@@ -44,6 +42,7 @@ export {
 export type {
   AddonMutationResult,
   AddonProfile,
+  AddonProfileAvailability,
   RegistryAutomationEntry,
   RegistryComponentEntry,
   RegistryAddonConfig,
@@ -59,12 +58,12 @@ export {
   getRegistryAddonConfig,
   getAddonServiceNames,
   getAddonProfiles,
+  getAddonProfileAvailability,
+  annotateAddonProfileAvailability,
   getAddonProfileSelection,
   setAddonProfileSelection,
   listAvailableAddonIds,
   listEnabledAddonIds,
-  enableAddon,
-  disableAddonByName,
   setAddonEnabled,
   installAutomationFromRegistry,
   uninstallAutomation,
@@ -116,11 +115,6 @@ export {
 } from "./control-plane/secrets.js";
 export { migrateAuth0110 } from "./control-plane/migrate-0110.js";
 export type { MigrateAuth0110Result } from "./control-plane/migrate-0110.js";
-export {
-  detectSecretBackend,
-  validatePassEntryName,
-} from "./control-plane/secret-backend.js";
-export type { SecretBackend } from "./control-plane/secret-backend.js";
 // ── Setup Status ────────────────────────────────────────────────────────
 export {
   isSetupComplete,
@@ -149,6 +143,7 @@ export {
   ensureOpenCodeSystemConfig,
   refreshCoreAssets,
   seedStashAssets,
+  seedAssistantPersonaFiles,
 } from "./control-plane/core-assets.js";
 
 // ── Configuration Persistence ────────────────────────────────────────────
@@ -186,6 +181,7 @@ export {
   applyUninstall,
   applyUpgrade,
   performUpgrade,
+  applyTagChange,
   updateStackEnvToLatestImageTag,
   buildComposeFileList,
   buildManagedServices,
@@ -259,6 +255,13 @@ export {
   writeVoiceVars,
 } from "./control-plane/spec-to-env.js";
 
+// ── Operator UID/GID Detection ──────────────────────────────────────────
+export type { OperatorIds } from "./control-plane/operator-ids.js";
+export {
+  resolveOperatorIds,
+  hasUsableOperatorId,
+} from "./control-plane/operator-ids.js";
+
 // ── Setup ────────────────────────────────────────────────────────────────
 export type {
   SetupSpec,
@@ -306,4 +309,5 @@ export {
   resolveUiBuildDir,
   seedUiBuild,
   checkAndUpdateUiBuild,
+  readCurrentUiBuildVersion,
 } from "./control-plane/ui-assets.js";

package/src/logger.test.ts

@@ -34,7 +34,7 @@ describe('redactValue', () => {
   });
 
   test('leaves non-secret values alone', () => {
-    expect(redactValue('OWNER_NAME', 'alice')).toBe('alice');
+    expect(redactValue('OP_OWNER_NAME', 'alice')).toBe('alice');
     expect(redactValue('OP_HOME', '/openpalm')).toBe('/openpalm');
     expect(redactValue('OP_ASSISTANT_PORT', '3800')).toBe('3800');
   });
@@ -71,7 +71,7 @@ describe('isSensitiveEnvKey', () => {
   });
 
   test('returns false for ordinary keys', () => {
-    expect(isSensitiveEnvKey('OWNER_NAME')).toBe(false);
+    expect(isSensitiveEnvKey('OP_OWNER_NAME')).toBe(false);
     expect(isSensitiveEnvKey('OP_HOME')).toBe(false);
     expect(isSensitiveEnvKey('OP_ASSISTANT_PORT')).toBe(false);
   });
@@ -81,11 +81,11 @@ describe('redactExtra', () => {
   test('masks top-level secret string values', () => {
     const result = redactExtra({
       OPENAI_API_KEY: 'sk-abc',
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
     expect(result).toEqual({
       OPENAI_API_KEY: '***REDACTED***',
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
   });
 
