@openparachute/hub 0.6.3 → 0.6.4-rc.10

package/src/__tests__/serve.test.ts

@@ -6,12 +6,34 @@ import { _resetBootstrapTokenForTests, getBootstrapToken } from "../bootstrap-to
 import {
   formatBootstrapTokenBanner,
   formatListeningBanner,
+  hubPortConflictMessage,
   resolveStartupIssuer,
   seedInitialAdminIfNeeded,
 } from "../commands/serve.ts";
 import { openHubDb } from "../hub-db.ts";
 import { getUserByUsername, userCount } from "../users.ts";
 
+describe("hubPortConflictMessage (hub#536)", () => {
+  test("maps a port-in-use error to a clear duplicate-supervisor message", () => {
+    // Bun surfaces a port conflict as "...Is port 1939 in use?"; node-style is
+    // "EADDRINUSE: address already in use". Both must map to the clear message.
+    for (const m of [
+      "EADDRINUSE: address already in use 127.0.0.1:1939",
+      "Failed to start server. Is port 1939 in use?",
+    ]) {
+      const out = hubPortConflictMessage(new Error(m), 1939);
+      expect(out).toContain("already in use");
+      expect(out).toContain("duplicate supervisor");
+      expect(out).toContain("1939");
+    }
+  });
+
+  test("returns null for an unrelated error (caller re-throws the original)", () => {
+    expect(hubPortConflictMessage(new Error("permission denied"), 1939)).toBeNull();
+    expect(hubPortConflictMessage("not even an Error", 1939)).toBeNull();
+  });
+});
+
 describe("seedInitialAdminIfNeeded", () => {
   let dir: string;
   let dbPath: string;
@@ -248,6 +270,13 @@ describe("bootstrap-token wiring under needs-setup", () => {
 });
 
 describe("resolveStartupIssuer — precedence chain (hub#365)", () => {
+  // Stub "no exposure recorded" so the undefined-asserting tests are
+  // isolated from the host's real ~/.parachute/expose-state.json — the
+  // default reader picks up a live exposure on the dev box and the expose
+  // tier (#531) would otherwise shadow the "no source → undefined" cases.
+  // The expose tier itself is exercised in its own describe block below.
+  const noExpose = (): string | undefined => undefined;
+
   test("explicit opts.issuer wins over everything", () => {
     const got = resolveStartupIssuer(
       { issuer: "https://override.example" },
@@ -296,9 +325,9 @@ describe("resolveStartupIssuer — precedence chain (hub#365)", () => {
   });
 
   test("returns undefined when no source has a value", () => {
-    expect(resolveStartupIssuer({}, {})).toBeUndefined();
-    expect(resolveStartupIssuer({}, { RENDER_EXTERNAL_URL: "" })).toBeUndefined();
-    expect(resolveStartupIssuer({}, { PARACHUTE_HUB_ORIGIN: "" })).toBeUndefined();
+    expect(resolveStartupIssuer({}, {}, noExpose)).toBeUndefined();
+    expect(resolveStartupIssuer({}, { RENDER_EXTERNAL_URL: "" }, noExpose)).toBeUndefined();
+    expect(resolveStartupIssuer({}, { PARACHUTE_HUB_ORIGIN: "" }, noExpose)).toBeUndefined();
   });
 
   test("empty string after slash-strip collapses to undefined (defensive)", () => {
@@ -306,7 +335,7 @@ describe("resolveStartupIssuer — precedence chain (hub#365)", () => {
     // Guards against a misconfigured env where someone sets the var to "/"
     // expecting it to mean "root" (it doesn't — leaves hub without a usable
     // origin, which is the same as not setting it at all).
-    expect(resolveStartupIssuer({}, { PARACHUTE_HUB_ORIGIN: "/" })).toBeUndefined();
+    expect(resolveStartupIssuer({}, { PARACHUTE_HUB_ORIGIN: "/" }, noExpose)).toBeUndefined();
   });
 
