@pleri/olam-cli 0.1.153 → 0.1.158
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/bootstrap.d.ts +2 -1
- package/dist/commands/bootstrap.d.ts.map +1 -1
- package/dist/commands/bootstrap.js +8 -10
- package/dist/commands/bootstrap.js.map +1 -1
- package/dist/commands/doctor.d.ts +22 -0
- package/dist/commands/doctor.d.ts.map +1 -1
- package/dist/commands/doctor.js +110 -7
- package/dist/commands/doctor.js.map +1 -1
- package/dist/commands/flywheel/check-persona-skeleton.d.ts +7 -0
- package/dist/commands/flywheel/check-persona-skeleton.d.ts.map +1 -0
- package/dist/commands/flywheel/check-persona-skeleton.js +14 -0
- package/dist/commands/flywheel/check-persona-skeleton.js.map +1 -0
- package/dist/commands/flywheel/diversity-check.d.ts +7 -0
- package/dist/commands/flywheel/diversity-check.d.ts.map +1 -0
- package/dist/commands/flywheel/diversity-check.js +14 -0
- package/dist/commands/flywheel/diversity-check.js.map +1 -0
- package/dist/commands/flywheel/emit-breadcrumb.d.ts +20 -0
- package/dist/commands/flywheel/emit-breadcrumb.d.ts.map +1 -0
- package/dist/commands/flywheel/emit-breadcrumb.js +137 -0
- package/dist/commands/flywheel/emit-breadcrumb.js.map +1 -0
- package/dist/commands/flywheel/index.d.ts +27 -0
- package/dist/commands/flywheel/index.d.ts.map +1 -0
- package/dist/commands/flywheel/index.js +48 -0
- package/dist/commands/flywheel/index.js.map +1 -0
- package/dist/commands/flywheel/install-shims.d.ts +8 -0
- package/dist/commands/flywheel/install-shims.d.ts.map +1 -0
- package/dist/commands/flywheel/install-shims.js +15 -0
- package/dist/commands/flywheel/install-shims.js.map +1 -0
- package/dist/commands/flywheel/k10-measure.d.ts +7 -0
- package/dist/commands/flywheel/k10-measure.d.ts.map +1 -0
- package/dist/commands/flywheel/k10-measure.js +14 -0
- package/dist/commands/flywheel/k10-measure.js.map +1 -0
- package/dist/commands/flywheel/k5-score.d.ts +14 -0
- package/dist/commands/flywheel/k5-score.d.ts.map +1 -0
- package/dist/commands/flywheel/k5-score.js +59 -0
- package/dist/commands/flywheel/k5-score.js.map +1 -0
- package/dist/commands/flywheel/k5-validate.d.ts +15 -0
- package/dist/commands/flywheel/k5-validate.d.ts.map +1 -0
- package/dist/commands/flywheel/k5-validate.js +185 -0
- package/dist/commands/flywheel/k5-validate.js.map +1 -0
- package/dist/commands/flywheel/ping.d.ts +21 -0
- package/dist/commands/flywheel/ping.d.ts.map +1 -0
- package/dist/commands/flywheel/ping.js +79 -0
- package/dist/commands/flywheel/ping.js.map +1 -0
- package/dist/commands/flywheel/sanitize-persona-output.d.ts +7 -0
- package/dist/commands/flywheel/sanitize-persona-output.d.ts.map +1 -0
- package/dist/commands/flywheel/sanitize-persona-output.js +14 -0
- package/dist/commands/flywheel/sanitize-persona-output.js.map +1 -0
- package/dist/commands/hermes-kg-hook.d.ts +36 -0
- package/dist/commands/hermes-kg-hook.d.ts.map +1 -0
- package/dist/commands/hermes-kg-hook.js +80 -0
- package/dist/commands/hermes-kg-hook.js.map +1 -0
- package/dist/commands/hermes.d.ts +46 -0
- package/dist/commands/hermes.d.ts.map +1 -0
- package/dist/commands/hermes.js +320 -0
- package/dist/commands/hermes.js.map +1 -0
- package/dist/commands/kg-install-hook.d.ts +7 -1
- package/dist/commands/kg-install-hook.d.ts.map +1 -1
- package/dist/commands/kg-install-hook.js +122 -6
- package/dist/commands/kg-install-hook.js.map +1 -1
- package/dist/commands/memory/_paths.d.ts +13 -3
- package/dist/commands/memory/_paths.d.ts.map +1 -1
- package/dist/commands/memory/_paths.js +25 -22
- package/dist/commands/memory/_paths.js.map +1 -1
- package/dist/commands/memory/logs.d.ts +8 -4
- package/dist/commands/memory/logs.d.ts.map +1 -1
- package/dist/commands/memory/logs.js +18 -13
- package/dist/commands/memory/logs.js.map +1 -1
- package/dist/commands/memory/mode.d.ts.map +1 -1
- package/dist/commands/memory/mode.js +7 -3
- package/dist/commands/memory/mode.js.map +1 -1
- package/dist/commands/memory/start.d.ts +16 -14
- package/dist/commands/memory/start.d.ts.map +1 -1
- package/dist/commands/memory/start.js +55 -189
- package/dist/commands/memory/start.js.map +1 -1
- package/dist/commands/memory/status.d.ts +10 -8
- package/dist/commands/memory/status.d.ts.map +1 -1
- package/dist/commands/memory/status.js +35 -38
- package/dist/commands/memory/status.js.map +1 -1
- package/dist/commands/memory/stop.d.ts +5 -4
- package/dist/commands/memory/stop.d.ts.map +1 -1
- package/dist/commands/memory/stop.js +26 -55
- package/dist/commands/memory/stop.js.map +1 -1
- package/dist/commands/memory-service-container.d.ts +78 -0
- package/dist/commands/memory-service-container.d.ts.map +1 -0
- package/dist/commands/memory-service-container.js +187 -0
- package/dist/commands/memory-service-container.js.map +1 -0
- package/dist/commands/services.d.ts +16 -1
- package/dist/commands/services.d.ts.map +1 -1
- package/dist/commands/services.js +88 -12
- package/dist/commands/services.js.map +1 -1
- package/dist/image-digests.json +7 -7
- package/dist/index.js +2570 -1384
- package/dist/index.js.map +1 -1
- package/dist/lib/k8s-secret-render.d.ts.map +1 -1
- package/dist/lib/k8s-secret-render.js +7 -4
- package/dist/lib/k8s-secret-render.js.map +1 -1
- package/dist/lib/memory-host-process-migration.d.ts +56 -0
- package/dist/lib/memory-host-process-migration.d.ts.map +1 -0
- package/dist/lib/memory-host-process-migration.js +156 -0
- package/dist/lib/memory-host-process-migration.js.map +1 -0
- package/dist/lib/upgrade-kubernetes.d.ts +22 -0
- package/dist/lib/upgrade-kubernetes.d.ts.map +1 -1
- package/dist/lib/upgrade-kubernetes.js +195 -2
- package/dist/lib/upgrade-kubernetes.js.map +1 -1
- package/dist/mcp-server.js +56 -22
- package/hermes-bundle/kg-first.sh +100 -0
- package/hermes-bundle/version.json +4 -0
- package/host-cp/k8s/manifests/50-deployment.yaml +54 -27
- package/host-cp/k8s/manifests/auth-service/30-configmap.yaml +5 -0
- package/host-cp/k8s/manifests/auth-service/50-deployment.yaml +5 -1
- package/host-cp/k8s/manifests/kg-service/30-configmap.yaml +5 -0
- package/host-cp/k8s/manifests/kg-service/50-deployment.yaml +5 -1
- package/host-cp/k8s/manifests/mcp-auth-service/30-configmap.yaml +4 -0
- package/host-cp/k8s/manifests/mcp-auth-service/50-deployment.yaml +5 -1
- package/host-cp/k8s/manifests/memory-service/30-configmap.yaml +4 -0
- package/host-cp/k8s/manifests/memory-service/50-deployment.yaml +5 -1
- package/host-cp/src/metrics.mjs +281 -0
- package/host-cp/src/server.mjs +22 -2
- package/package.json +3 -4