@@ -93,13 +93,13 @@ describe('redactExtra', () => {
     const result = redactExtra({
       env: {
         OPENAI_API_KEY: 'sk-abc',
-        OWNER_NAME: 'alice',
+        OP_OWNER_NAME: 'alice',
       },
     });
     expect(result).toEqual({
       env: {
         OPENAI_API_KEY: '***REDACTED***',
-        OWNER_NAME: 'alice',
+        OP_OWNER_NAME: 'alice',
       },
     });
   });
@@ -108,13 +108,13 @@ describe('redactExtra', () => {
     const result = redactExtra({
       items: [
         { OPENAI_API_KEY: 'sk-1' },
-        { OWNER_NAME: 'bob' },
+        { OP_OWNER_NAME: 'bob' },
       ],
     });
     expect(result).toEqual({
       items: [
         { OPENAI_API_KEY: '***REDACTED***' },
-        { OWNER_NAME: 'bob' },
+        { OP_OWNER_NAME: 'bob' },
       ],
     });
   });
@@ -129,12 +129,12 @@ describe('redactExtra', () => {
     const result = redactExtra({
       OP_UI_TOKEN: 12345,
       OPENAI_API_KEY: true,
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
     expect(result).toEqual({
       OP_UI_TOKEN: '***REDACTED***',
       OPENAI_API_KEY: '***REDACTED***',
-      OWNER_NAME: 'alice',
+      OP_OWNER_NAME: 'alice',
     });
   });
 
@@ -181,10 +181,10 @@ describe('createLogger', () => {
 
   test('redacts sensitive keys in the extra payload before writing the log line', () => {
     const logger = createLogger('test');
-    logger.info('msg', { OPENAI_API_KEY: 'sk-leak', OWNER_NAME: 'alice' });
+    logger.info('msg', { OPENAI_API_KEY: 'sk-leak', OP_OWNER_NAME: 'alice' });
     expect(logged.length).toBe(1);
     expect(logged[0]).toContain('"OPENAI_API_KEY":"***REDACTED***"');
-    expect(logged[0]).toContain('"OWNER_NAME":"alice"');
+    expect(logged[0]).toContain('"OP_OWNER_NAME":"alice"');
     expect(logged[0]).not.toContain('sk-leak');
   });
 

package/src/control-plane/admin-token.ts

@@ -1,73 +0,0 @@
-/**
- * Admin token file management.
- *
- * Token lives at {homeDir}/state/admin/token, mode 0600.
- * - ensureAdminToken: idempotent — skips write if file already exists and is non-empty.
- * - rotateAdminToken: overwrites unconditionally. Only called by `openpalm admin rotate-token`.
- *
- * Windows note: chmodSync(path, 0o600) is a no-op on Windows.
- * NFS/CIFS warning: mode bits are ignored on network shares. ensureAdminToken warns via console.
- */
-import { existsSync, mkdirSync, writeFileSync, chmodSync, readFileSync } from "node:fs";
-import { join } from "node:path";
-import { randomBytes } from "node:crypto";
-
-function getAdminStateDir(homeDir: string): string {
-  return join(homeDir, "state", "admin");
-}
-
-function generateToken(): string {
-  return randomBytes(32).toString("hex");
-}
-
-/**
- * Ensure an admin token file exists at {homeDir}/state/admin/token.
- * Idempotent: if the file already exists and is non-empty, returns the existing token.
- * Creates the directory if necessary. Sets mode 0600 (no-op on Windows).
- *
- * @param homeDir  The OP_HOME directory (e.g. ~/.openpalm)
- * @returns        The admin token (new or existing)
- */
-export function ensureAdminToken(homeDir: string): string {
-  const dir = getAdminStateDir(homeDir);
-  mkdirSync(dir, { recursive: true });
-
-  const tokenPath = join(dir, "token");
-
-  if (existsSync(tokenPath)) {
-    const existing = readFileSync(tokenPath, "utf8").trim();
-    if (existing.length > 0) return existing;
-  }
-
-  const token = generateToken();
-  writeFileSync(tokenPath, token, { encoding: "utf8", mode: 0o600 });
-  try {
-    // Some platforms require a separate chmod call to enforce the mode.
-    chmodSync(tokenPath, 0o600);
-  } catch {
-    // Windows — ignore silently
-  }
-  return token;
-}
-
-/**
- * Rotate the admin token. Overwrites the token file unconditionally.
- * Only call this from `openpalm admin rotate-token`.
- *
- * @param homeDir  The OP_HOME directory
- * @returns        The new admin token
- */
-export function rotateAdminToken(homeDir: string): string {
-  const dir = getAdminStateDir(homeDir);
-  mkdirSync(dir, { recursive: true });
-
-  const tokenPath = join(dir, "token");
-  const token = generateToken();
-  writeFileSync(tokenPath, token, { encoding: "utf8", mode: 0o600 });
-  try {
-    chmodSync(tokenPath, 0o600);
-  } catch {
-    // Windows — ignore silently
-  }
-  return token;
-}