   // Fly.io self-host path (patterns#100). resolveStartupIssuer is the
@@ -341,11 +370,96 @@ describe("resolveStartupIssuer — precedence chain (hub#365)", () => {
   });
 
   test("FLY_APP_NAME with slash rejected (defensive — Fly slugs don't contain /)", () => {
-    expect(resolveStartupIssuer({}, { FLY_APP_NAME: "a/b" })).toBeUndefined();
-    expect(resolveStartupIssuer({}, { FLY_APP_NAME: "../etc/passwd" })).toBeUndefined();
+    expect(resolveStartupIssuer({}, { FLY_APP_NAME: "a/b" }, noExpose)).toBeUndefined();
+    expect(resolveStartupIssuer({}, { FLY_APP_NAME: "../etc/passwd" }, noExpose)).toBeUndefined();
   });
 
   test("FLY_APP_NAME empty string → no fallback", () => {
-    expect(resolveStartupIssuer({}, { FLY_APP_NAME: "" })).toBeUndefined();
+    expect(resolveStartupIssuer({}, { FLY_APP_NAME: "" }, noExpose)).toBeUndefined();
+  });
+});
+
+describe("resolveStartupIssuer — expose-state fallback (#531)", () => {
+  // The reboot-persistent bug: the launchd plist / systemd unit that keeps
+  // `parachute serve` alive carries no PARACHUTE_HUB_ORIGIN, so on every
+  // reboot the hub boots with no flag/env/platform origin and would stamp
+  // iss from the per-request origin — which exposed resource servers (vault)
+  // reject until they restart. Reading expose-state.json's hubOrigin makes
+  // iss deterministic across reboots. The readExpose seam lets us drive this
+  // without touching the real ~/.parachute.
+  const EXPOSED = "https://parachute.taildf9ce2.ts.net";
+
+  test("returns expose-state.hubOrigin when no flag/env/platform set", () => {
+    const got = resolveStartupIssuer({}, {}, () => EXPOSED);
+    expect(got).toBe(EXPOSED);
+  });
+
+  test("explicit opts.issuer wins over expose-state", () => {
+    const got = resolveStartupIssuer({ issuer: "https://override.example" }, {}, () => EXPOSED);
+    expect(got).toBe("https://override.example");
+  });
+
+  test("PARACHUTE_HUB_ORIGIN wins over expose-state", () => {
+    const got = resolveStartupIssuer(
+      {},
+      { PARACHUTE_HUB_ORIGIN: "https://env.example" },
+      () => EXPOSED,
+    );
+    expect(got).toBe("https://env.example");
+  });
+
+  test("RENDER_EXTERNAL_URL wins over expose-state", () => {
+    const got = resolveStartupIssuer(
+      {},
+      { RENDER_EXTERNAL_URL: "https://app.onrender.com" },
+      () => EXPOSED,
+    );
+    expect(got).toBe("https://app.onrender.com");
+  });
+
+  test("FLY_APP_NAME wins over expose-state", () => {
+    const got = resolveStartupIssuer({}, { FLY_APP_NAME: "my-parachute" }, () => EXPOSED);
+    expect(got).toBe("https://my-parachute.fly.dev");
+  });
+
+  test("returns undefined when expose-state is absent (no hubOrigin recorded)", () => {
+    expect(resolveStartupIssuer({}, {}, () => undefined)).toBeUndefined();
+  });
+
+  test("strips trailing slashes from the expose origin", () => {
+    expect(resolveStartupIssuer({}, {}, () => `${EXPOSED}/`)).toBe(EXPOSED);
+    expect(resolveStartupIssuer({}, {}, () => `${EXPOSED}//`)).toBe(EXPOSED);
+  });
+
+  test("ignores a loopback expose hubOrigin (never re-pin the degraded mode)", () => {
+    expect(resolveStartupIssuer({}, {}, () => "http://127.0.0.1:1939")).toBeUndefined();
+    expect(resolveStartupIssuer({}, {}, () => "http://localhost:1939")).toBeUndefined();
+    expect(resolveStartupIssuer({}, {}, () => "http://[::1]:1939")).toBeUndefined();
+    expect(resolveStartupIssuer({}, {}, () => "http://0.0.0.0:1939")).toBeUndefined();
+  });
+
+  test("ignores a non-http(s) or malformed expose origin", () => {
+    expect(resolveStartupIssuer({}, {}, () => "ftp://parachute.example")).toBeUndefined();
+    expect(resolveStartupIssuer({}, {}, () => "not-a-url")).toBeUndefined();
+    expect(resolveStartupIssuer({}, {}, () => "")).toBeUndefined();
+  });
+
+  test("default reader is swallowed-safe (no real ~/.parachute) — does not throw", () => {
+    // The default readExpose swallows a malformed-file throw; with no
+    // exposure recorded under the test PARACHUTE_HOME it just yields
+    // undefined → undefined issuer. The key assertion is "doesn't throw."
+    expect(() => resolveStartupIssuer({}, {})).not.toThrow();
+  });
+
+  test("a throwing injected reader can't crash startup (returns undefined)", () => {
+    // The readExpose() call is try/catch-wrapped so even a non-swallowing
+    // reader can't propagate into boot. With no flag/env/platform origin set
+    // and a throwing reader, the issuer resolves to undefined (the degraded
+    // request-origin mode) rather than crashing `parachute serve`.
+    const throwing = () => {
+      throw new Error("malformed expose-state.json");
+    };
+    expect(() => resolveStartupIssuer({}, {}, throwing)).not.toThrow();
+    expect(resolveStartupIssuer({}, {}, throwing)).toBeUndefined();
   });
 });