- package/memory-service-bundle/scripts/ensure-iii-engine.mjs +0 -179
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CAAC,+DAA+D,CAAC;IAC7E,4EAA4E;IAC5E,0EAA0E;KACzE,MAAM,CAAC,OAAO,EAAE,6DAA6D,CAAC;KAC9E,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;AAE7B,gEAAgE;AAChE,6EAA6E;AAC7E,4EAA4E;AAC5E,yEAAyE;AACzE,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACnD,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;IACxB,qEAAqE;IACrE,+EAA+E;IAC/E,iDAAiD;IACjD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACzF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0DAA0D,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK;YACtF,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,sEAAsE;AACtE,yEAAyE;AACzE,0EAA0E;AAC1E,wEAAwE;AACxE,mBAAmB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC/D,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACpC,8BAA8B,CAAC,OAAO,CAAC,CAAC;AACxC,2BAA2B,CAAC,OAAO,CAAC,CAAC;AACrC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,iBAAiB,CAAC,OAAO,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,MAAM,CAAC;KACZ,WAAW,CAAC,+DAA+D,CAAC;IAC7E,4EAA4E;IAC5E,0EAA0E;KACzE,MAAM,CAAC,OAAO,EAAE,6DAA6D,CAAC;KAC9E,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;AAE7B,gEAAgE;AAChE,6EAA6E;AAC7E,4EAA4E;AAC5E,yEAAyE;AACzE,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACnD,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;IACxB,qEAAqE;IACrE,+EAA+E;IAC/E,iDAAiD;IACjD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACzF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0DAA0D,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK;YACtF,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,sEAAsE;AACtE,yEAAyE;AACzE,0EAA0E;AAC1E,wEAAwE;AACxE,mBAAmB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC/D,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,mBAAmB,CAAC,OAAO,CAAC,CAAC;AAC7B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAChC,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,UAAU,CAAC,OAAO,CAAC,CAAC;AACpB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC/B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACnC,0BAA0B,CAAC,OAAO,CAAC,CAAC;AACpC,8BAA8B,CAAC,OAAO,CAAC,CAAC;AACxC,2BAA2B,CAAC,OAAO,CAAC,CAAC;AACrC,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,cAAc,CAAC,OAAO,CAAC,CAAC;AAExB,0EAA0E;AAC1E,6EAA6E;AAC7E,yEAAyE;AACzE,wBAAwB;AAExB,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"k8s-secret-render.d.ts","sourceRoot":"","sources":["../../src/lib/k8s-secret-render.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAQH,eAAO,MAAM,sBAAsB,QAA4C,CAAC;AAGhF;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC;QACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,MAAM,EACX;YAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;YAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,GACpD;YAAE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAA;SAAE,CAAC;KACnC,CAAC,CAAC;CACJ;AAED,2EAA2E;AAC3E,eAAO,MAAM,wBAAwB,EAAE,aAAa,CAAC,qBAAqB,CA6DzE,CAAC;AAEF,gFAAgF;AAChF,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,QAAQ,CAAC,OAAO,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC1C;AAED,2FAA2F;AAC3F,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IACpB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAClD;AAED,wEAAwE;AACxE,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,MAAM,CAAC;IAC1D,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IACxE,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;IAChD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,MAAM,CAAC;IACrC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAC9D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,eAAe,GAAG,IAAI,CAAC;IAClD,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,CAAC;IACvD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;CACzC;AAuBD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,GAAE,MAA+B,GAAG,eAAe,GAAG,IAAI,CAUnG;AAED,8CAA8C;AAC9C,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,eAAe,EAAE,SAAS,GAAE,MAA+B,GAAG,IAAI,
|
|
1
|
+
{"version":3,"file":"k8s-secret-render.d.ts","sourceRoot":"","sources":["../../src/lib/k8s-secret-render.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAQH,eAAO,MAAM,sBAAsB,QAA4C,CAAC;AAGhF;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC;QACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,MAAM,EACX;YAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;YAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,GACpD;YAAE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAA;SAAE,CAAC;KACnC,CAAC,CAAC;CACJ;AAED,2EAA2E;AAC3E,eAAO,MAAM,wBAAwB,EAAE,aAAa,CAAC,qBAAqB,CA6DzE,CAAC;AAEF,gFAAgF;AAChF,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,QAAQ,CAAC,OAAO,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC1C;AAED,2FAA2F;AAC3F,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IACpB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAClD;AAED,wEAAwE;AACxE,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,MAAM,CAAC;IAC1D,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IACxE,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;IAChD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,MAAM,CAAC;IACrC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAC9D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,eAAe,GAAG,IAAI,CAAC;IAClD,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,CAAC;IACvD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;CACzC;AAuBD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,GAAE,MAA+B,GAAG,eAAe,GAAG,IAAI,CAUnG;AAED,8CAA8C;AAC9C,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,eAAe,EAAE,SAAS,GAAE,MAA+B,GAAG,IAAI,CAW1G;AAED;;;;;;GAMG;AACH,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,UAAU,GAAG,SAAS,CAAC;IACxC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,QAAQ,CAAC,cAAc,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAChD;AAyCD;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CACpC,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC7B,MAAM,CAOR;AAED;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,qBAAqB,EAC9B,aAAa,EAAE,MAAM,EACrB,KAAK,EAAE,cAAc,GAAG,IAAI,EAC5B,IAAI,GAAE,UAAe,EACrB,MAAM,GAAE,OAAe,GACtB,YAAY,CAgDd;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAC9B,aAAa,EAAE,MAAM,EACrB,IAAI,EAAE;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,EAC7D,IAAI,GAAE,UAAe,GACpB;IAAE,OAAO,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IAAC,SAAS,EAAE,eAAe,CAAA;CAAE,CAiCtE"}
|
|
@@ -32,7 +32,7 @@
|
|
|
32
32
|
* subprocess argv (audit:auth-callers + general security hygiene).