package/src/control-plane/lock.test.ts

@@ -1,194 +0,0 @@
-/**
- * Tests for orchestrator lock — acquisition, contention, stale cleanup,
- * corrupt file handling, release, and idempotent release.
- */
-import { describe, it, expect, beforeEach, afterEach } from "bun:test";
-import { mkdirSync, mkdtempSync, rmSync, writeFileSync, existsSync, readFileSync } from "node:fs";
-import { join } from "node:path";
-import { tmpdir } from "node:os";
-import {
-  acquireLock,
-  releaseLock,
-  lockPath,
-  LockAcquisitionError,
-} from "./lock.js";
-import type { LockHandle, LockInfo } from "./lock.js";
-
-let opHome: string;
-
-beforeEach(() => {
-  opHome = mkdtempSync(join(tmpdir(), "lock-test-"));
-  mkdirSync(join(opHome, "data"), { recursive: true });
-});
-
-afterEach(() => {
-  rmSync(opHome, { recursive: true, force: true });
-});
-
-// ── Acquisition ──────────────────────────────────────────────────────────
-
-describe("acquireLock", () => {
-  it("creates a lock file with correct JSON content", () => {
-    const handle = acquireLock(opHome, "install");
-    expect(existsSync(handle.path)).toBe(true);
-
-    const content = JSON.parse(readFileSync(handle.path, "utf-8"));
-    expect(content.pid).toBe(process.pid);
-    expect(content.operation).toBe("install");
-    expect(typeof content.acquiredAt).toBe("string");
-
-    releaseLock(handle);
-  });
-
-  it("returns a handle with correct info", () => {
-    const handle = acquireLock(opHome, "update");
-    expect(handle.info.pid).toBe(process.pid);
-    expect(handle.info.operation).toBe("update");
-    expect(handle.path).toBe(lockPath(opHome));
-
-    releaseLock(handle);
-  });
-
-  it("places lock at {opHome}/data/.openpalm.lock", () => {
-    const handle = acquireLock(opHome, "test");
-    expect(handle.path).toBe(join(opHome, "data", ".openpalm.lock"));
-    releaseLock(handle);
-  });
-});
-
-// ── Contention ───────────────────────────────────────────────────────────
-
-describe("contention", () => {
-  it("throws LockAcquisitionError when lock is already held by this process", () => {
-    const handle = acquireLock(opHome, "install");
-
-    try {
-      expect(() => acquireLock(opHome, "update")).toThrow(LockAcquisitionError);
-    } finally {
-      releaseLock(handle);
-    }
-  });
-
-  it("error includes holder details", () => {
-    const handle = acquireLock(opHome, "install");
-
-    try {
-      acquireLock(opHome, "update");
-      expect.unreachable("should have thrown");
-    } catch (err) {
-      expect(err).toBeInstanceOf(LockAcquisitionError);
-      const lockErr = err as LockAcquisitionError;
-      expect(lockErr.holder.pid).toBe(process.pid);
-      expect(lockErr.holder.operation).toBe("install");
-    } finally {
-      releaseLock(handle);
-    }
-  });
-});
-
-// ── Stale PID cleanup ────────────────────────────────────────────────────
-
-describe("stale PID cleanup", () => {
-  it("cleans up stale lock from a dead PID and acquires", () => {
-    // Write a lock file with a PID that does not exist