package/src/__tests__/setup-wizard.test.ts

@@ -4051,6 +4051,116 @@ describe("setup-wizard JSON surface (hub#168 Cuts 2/3)", () => {
     }
   });
 
+  test("JSON probe hands the bootstrap token VALUE to a loopback caller (hub#576)", async () => {
+    const { generateBootstrapToken, _resetBootstrapTokenForTests } = await import(
+      "../bootstrap-token.ts"
+    );
+    _resetBootstrapTokenForTests();
+    const token = generateBootstrapToken();
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      const res = handleSetupGet(req("/admin/setup", { headers: { accept: "application/json" } }), {
+        db,
+        manifestPath: h.manifestPath,
+        configDir: h.dir,
+        readExposeStateFn: h.readExposeStateFn,
+        issuer: "http://127.0.0.1:1939",
+        registry: getDefaultOperationsRegistry(),
+        requestIsLoopback: true,
+      });
+      const body = (await res.json()) as {
+        requireBootstrapToken: boolean;
+        bootstrapToken?: string;
+      };
+      expect(body.requireBootstrapToken).toBe(true);
+      expect(body.bootstrapToken).toBe(token);
+    } finally {
+      _resetBootstrapTokenForTests();
+      db.close();
+    }
+  });
+
+  test("JSON probe withholds the token VALUE from a non-loopback caller (hub#576)", async () => {
+    const { generateBootstrapToken, _resetBootstrapTokenForTests } = await import(
+      "../bootstrap-token.ts"
+    );
+    _resetBootstrapTokenForTests();
+    generateBootstrapToken();
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      const res = handleSetupGet(req("/admin/setup", { headers: { accept: "application/json" } }), {
+        db,
+        manifestPath: h.manifestPath,
+        configDir: h.dir,
+        readExposeStateFn: h.readExposeStateFn,
+        issuer: "http://127.0.0.1:1939",
+        registry: getDefaultOperationsRegistry(),
+        requestIsLoopback: false,
+      });
+      const body = (await res.json()) as {
+        requireBootstrapToken: boolean;
+        bootstrapToken?: string;
+      };
+      // The boolean still tells a public browser a token is required...
+      expect(body.requireBootstrapToken).toBe(true);
+      // ...but the VALUE never leaks to it.
+      expect(body.bootstrapToken).toBeUndefined();
+    } finally {
+      _resetBootstrapTokenForTests();
+      db.close();
+    }
+  });
+
+  test("JSON probe fails CLOSED when loopback is unknown (hub#576)", async () => {
+    const { generateBootstrapToken, _resetBootstrapTokenForTests } = await import(
+      "../bootstrap-token.ts"
+    );
+    _resetBootstrapTokenForTests();
+    generateBootstrapToken();
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      // `requestIsLoopback` omitted entirely — must be treated as non-loopback.
+      const res = handleSetupGet(req("/admin/setup", { headers: { accept: "application/json" } }), {
+        db,
+        manifestPath: h.manifestPath,
+        configDir: h.dir,
+        readExposeStateFn: h.readExposeStateFn,
+        issuer: "http://127.0.0.1:1939",
+        registry: getDefaultOperationsRegistry(),
+      });
+      const body = (await res.json()) as { bootstrapToken?: string };
+      expect(body.bootstrapToken).toBeUndefined();
+    } finally {
+      _resetBootstrapTokenForTests();
+      db.close();
+    }
+  });
+
+  test("JSON probe omits the token when no admin gate is active (hub#576)", async () => {
+    const { _resetBootstrapTokenForTests } = await import("../bootstrap-token.ts");
+    _resetBootstrapTokenForTests(); // no token minted → not in wizard mode
+    const db = openHubDb(hubDbPath(h.dir));
+    try {
+      const res = handleSetupGet(req("/admin/setup", { headers: { accept: "application/json" } }), {
+        db,
+        manifestPath: h.manifestPath,
+        configDir: h.dir,
+        readExposeStateFn: h.readExposeStateFn,
+        issuer: "http://127.0.0.1:1939",
+        registry: getDefaultOperationsRegistry(),
+        requestIsLoopback: true,
+      });
+      const body = (await res.json()) as {
+        requireBootstrapToken: boolean;
+        bootstrapToken?: string;
+      };
+      expect(body.requireBootstrapToken).toBe(false);
+      expect(body.bootstrapToken).toBeUndefined();
+    } finally {
+      db.close();
+    }
+  });
+
   test("vault step skip mode short-circuits + persists setup_vault_skipped", async () => {
     const db = openHubDb(hubDbPath(h.dir));
     try {