|
|
33
33
|
*/
|
|
34
34
|
import { spawnSync } from 'node:child_process';
|
|
35
|
-
import { existsSync, readFileSync, writeFileSync, mkdirSync, chmodSync, statSync } from 'node:fs';
|
|
35
|
+
import { existsSync, readFileSync, writeFileSync, mkdirSync, chmodSync, statSync, renameSync } from 'node:fs';
|
|
36
36
|
import { join, dirname } from 'node:path';
|
|
37
37
|
import { randomBytes } from 'node:crypto';
|
|
38
38
|
import { OLAM_HOME } from './config.js';
|
|
@@ -140,9 +140,12 @@ export function writeSecretsState(state, statePath = K8S_SECRETS_STATE_PATH) {
|
|
|
140
140
|
const tmp = `${statePath}.tmp.${process.pid}`;
|
|
141
141
|
writeFileSync(tmp, JSON.stringify(state, null, 2) + '\n', { encoding: 'utf8', mode: 0o600 });
|
|
142
142
|
chmodSync(tmp, 0o600);
|
|
143
|
-
// renameSync is atomic on POSIX
|
|
144
|
-
//
|
|
145
|
-
|
|
143
|
+
// renameSync is atomic on POSIX. Use the statically-imported binding; a
|
|
144
|
+
// dynamic require('node:fs') would survive type-checking but esbuild's
|
|
145
|
+
// ESM bundler emits it as `__require("node:fs")` which throws at runtime
|
|
146
|
+
// ("Dynamic require of \"node:fs\" is not supported"), killing
|
|
147
|
+
// `olam upgrade` mid-bootstrap. See R4-W2-B retest finding.
|
|
148
|
+
renameSync(tmp, statePath);
|
|
146
149
|
}
|
|
147
150
|
/**
|
|
148
151
|
* Resolve a single placeholder's value. Returns null when the source is
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"k8s-secret-render.js","sourceRoot":"","sources":["../../src/lib/k8s-secret-render.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"k8s-secret-render.js","sourceRoot":"","sources":["../../src/lib/k8s-secret-render.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC9G,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,CAAC,SAAS,EAAE,wBAAwB,CAAC,CAAC;AAChF,MAAM,gBAAgB,GAAG,EAAE,CAAC,CAAC,kEAAkE;AAmB/F,2EAA2E;AAC3E,MAAM,CAAC,MAAM,wBAAwB,GAAyC;IAC5E;QACE,UAAU,EAAE,qBAAqB;QACjC,eAAe,EAAE,mCAAmC;QACpD,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,0CAA0C;gBACvD,GAAG,EAAE,kBAAkB;gBACvB,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE;aAClD;YACD;gBACE,WAAW,EAAE,+BAA+B;gBAC5C,GAAG,EAAE,UAAU;gBACf,MAAM,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE;aAC7B;SACF;KACF;IACD;QACE,UAAU,EAAE,0BAA0B;QACtC,eAAe,EAAE,6CAA6C;QAC9D,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,6CAA6C;gBAC1D,GAAG,EAAE,qBAAqB;gBAC1B,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,gBAAgB,EAAE;aACrD;SACF;KACF;IACD;QACE,UAAU,EAAE,8BAA8B;QAC1C,eAAe,EAAE,iDAAiD;QAClE,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,kDAAkD;gBAC/D,GAAG,EAAE,0BAA0B;gBAC/B,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,qBAAqB,EAAE;aAC1D;SACF;KACF;IACD;QACE,UAAU,EAAE,wBAAwB;QACpC,eAAe,EAAE,2CAA2C;QAC5D,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,8CAA8C;gBAC3D,GAAG,EAAE,sBAAsB;gBAC3B,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE;aACtD;SACF;KACF;IACD;QACE,UAAU,EAAE,4BAA4B;QACxC,eAAe,EAAE,+CAA+C;QAChE,YAAY,EAAE;YACZ;gBACE,WAAW,EAAE,mDAAmD;gBAChE,GAAG,EAAE,2BAA2B;gBAChC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,sBAAsB,EAAE;aAC3D;SACF;KACF;CACF,CAAC;AA+BF,MAAM,mBAAmB,GAAG,GAAW,EAAE,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAExF,MAAM,oBAAoB,GAAG,GAAmC,EAAE;IAChE,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IACtG,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;IAC9C,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;AAClC,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,CAAC,CAAS,EAAE,GAAW,EAAU,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAEjF,MAAM,gBAAgB,GAAG,CAAC,CAAS,EAAE,IAAY,EAAE,IAAY,EAAQ,EAAE;IACvE,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3C,aAAa,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,yEAAyE;IACzE,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,CAAS,EAAW,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AAEhE;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,YAAoB,sBAAsB;IACzE,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAyB,CAAC;QACvD,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACtC,OAAO,MAAyB,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8CAA8C;AAC9C,MAAM,UAAU,iBAAiB,CAAC,KAAsB,EAAE,YAAoB,sBAAsB;IAClG,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,GAAG,SAAS,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC;IAC9C,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7F,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACtB,wEAAwE;IACxE,uEAAuE;IACvE,yEAAyE;IACzE,+DAA+D;IAC/D,4DAA4D;IAC5D,UAAU,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;AAC7B,CAAC;AAiBD;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,MAA+D,EAC/D,QAAgB,EAChB,cAAkC,EAClC,MAAe,EACf,IAA4G;IAE5G,IAAI,CAAC,MAAM,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,KAAK,EAAE,EAAE,CAAC;QACrE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IAC7C,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QACjD,kEAAkE;QAClE,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;YACvC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;QACpC,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;YACrD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QACnD,CAAC;QACD,gDAAgD;QAChD,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAClC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QACvC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACpC,CAAC;IACD,gEAAgE;IAChE,qEAAqE;IACrE,MAAM,CAAC,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAC/B,IAAI,CAAC,CAAC,EAAE;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;IAC9C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,2DAA2D,EAAE,CAAC;AAC5F,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CACpC,YAAoB,EACpB,MAA8B;IAE9B,IAAI,GAAG,GAAG,YAAY,CAAC;IACvB,