-    const stalePid = 99999999; // Very unlikely to be a real process
-    const staleInfo: LockInfo = {
-      pid: stalePid,
-      operation: "old-install",
-      acquiredAt: "2020-01-01T00:00:00.000Z",
-    };
-    writeFileSync(lockPath(opHome), JSON.stringify(staleInfo) + "\n");
-
-    // Should succeed because the PID is dead
-    const handle = acquireLock(opHome, "new-install");
-    expect(handle.info.pid).toBe(process.pid);
-    expect(handle.info.operation).toBe("new-install");
-
-    releaseLock(handle);
-  });
-});
-
-// ── Corrupt file handling ────────────────────────────────────────────────
-
-describe("corrupt lock file", () => {
-  it("recovers from a corrupt lock file", () => {
-    writeFileSync(lockPath(opHome), "not valid json{{{");
-
-    const handle = acquireLock(opHome, "install");
-    expect(handle.info.pid).toBe(process.pid);
-
-    releaseLock(handle);
-  });
-
-  it("recovers from an empty lock file", () => {
-    writeFileSync(lockPath(opHome), "");
-
-    const handle = acquireLock(opHome, "install");
-    expect(handle.info.pid).toBe(process.pid);
-
-    releaseLock(handle);
-  });
-
-  it("recovers from a lock file with missing fields", () => {
-    writeFileSync(lockPath(opHome), JSON.stringify({ pid: 1 }));
-
-    const handle = acquireLock(opHome, "install");
-    expect(handle.info.pid).toBe(process.pid);
-
-    releaseLock(handle);
-  });
-});
-
-// ── Release ──────────────────────────────────────────────────────────────
-
-describe("releaseLock", () => {
-  it("removes the lock file", () => {
-    const handle = acquireLock(opHome, "install");
-    expect(existsSync(handle.path)).toBe(true);
-
-    releaseLock(handle);
-    expect(existsSync(handle.path)).toBe(false);
-  });
-
-  it("is idempotent — second release is a no-op", () => {
-    const handle = acquireLock(opHome, "install");
-    releaseLock(handle);
-    expect(existsSync(handle.path)).toBe(false);
-
-    // Second release should not throw
-    releaseLock(handle);
-    expect(existsSync(handle.path)).toBe(false);
-  });
-
-  it("does not remove lock owned by a different PID", () => {
-    // Simulate a lock file owned by someone else
-    const otherInfo: LockInfo = {
-      pid: 99999999,
-      operation: "other",
-      acquiredAt: new Date().toISOString(),
-    };
-    writeFileSync(lockPath(opHome), JSON.stringify(otherInfo) + "\n");
-
-    // Create a handle that claims to own the lock
-    const fakeHandle: LockHandle = {
-      path: lockPath(opHome),
-      info: {
-        pid: process.pid, // Different from file content
-        operation: "mine",
-        acquiredAt: new Date().toISOString(),
-      },
-    };
-
-    releaseLock(fakeHandle);
-    // Lock file should still exist because PID doesn't match
-    expect(existsSync(lockPath(opHome))).toBe(true);
-  });
-});
-
-// ── lockPath ─────────────────────────────────────────────────────────────
-
-describe("lockPath", () => {
-  it("returns the correct path", () => {
-    expect(lockPath("/home/user/.openpalm")).toBe("/home/user/.openpalm/data/.openpalm.lock");
-  });
-});