package/src/__tests__/spawn-path.test.ts

@@ -0,0 +1,191 @@
+import { describe, expect, test } from "bun:test";
+import {
+  type EnrichedPathDeps,
+  enrichedPath,
+  enrichedUnitPath,
+  operatorToolDirs,
+} from "../spawn-path.ts";
+
+/**
+ * Build EnrichedPathDeps with a fake fs (set of existing paths) + pinned
+ * platform/arch/home so tests never touch the real disk or host.
+ */
+function fakeDeps(opts: {
+  home?: string;
+  platform?: NodeJS.Platform;
+  arch?: string;
+  existing?: string[];
+}): EnrichedPathDeps {
+  const existing = new Set(opts.existing ?? []);
+  return {
+    homeDir: () => opts.home ?? "/home/op",
+    exists: (p) => existing.has(p),
+    platform: opts.platform ?? "darwin",
+    arch: opts.arch ?? "arm64",
+  };
+}
+
+describe("enrichedPath — operator-tool PATH enrichment", () => {
+  test("preserves the inherited PATH and keeps its order", () => {
+    const deps = fakeDeps({ existing: [] });
+    const result = enrichedPath({ PATH: "/usr/bin:/bin" }, deps);
+    expect(result).toBe("/usr/bin:/bin");
+  });
+
+  test("appends operator-tool dirs only when they exist on disk", () => {
+    // .local/bin + brew exist; .bun/bin does NOT → only the two existing append.
+    const deps = fakeDeps({
+      home: "/home/op",
+      platform: "darwin",
+      arch: "arm64",
+      existing: ["/home/op/.local/bin", "/opt/homebrew/bin"],
+    });
+    const result = enrichedPath({ PATH: "/usr/bin" }, deps);
+    expect(result).toBe("/usr/bin:/home/op/.local/bin:/opt/homebrew/bin");
+    expect(result).not.toContain("/home/op/.bun/bin");
+  });
+
+  test("inherited PATH wins over appended defaults (append, not prepend)", () => {
+    const deps = fakeDeps({ existing: ["/home/op/.local/bin"] });
+    const result = enrichedPath({ PATH: "/first:/second" }, deps);
+    const parts = result.split(":");
+    expect(parts[0]).toBe("/first");
+    expect(parts[1]).toBe("/second");
+    expect(parts[2]).toBe("/home/op/.local/bin");
+  });
+
+  test("dedupes — an appended dir already in the inherited PATH is not duplicated", () => {
+    const deps = fakeDeps({ existing: ["/home/op/.local/bin"] });
+    const result = enrichedPath({ PATH: "/usr/bin:/home/op/.local/bin" }, deps);
+    expect(result).toBe("/usr/bin:/home/op/.local/bin");
+    expect(result.split(":").filter((p) => p === "/home/op/.local/bin")).toHaveLength(1);
+  });
+
+  test("PARACHUTE_EXTRA_PATH is PREPENDED so an operator can intentionally shadow", () => {
+    const deps = fakeDeps({ existing: ["/home/op/.local/bin"] });
+    const result = enrichedPath(
+      { PATH: "/usr/bin", PARACHUTE_EXTRA_PATH: "/opt/custom/bin:/opt/more" },
+      deps,
+    );
+    const parts = result.split(":");
+    expect(parts[0]).toBe("/opt/custom/bin");
+    expect(parts[1]).toBe("/opt/more");
+    expect(parts[2]).toBe("/usr/bin");
+    expect(parts[3]).toBe("/home/op/.local/bin");
+  });
+
+  test("PARACHUTE_EXTRA_PATH dedupes against inherited (extra-first wins position)", () => {
+    const deps = fakeDeps({ existing: [] });
+    const result = enrichedPath({ PATH: "/usr/bin:/dup", PARACHUTE_EXTRA_PATH: "/dup" }, deps);
+    expect(result).toBe("/dup:/usr/bin");
+  });
+
+  test("empty inherited PATH yields just the existing appended dirs", () => {
+    const deps = fakeDeps({
+      home: "/home/op",
+      platform: "darwin",
+      arch: "arm64",
+      existing: ["/home/op/.local/bin", "/opt/homebrew/bin", "/home/op/.bun/bin"],
+    });
+    const result = enrichedPath({ PATH: "" }, deps);
+    expect(result).toBe("/home/op/.local/bin:/opt/homebrew/bin:/home/op/.bun/bin");
+  });
+
+  describe("platform / arch branches", () => {
+    test("darwin arm64 → /opt/homebrew/bin", () => {