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1D,wEAAwE;QACxE,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,WAAW,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,OAA8B,EAC9B,aAAqB,EACrB,KAA4B,EAC5B,OAAmB,EAAE,EACrB,SAAkB,KAAK;IAEvB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,SAAS,CAAC;IAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,eAAe,CAAC;IAClD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,gBAAgB,CAAC;IACrD,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,iBAAiB,CAAC;IACxD,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,mBAAmB,CAAC;IAC9D,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,IAAI,oBAAoB,CAAC;IAEjE,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IAClE,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAEpD,MAAM,IAAI,GAA2B,EAAE,CAAC;IACxC,MAAM,kBAAkB,GAA2B,EAAE,CAAC;IACtD,MAAM,cAAc,GAAa,EAAE,CAAC;IAEpC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,kBAAkB,CACjC,CAAC,CAAC,MAAM,EACR,QAAQ,EACR,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAClB,MAAM,EACN,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,CACjE,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACpD,SAAS;QACX,CAAC;QACD,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC;QAC7B,kBAAkB,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC;IACrD,CAAC;IAED,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,MAAM,EAAE,SAAS;YACjB,IAAI;YACJ,cAAc;SACf,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,sBAAsB,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;IAC9E,OAAO;QACL,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,MAAM,EAAE,UAAU;QAClB,YAAY;QACZ,IAAI;QACJ,cAAc,EAAE,EAAE;KACnB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAC9B,aAAqB,EACrB,IAA6D,EAC7D,OAAmB,EAAE;IAErB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,IAAI,sBAAsB,CAAC,CAAC,CAAC;IACvG,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,IAAI,sBAAsB,CAAC,CAAC,CAAC;IAE9G,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;IAE/C,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,MAAM,WAAW,GAAmC,EAAE,CAAC;IACvD,KAAK,MAAM,OAAO,IAAI,wBAAwB,EAAE,CAAC;QAC/C,MAAM,KAAK,GAAG,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;QACzD,MAAM,CAAC,GAAG,eAAe,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG;YAChC,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAoB;QACjC,OAAO,EAAE,CAAC;QACV,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,OAAO,EAAE,WAAW;KACrB,CAAC;IACF,8EAA8E;IAC9E,2EAA2E;IAC3E,wDAAwD;IACxD,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,EAAE,CAAC;QACjD,UAAU,CAAC,SAAS,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AAChC,CAAC"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* memory-host-process-migration.ts — idempotent cleanup of the Phase A
|
|
3
|
+
* host-process model's residual state on disk.
|
|
4
|
+
*
|
|
5
|
+
* Phase A spawned `agentmemory` as a host child process and recorded its PID
|
|
6
|
+
* at `~/.olam/memory.pid` + stdout/stderr at `~/.olam/memory-service.log`.
|
|
7
|
+
* Phase B repoints `olam memory start` at the Docker substrate (this skill's
|
|
8
|
+
* `MemoryServiceContainerController`); the legacy pidfile + log become orphan
|
|
9
|
+
* artefacts the moment the new substrate runs.
|
|
10
|
+
*
|
|
11
|
+
* This helper is called from `runMemoryStart` / `runMemoryStop` (B1 / B2) BEFORE
|
|
12
|
+
* the substrate handoff so operators upgrading from the host-process model
|
|
13
|
+
* never have to manually clean up.
|
|
14
|
+
*
|
|
15
|
+
* PID-reuse defence (T2 mitigation). A stale pidfile can record a PID that
|
|
16
|
+
* the OS has since recycled to an unrelated process. SIGTERMing the wrong PID
|
|
17
|
+
* is a foot-gun. Defence:
|
|
18
|
+
* 1. If pidfile is absent → no-op.
|
|
19
|
+
* 2. If recorded PID is dead (kill(0) throws ESRCH) → unlink pidfile only.
|
|
20
|
+
* 3. If recorded PID is alive BUT `ps -p <pid> -o comm=` doesn't return
|
|
21
|
+
* `node` (the legacy host-process was always a node child) → unlink
|
|
22
|
+
* pidfile WITHOUT signalling. Logs a warning so support can diagnose.
|
|
23
|
+
* 4. Only when PID is alive AND comm=node → SIGTERM, wait up to 5s,
|
|
24
|
+
* SIGKILL on timeout, then unlink.
|
|
25
|
+
*
|
|
26
|
+
* Plan reference: docs/plans/memory-service-as-docker-peripheral/phase-b-tasks.md B5
|
|
27
|
+
*/
|
|
28
|
+
export interface MigrationResult {
|
|
29
|
+
/** True if any legacy artefact (pidfile or log) was found + cleaned. */
|
|
30
|
+
readonly cleaned: boolean;
|
|
31
|
+
/** One-line description of what happened (for operator-visible logging). */
|
|
32
|
+
readonly summary: string;
|
|
33
|
+
}
|
|
34
|
+
export interface MigrationOptions {
|
|
35
|
+
/** Remove `memory-service.log` in addition to the pidfile (B2 stop path uses this). */
|
|
36
|
+
removeLog?: boolean;
|
|
37
|
+
/** Override the pidfile path. Defaults to MEMORY_PID_PATH. Used by tests. */
|
|
38
|
+
pidPath?: string;
|
|
39
|
+
/** Override the log path. Defaults to MEMORY_LOG_PATH. Used by tests. */
|
|
40
|
+
logPath?: string;
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Detect + clean up legacy host-process state. Idempotent — safe to call on
|
|
44
|
+
* every `olam memory start` / `olam memory stop` invocation; no-op when no
|
|
45
|
+
* legacy artefacts present.
|
|
46
|
+
*
|
|
47
|
+
* Side effects (only when artefacts present):
|
|
48
|
+
* - Unlink `~/.olam/memory.pid` if it exists.
|
|
49
|
+
* - Send SIGTERM (then SIGKILL on timeout) to the recorded PID iff it's
|
|
50
|
+
* alive AND its comm name is `node` (the legacy spawn shape).
|
|
51
|
+
* - Leave `~/.olam/memory-service.log` in place by default — operators
|
|
52
|
+
* may want to inspect it post-migration. Pass `{ removeLog: true }` to
|
|
53
|
+
* remove it explicitly (B2's stop path uses this).