+      const deps = fakeDeps({
+        platform: "darwin",
+        arch: "arm64",
+        existing: ["/opt/homebrew/bin"],
+      });
+      expect(enrichedPath({ PATH: "/usr/bin" }, deps)).toBe("/usr/bin:/opt/homebrew/bin");
+    });
+
+    test("darwin x64 → /usr/local/bin (Intel brew)", () => {
+      const deps = fakeDeps({
+        platform: "darwin",
+        arch: "x64",
+        existing: ["/usr/local/bin"],
+      });
+      // /usr/local/bin is the brew bin on Intel macOS; here it's the only existing dir.
+      expect(enrichedPath({ PATH: "/usr/bin" }, deps)).toBe("/usr/bin:/usr/local/bin");
+    });
+
+    test("linux → only $HOME/.local/bin + $HOME/.bun/bin, no brew bin", () => {
+      const deps = fakeDeps({
+        home: "/home/op",
+        platform: "linux",
+        arch: "x64",
+        existing: ["/home/op/.local/bin", "/home/op/.bun/bin", "/opt/homebrew/bin"],
+      });
+      const result = enrichedPath({ PATH: "/usr/bin" }, deps);
+      expect(result).toBe("/usr/bin:/home/op/.local/bin:/home/op/.bun/bin");
+      // /opt/homebrew/bin exists in the fake fs but is NOT a Linux candidate dir.
+      expect(result).not.toContain("/opt/homebrew/bin");
+    });
+  });
+});
+
+describe("operatorToolDirs — candidate dir list", () => {
+  test("darwin arm64: .local/bin, /opt/homebrew/bin, .bun/bin (in order)", () => {
+    expect(operatorToolDirs("/home/op", "darwin", "arm64")).toEqual([
+      "/home/op/.local/bin",
+      "/opt/homebrew/bin",
+      "/home/op/.bun/bin",
+    ]);
+  });
+
+  test("darwin x64: brew is /usr/local/bin", () => {
+    expect(operatorToolDirs("/home/op", "darwin", "x64")).toEqual([
+      "/home/op/.local/bin",
+      "/usr/local/bin",
+      "/home/op/.bun/bin",
+    ]);
+  });
+
+  test("linux: no brew dir", () => {
+    expect(operatorToolDirs("/home/op", "linux", "x64")).toEqual([
+      "/home/op/.local/bin",
+      "/home/op/.bun/bin",
+    ]);
+  });
+});
+
+describe("enrichedUnitPath — launchd/systemd unit PATH", () => {
+  test("bun bin first, then system dirs, then operator-tool dirs (darwin arm64)", () => {
+    const result = enrichedUnitPath("/home/op/.bun", "/home/op", "darwin", "arm64", undefined);
+    expect(result).toBe(
+      "/home/op/.bun/bin:/usr/local/bin:/usr/bin:/bin:/home/op/.local/bin:/opt/homebrew/bin",
+    );
+  });
+
+  test("dedupes — Intel brew /usr/local/bin already present in the base is not duplicated", () => {
+    // darwin x64 brew dir == /usr/local/bin, which the base already carries.
+    const result = enrichedUnitPath("/home/op/.bun", "/home/op", "darwin", "x64", undefined);
+    expect(result.split(":").filter((p) => p === "/usr/local/bin")).toHaveLength(1);
+    expect(result).toBe("/home/op/.bun/bin:/usr/local/bin:/usr/bin:/bin:/home/op/.local/bin");
+  });
+
+  test("linux: appends $HOME/.local/bin (no brew dir)", () => {
+    const result = enrichedUnitPath("/home/op/.bun", "/home/op", "linux", "x64", undefined);
+    expect(result).toBe("/home/op/.bun/bin:/usr/local/bin:/usr/bin:/bin:/home/op/.local/bin");
+  });
+
+  test("includes operator-tool dirs unconditionally (no existence check)", () => {
+    // No fs seam here — the unit-side dirs are baked in even if absent on disk.
+    const result = enrichedUnitPath("/home/op/.bun", "/home/op", "darwin", "arm64", undefined);
+    expect(result).toContain("/home/op/.local/bin");
+    expect(result).toContain("/opt/homebrew/bin");
+  });
+
+  test("PARACHUTE_EXTRA_PATH is prepended", () => {
+    const result = enrichedUnitPath(
+      "/home/op/.bun",
+      "/home/op",
+      "darwin",
+      "arm64",
+      "/opt/custom/bin",
+    );
+    expect(result.split(":")[0]).toBe("/opt/custom/bin");
+  });
+});