|
|
54
|
+
*/
|
|
55
|
+
export declare function migrateFromHostProcess(opts?: MigrationOptions): MigrationResult;
|
|
56
|
+
//# sourceMappingURL=memory-host-process-migration.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"memory-host-process-migration.d.ts","sourceRoot":"","sources":["../../src/lib/memory-host-process-migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAMH,MAAM,WAAW,eAAe;IAC9B,wEAAwE;IACxE,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,4EAA4E;IAC5E,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAC/B,uFAAuF;IACvF,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,6EAA6E;IAC7E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yEAAyE;IACzE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,GAAE,gBAAqB,GAAG,eAAe,CAoDnF"}
|
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* memory-host-process-migration.ts — idempotent cleanup of the Phase A
|
|
3
|
+
* host-process model's residual state on disk.
|
|
4
|
+
*
|
|
5
|
+
* Phase A spawned `agentmemory` as a host child process and recorded its PID
|
|
6
|
+
* at `~/.olam/memory.pid` + stdout/stderr at `~/.olam/memory-service.log`.
|
|
7
|
+
* Phase B repoints `olam memory start` at the Docker substrate (this skill's
|
|
8
|
+
* `MemoryServiceContainerController`); the legacy pidfile + log become orphan
|
|
9
|
+
* artefacts the moment the new substrate runs.
|
|
10
|
+
*
|
|
11
|
+
* This helper is called from `runMemoryStart` / `runMemoryStop` (B1 / B2) BEFORE
|
|
12
|
+
* the substrate handoff so operators upgrading from the host-process model
|
|
13
|
+
* never have to manually clean up.
|
|
14
|
+
*
|
|
15
|
+
* PID-reuse defence (T2 mitigation). A stale pidfile can record a PID that
|
|
16
|
+
* the OS has since recycled to an unrelated process. SIGTERMing the wrong PID
|
|
17
|
+
* is a foot-gun. Defence:
|
|
18
|
+
* 1. If pidfile is absent → no-op.
|
|
19
|
+
* 2. If recorded PID is dead (kill(0) throws ESRCH) → unlink pidfile only.
|
|
20
|
+
* 3. If recorded PID is alive BUT `ps -p <pid> -o comm=` doesn't return
|
|
21
|
+
* `node` (the legacy host-process was always a node child) → unlink
|
|
22
|
+
* pidfile WITHOUT signalling. Logs a warning so support can diagnose.
|
|
23
|
+
* 4. Only when PID is alive AND comm=node → SIGTERM, wait up to 5s,
|
|
24
|
+
* SIGKILL on timeout, then unlink.
|
|
25
|
+
*
|
|
26
|
+
* Plan reference: docs/plans/memory-service-as-docker-peripheral/phase-b-tasks.md B5
|
|
27
|
+
*/
|
|
28
|
+
import { existsSync, readFileSync, unlinkSync } from 'node:fs';
|
|
29
|
+
import { spawnSync } from 'node:child_process';
|
|
30
|
+
import { MEMORY_PID_PATH, MEMORY_LOG_PATH } from '../commands/memory/_paths.js';
|
|
31
|
+
const KILL_TIMEOUT_MS = 5_000;
|
|
32
|
+
/**
|
|
33
|
+
* Detect + clean up legacy host-process state. Idempotent — safe to call on
|
|
34
|
+
* every `olam memory start` / `olam memory stop` invocation; no-op when no
|
|
35
|
+
* legacy artefacts present.
|
|
36
|
+
*
|
|
37
|
+
* Side effects (only when artefacts present):
|
|
38
|
+
* - Unlink `~/.olam/memory.pid` if it exists.
|
|
39
|
+
* - Send SIGTERM (then SIGKILL on timeout) to the recorded PID iff it's
|
|
40
|
+
* alive AND its comm name is `node` (the legacy spawn shape).
|
|
41
|
+
* - Leave `~/.olam/memory-service.log` in place by default — operators
|
|
42
|
+
* may want to inspect it post-migration. Pass `{ removeLog: true }` to
|
|
43
|
+
* remove it explicitly (B2's stop path uses this).
|
|
44
|
+
*/
|
|
45
|
+
export function migrateFromHostProcess(opts = {}) {
|
|
46
|
+
const pidPath = opts.pidPath ?? MEMORY_PID_PATH;
|
|
47
|
+
const logPath = opts.logPath ?? MEMORY_LOG_PATH;
|
|
48
|
+
const pidfileExists = existsSync(pidPath);
|
|
49
|
+
const logExists = existsSync(logPath);
|
|
50
|
+
if (!pidfileExists && !logExists) {
|
|
51
|
+
return { cleaned: false, summary: 'no legacy host-process state to clean' };
|
|
52
|
+
}
|
|
53
|
+
const events = [];
|
|
54
|
+
if (pidfileExists) {
|
|
55
|
+
const pid = readPidFromFile(pidPath);
|
|
56
|
+
if (pid === null) {
|
|
57
|
+
// Pidfile exists but is unparseable — just unlink.
|
|
58
|
+
unlinkSync(pidPath);
|
|
59
|
+
events.push('unlinked unparseable ~/.olam/memory.pid');
|
|
60
|
+
}
|
|
61
|
+
else if (!isProcessAlive(pid)) {
|
|
62
|
+
// Recorded PID is dead — clean unlink with no signalling.
|
|
63
|
+
unlinkSync(pidPath);
|
|
64
|
+
events.push(`unlinked stale ~/.olam/memory.pid (pid ${pid} not alive)`);
|
|
65
|
+
}
|
|
66
|
+
else {
|
|
67
|
+
// PID is alive — check comm name before signalling.
|
|
68
|
+
const comm = processCommName(pid);
|
|
69
|
+
if (comm !== 'node') {
|
|
70
|
+
// PID-reuse case: alive but not our process. Unlink WITHOUT signalling.
|
|
71
|
+
unlinkSync(pidPath);
|
|
72
|
+
events.push(`unlinked ~/.olam/memory.pid without signal (pid ${pid} comm=${comm ?? 'unknown'}, not node — assumed PID-reuse, defensive skip)`);
|
|
73
|
+
}
|
|
74
|
+
else {
|
|
75
|
+
// Our process — terminate gracefully.
|
|
76
|
+
const terminated = terminateProcess(pid);
|
|
77
|
+
unlinkSync(pidPath);
|
|
78
|
+
events.push(terminated
|
|
79
|
+
? `terminated legacy host-process pid ${pid} (SIGTERM) + unlinked pidfile`
|
|
80
|
+
: `terminated legacy host-process pid ${pid} (SIGKILL after timeout) + unlinked pidfile`);
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
if (logExists && opts.removeLog) {
|
|
85
|
+
unlinkSync(logPath);
|
|
86
|
+
events.push('removed legacy ~/.olam/memory-service.log');
|
|
87
|
+
}
|
|
88
|
+
else if (logExists) {
|
|
89
|
+
events.push('left ~/.olam/memory-service.log in place (inspectable; pass {removeLog:true} to remove)');
|
|
90
|
+
}
|
|
91
|
+
return { cleaned: true, summary: events.join('; ') };
|
|
92
|
+
}
|
|
93
|
+
function readPidFromFile(pidPath) {
|
|
94
|
+
try {
|
|
95
|
+
const raw = readFileSync(pidPath, 'utf8').trim();
|
|
96
|
+
const pid = parseInt(raw, 10);
|
|
97
|
+
if (!Number.isFinite(pid) || pid <= 0)
|
|
98
|
+
return null;
|
|
99
|
+
return pid;
|
|
100
|
+
}
|
|
101
|
+
catch {
|
|
102
|
+
return null;
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
function isProcessAlive(pid) {
|
|
106
|
+
try {
|
|
107
|
+
// signal 0 doesn't deliver; just tests existence + permission
|
|
108
|
+
process.kill(pid, 0);
|
|
109
|
+
return true;
|
|
110
|
+
}
|
|
111
|
+
catch {
|
|
112
|
+
return false;
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* Read the comm name of a process via `ps -p <pid> -o comm=`. Returns null
|
|
117
|
+
* on any error (process gone, ps not available, etc.) — the caller treats
|
|
118
|
+
* null as "don't signal," which is the safe default.
|
|
119
|
+
*/
|
|
120
|
+
function processCommName(pid) {
|
|
121
|
+
const r = spawnSync('ps', ['-p', String(pid), '-o', 'comm='], { encoding: 'utf-8' });
|
|
122
|
+
if (r.status !== 0)
|
|
123
|
+
return null;
|
|
124
|
+
const comm = r.stdout.trim();
|
|
125
|
+
// `ps` may return a full path (e.g. `/usr/local/bin/node`); take basename.
|
|
126
|
+
return comm.split('/').pop() ?? null;
|
|
127
|
+
}
|
|
128
|
+
/**
|
|
129
|
+
* SIGTERM the PID; wait up to 5s for it to exit; SIGKILL on timeout.
|
|
130
|
+
* Returns true if SIGTERM was sufficient, false if SIGKILL was needed.
|
|
131
|
+
*/
|
|
132
|
+
function terminateProcess(pid) {
|
|
133
|
+
try {
|
|
134
|
+
process.kill(pid, 'SIGTERM');
|
|
135
|
+
}
|
|
136
|
+
catch {
|
|
137
|
+
// Already dead between the comm-check and now; nothing to do.
|
|
138
|
+
return true;
|
|
139
|
+
}
|
|
140
|
+
const deadline = Date.now() + KILL_TIMEOUT_MS;
|
|
141
|
+
while (Date.now() < deadline) {
|
|
142
|
+
if (!isProcessAlive(pid))
|
|
143
|
+
return true;
|
|
144
|
+
// Busy-spin sleep — node:fs is synchronous; no async helper here.
|
|
145
|
+
spawnSync('sleep', ['0.1']);
|
|
146
|
+
}
|
|
147
|
+
// Still alive after timeout — escalate.
|
|
148
|
+
try {
|
|
149
|
+
process.kill(pid, 'SIGKILL');
|
|
150
|
+
}
|
|
151
|
+
catch {
|
|
152
|
+
// race: died between probe and SIGKILL
|
|
153
|
+
}
|
|
154
|
+
return false;
|
|
155
|
+
}
|
|
156
|
+
//# sourceMappingURL=memory-host-process-migration.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"memory-host-process-migration.js","sourceRoot":"","sources":["../../src/lib/memory-host-process-migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAkBhF,MAAM,eAAe,GAAG,KAAK,CAAC;AAE9B;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAyB,EAAE;IAChE,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAC;IAChD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAC;IAChD,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IAEtC,IAAI,CAAC,aAAa,IAAI,CAAC,SAAS,EAAE,CAAC;QACjC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IAC9E,CAAC;IAED,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,mDAAmD;YACnD,UAAU,CAAC,OAAO,CAAC,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;QACzD,CAAC;aAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,0DAA0D;YAC1D,UAAU,CAAC,OAAO,CAAC,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,0CAA0C,GAAG,aAAa,CAAC,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,oDAAoD;YACpD,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;gBACpB,wEAAwE;gBACxE,UAAU,CAAC,OAAO,CAAC,CAAC;gBACpB,MAAM,CAAC,IAAI,CACT,mDAAmD,GAAG,SAAS,IAAI,IAAI,SAAS,iDAAiD,CAClI,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,sCAAsC;gBACtC,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;gBACzC,UAAU,CAAC,OAAO,CAAC,CAAC;gBACpB,MAAM,CAAC,IAAI,CACT,UAAU;oBACR,CAAC,CAAC,sCAAsC,GAAG,+BAA+B;oBAC1E,CAAC,CAAC,sCAAsC,GAAG,6CAA6C,CAC3F,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,SAAS,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,UAAU,CAAC,OAAO,CAAC,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;SAAM,IAAI,SAAS,EAAE,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,yFAAyF,CAAC,CAAC;IACzG,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AACvD,CAAC;AAED,SAAS,eAAe,CAAC,OAAe;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,8DAA8D;QAC9D,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IACrF,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAChC,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC7B,2EAA2E;IAC3E,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,GAAW;IACnC,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,8DAA8D;QAC9D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;IAC9C,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACtC,kEAAkE;QAClE,SAAS,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,wCAAwC;IACxC,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,uCAAuC;IACzC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -23,7 +23,12 @@
|
|
|
23
23
|
* D27 — audit log entry (phase2.flag_removed) emitted per upgrade run
|
|
24
24
|
*
|
|
25
25
|
* Step order (Phase D — kubernetes substrate, Phase 2 GA):
|
|
26
|
+
* 0.5 D4 k3d node docker socket bind-mount preflight (Decision #11 backward-compat surface)
|
|
26
27
|
* 0 probeKubernetesApiReachable — 5s timeout kubectl cluster-info
|
|
28
|
+
* 0.5b B4 ensureK8sBootstrap (namespace + RBAC + ConfigMap + PVC + secrets)
|
|
29
|
+
* 0.6 R3-C create/update ghcr-pull imagePullSecret in olam namespace (when GH_TOKEN available)
|
|
30
|
+
* NOTE: relocated from pre-step 0.4 to post-bootstrap (R4-W2-A) — the
|
|
31
|
+
* `olam` namespace must exist before kubectl can create the secret.