package/src/__tests__/status.test.ts

@@ -256,4 +256,68 @@ describe("status — per-module URL deep-links (manifestRowBase / urlForEntry)",
       cleanup();
     }
   });
+
+  test("non-curated supervised module reads `active` via the `supervised` fallback — hub#539", async () => {
+    const { path, configDir, cleanup } = makeTempPath();
+    try {
+      // surface is supervised but absent from the curated `modules` catalog
+      // (which only carries vault/scribe). Before hub#539 it mapped to
+      // `inactive` despite running; now `status` falls back to `supervised`.
+      upsertService(
+        {
+          name: "parachute-surface",
+          port: 1946,
+          paths: ["/surface"],
+          health: "/surface/healthz",
+          version: "0.2.2",
+        },
+        path,
+      );
+      const lines: string[] = [];
+      await status({
+        ...supervisorOpts(configDir, path, {
+          // `modules` empty (curated catalog omits surface); run-state ONLY in
+          // `supervised` — exactly the wire shape the live hub now returns.
+          moduleStates: {
+            supervisorAvailable: true,
+            modules: [],
+            supervised: [runningModule("surface")],
+          },
+        }),
+        print: (l) => lines.push(l),
+      });
+      const surfaceLine = lines.find((l) => l.includes("parachute-surface")) ?? "";
+      expect(surfaceLine).toMatch(/\bactive\b/);
+      expect(surfaceLine).not.toMatch(/\binactive\b/);
+    } finally {
+      cleanup();
+    }
+  });
+
+  test("module absent from BOTH modules and supervised stays `inactive` — hub#539 boundary", async () => {
+    const { path, configDir, cleanup } = makeTempPath();
+    try {
+      upsertService(
+        {
+          name: "parachute-surface",
+          port: 1946,
+          paths: ["/surface"],
+          health: "/surface/healthz",
+          version: "0.2.2",
+        },
+        path,
+      );
+      const lines: string[] = [];
+      await status({
+        ...supervisorOpts(configDir, path, {
+          moduleStates: { supervisorAvailable: true, modules: [], supervised: [] },
+        }),
+        print: (l) => lines.push(l),
+      });
+      const surfaceLine = lines.find((l) => l.includes("parachute-surface")) ?? "";
+      expect(surfaceLine).toMatch(/\binactive\b/);
+    } finally {
+      cleanup();
+    }
+  });
 });