|
|
27
32
|
* 1 D10 context-allowlist + OLAM_K8S_CONTEXT_ACK strict-equality byte-for-byte
|
|
28
33
|
* 2 D12 Secret pre-check (olam-host-cp-secret; base64-decode; key-name check)
|
|
29
34
|
* 2.6 C2 per-peripheral Secret pre-check (iterates PERIPHERALS; unconditional — D5)
|
|
@@ -112,6 +117,23 @@ export interface UpgradeKubernetesDeps {
|
|
|
112
117
|
readonly k8sBootstrapImpl?: typeof ensureK8sBootstrap;
|
|
113
118
|
/** B4: pass-through deps for `ensureK8sBootstrap`. */
|
|
114
119
|
readonly k8sBootstrapDeps?: K8sBootstrapDeps;
|
|
120
|
+
/**
|
|
121
|
+
* B3/step 0.4: override the GH token value for tests.
|
|
122
|
+
* When `ghTokenOverrideActive` is true AND `ghTokenOverride` is undefined,
|
|
123
|
+
* the step treats GH_TOKEN as absent (skipped path). When `ghTokenOverride`
|
|
124
|
+
* is a string, that string is used as the token regardless of env/config.
|
|
125
|
+
* When `ghTokenOverrideActive` is falsy (default), real env/config is used.
|
|
126
|
+
*/
|
|
127
|
+
readonly ghTokenOverride?: string;
|
|
128
|
+
readonly ghTokenOverrideActive?: boolean;
|
|
129
|
+
/**
|
|
130
|
+
* Phase D D4: override for k3d node mount detection (step 0.5 preflight).
|
|
131
|
+
* Returns 'new-form' when /host-colima/ bind is present (correct),
|
|
132
|
+
* 'old-form' when /var/run/docker.sock direct file-bind is present (broken on colima),
|
|
133
|
+
* or 'none' when neither is detectable (non-k3d or bare k3s cluster — warn only).
|
|
134
|
+
* Tests inject a mock to avoid real `docker inspect` invocations.
|
|
135
|
+
*/
|
|
136
|
+
readonly checkK3dNodeMountsImpl?: () => Promise<'new-form' | 'old-form' | 'none'>;
|
|
115
137
|
}
|
|
116
138
|
export interface UpgradeKubernetesOpts {
|
|
117
139
|
readonly forceRefreshManifests?: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"upgrade-kubernetes.d.ts","sourceRoot":"","sources":["../../src/lib/upgrade-kubernetes.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"upgrade-kubernetes.d.ts","sourceRoot":"","sources":["../../src/lib/upgrade-kubernetes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAQ9B,OAAO,EAAE,WAAW,EAAwB,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,wBAAwB,EAAE,KAAK,eAAe,EAAE,KAAK,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AACrK,OAAO,EAAE,mBAAmB,EAAE,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,uBAAuB,EAA4B,KAAK,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAItI,OAAO,EAAE,kBAAkB,EAAE,KAAK,aAAa,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEhG,eAAO,MAAM,sBAAsB,QAA2C,CAAC;AAC/E,eAAO,MAAM,aAAa,SAAS,CAAC;AACpC,eAAO,MAAM,mBAAmB,wBAAwB,CAAC;AACzD,eAAO,MAAM,uBAAuB,iBAAiB,CAAC;AACtD,eAAO,MAAM,mBAAmB,yBAAyB,CAAC;AAC1D,eAAO,MAAM,kBAAkB,kCAAkC,CAAC;AAElE,oDAAoD;AACpD,eAAO,MAAM,mBAAmB,QAAqD,CAAC;AAkJtF,MAAM,WAAW,qBAAqB;IACpC,uCAAuC;IACvC,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,WAAW,CAAC;IAC9C,2CAA2C;IAC3C,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,gBAAgB,CAAC;IACxD,yDAAyD;IACzD,QAAQ,CAAC,kCAAkC,CAAC,EAAE,OAAO,8BAA8B,CAAC;IACpF,mDAAmD;IACnD,QAAQ,CAAC,4BAA4B,CAAC,EAAE,OAAO,wBAAwB,CAAC;IACxE,wDAAwD;IACxD,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC5E,8CAA8C;IAC9C,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,mBAAmB,CAAC;IAC/C,2CAA2C;IAC3C,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,kBAAkB,CAAC;IACzD,2CAA2C;IAC3C,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,uBAAuB,CAAC;IAC5D,sFAAsF;IACtF,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IAC/C,6CAA6C;IAC7C,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,yEAAyE;IACzE,QAAQ,CAAC,eAAe,CAAC,EAAE,eAAe,CAAC;IAC3C,iGAAiG;IACjG,QAAQ,CAAC,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;IAC/D,oCAAoC;IACpC,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAC7B,iCAAiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IACxC,iCAAiC;IACjC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IACxC,oEAAoE;IACpE,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,EAAE,CAAC,YAAY,CAAC;IACnD,yDAAyD;IACzD,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,MAAM,CAAC;IAChC;;;;OAIG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAChE;;;;OAIG;IACH,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACvE;;;OAGG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,kBAAkB,CAAC;IACtD,sDAAsD;IACtD,QAAQ,CAAC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAC7C;;;;;;OAMG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACzC;;;;;;OAMG;IACH,QAAQ,CAAC,sBAAsB,CAAC,EAAE,MAAM,OAAO,CAAC,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC,CAAC;CACnF;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACzC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAC5C,wFAAwF;IACxF,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC;IACjC;;;;;;OAMG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;CACpC;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAkdD;;;;GAIG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,GAAE,qBAA0B,EAChC,IAAI,GAAE,qBAA0B,GAC/B,OAAO,CAAC,uBAAuB,CAAC,CAqalC"}
|
|
@@ -23,7 +23,12 @@
|
|
|
23
23
|
* D27 — audit log entry (phase2.flag_removed) emitted per upgrade run
|
|
24
24
|
*
|
|
25
25
|
* Step order (Phase D — kubernetes substrate, Phase 2 GA):
|
|
26
|
+
* 0.5 D4 k3d node docker socket bind-mount preflight (Decision #11 backward-compat surface)
|
|
26
27
|
* 0 probeKubernetesApiReachable — 5s timeout kubectl cluster-info
|
|
28
|
+
* 0.5b B4 ensureK8sBootstrap (namespace + RBAC + ConfigMap + PVC + secrets)
|
|
29
|
+
* 0.6 R3-C create/update ghcr-pull imagePullSecret in olam namespace (when GH_TOKEN available)
|
|
30
|
+
* NOTE: relocated from pre-step 0.4 to post-bootstrap (R4-W2-A) — the
|
|
31
|
+
* `olam` namespace must exist before kubectl can create the secret.
|
|
27
32
|
* 1 D10 context-allowlist + OLAM_K8S_CONTEXT_ACK strict-equality byte-for-byte
|
|
28
33
|
* 2 D12 Secret pre-check (olam-host-cp-secret; base64-decode; key-name check)
|
|
29
34
|
* 2.6 C2 per-peripheral Secret pre-check (iterates PERIPHERALS; unconditional — D5)
|
|
@@ -82,10 +87,20 @@ const PERIPHERAL_SECRETS = [
|
|
|
82
87
|
const K8S_DNS_SUFFIX = 'olam.svc.cluster.local';
|
|
83
88
|
/**
|
|
84
89
|
* Build the K8s in-cluster DNS URL for a peripheral service.
|
|
85
|
-
* Form: http
|
|
90
|
+
* Form: http://olam-<k8sServiceName>.olam.svc.cluster.local:<port>
|
|
91
|
+
*
|
|
92
|
+
* All olam peripheral k8s Services are named `olam-<short-name>` in the
|
|
93
|
+
* manifests (e.g. `olam-auth-service` not `auth-service`). The PERIPHERALS
|
|
94
|
+
* registry stores the short name in `k8sServiceName` for use by port-forward
|
|
95
|
+
* (which already works). Here we always prepend `olam-` because the DNS
|
|
96
|
+
* hostname MUST match the Service metadata.name in 60-service.yaml.
|
|
97
|
+
*
|
|
98
|
+
* C3 (R3-F): fix — previous form `http://auth-service.olam.svc.cluster.local`
|
|
99
|
+
* resolved to nothing; correct form is `http://olam-auth-service.olam.svc.cluster.local`.
|
|
86
100
|
*/
|
|
87
101
|
function buildK8sDnsUrl(k8sServiceName, port) {
|
|
88
|
-
|
|
102
|
+
const prefixed = k8sServiceName.startsWith('olam-') ? k8sServiceName : `olam-${k8sServiceName}`;
|
|
103
|
+
return `http://${prefixed}.${K8S_DNS_SUFFIX}:${port}`;
|
|
89
104
|
}
|
|
90
105
|
/**
|
|
91
106
|
* Append a JSONL audit entry to the substrate audit log (D18).
|
|
@@ -394,6 +409,140 @@ async function verifyHealthHeader(deps) {
|
|
|
394
409
|
return { ok: false, engineHeader: null };
|
|
395
410
|
}
|
|
396
411
|
}
|
|
412
|
+
/**
|
|
413
|
+
* Step 0.4 — R3-C: create/update ghcr-pull imagePullSecret (Decision R3-#3).
|
|
414
|
+
*
|
|
415
|
+
* Creates a kubernetes.io/dockerconfigjson Secret named `ghcr-pull` in the
|
|
416
|
+
* `olam` namespace so all 5 Deployment specs (host-cp + 4 peripherals) can
|
|
417
|
+
* pull private images from ghcr.io/pleri/* without anonymous rate limits.
|
|
418
|
+
*
|
|
419
|
+
* Token resolution order:
|
|
420
|
+
* 1. deps.ghTokenOverride (test injection — ghTokenOverrideActive must be true)
|
|
421
|
+
* 2. host.gh_token in ~/.olam/config.json (operator config, not yet wired here —
|
|
422
|
+
* future: read via resolveKubectlContext deps; skipped for Phase B scope)
|
|
423
|
+
* 3. GH_TOKEN environment variable
|
|
424
|
+
*
|
|
425
|
+
* Returns { skipped: true } when no token is available (not a hard failure —
|
|
426
|
+
* operators without a GH token fall back to anonymous pulls which may rate-limit).
|
|
427
|
+
*
|
|
428
|
+
* Idempotent: `kubectl apply -f -` (stdin) is a no-op when the Secret already
|
|
429
|
+
* exists with the same content (kubectl reports "configured" or "unchanged").
|
|
430
|
+
*/
|
|
431
|
+
async function createGhcrPullSecret(context, deps, stderr) {
|
|
432
|
+
// Resolve GH token from override (test injection) or environment.
|
|
433
|
+
let ghToken;
|
|
434
|
+
if (deps.ghTokenOverrideActive === true) {
|
|
435
|
+
ghToken = deps.ghTokenOverride;
|
|
436
|
+
}
|
|
437
|
+
else {
|
|
438
|
+
ghToken = process.env['GH_TOKEN'];
|
|
439
|
+
}
|
|
440
|
+
if (!ghToken) {
|
|
441
|
+
stderr.write(`${pc.yellow('[warn]')} GH_TOKEN not found — skipping ghcr-pull Secret creation.\n` +
|
|
442
|
+
` Image pulls from ghcr.io/pleri/* will use anonymous access (may rate-limit).\n` +
|
|
443
|
+
` Set GH_TOKEN env var or add host.gh_token to ~/.olam/config.json to enable.\n`);
|
|
444
|
+
return { skipped: true, reason: 'no GH_TOKEN in env or config' };
|
|
445
|
+
}
|
|
446
|
+
const dockerConfigJson = JSON.stringify({
|
|
447
|
+
auths: {
|
|
448
|
+
'ghcr.io': {
|
|
449
|
+
auth: Buffer.from(`pleri:${ghToken}`).toString('base64'),
|
|
450
|
+
},
|
|
451
|
+
},
|
|
452
|
+
});
|
|
453
|
+
const secretManifest = {
|
|
454
|
+
apiVersion: 'v1',
|
|
455
|
+
kind: 'Secret',
|
|
456
|
+
type: 'kubernetes.io/dockerconfigjson',
|
|
457
|
+
metadata: { name: 'ghcr-pull', namespace: K8S_NAMESPACE },
|
|
458
|
+
data: {
|
|
459
|
+
'.dockerconfigjson': Buffer.from(dockerConfigJson).toString('base64'),
|
|
460
|
+
},
|
|
461
|
+
};
|
|
462
|
+
const secretYaml = JSON.stringify(secretManifest); // kubectl apply accepts JSON as YAML
|
|
463
|
+
const wrap = deps.kubectlWrapImpl ?? kubectlWrap;
|
|
464
|
+
const result = await wrap(['--context', context, 'apply', '-f', '-'], { timeout: 30_000, stdin: secretYaml });
|
|
465
|
+
if (!result.ok) {
|
|
466
|
+
return { skipped: false, reason: `kubectl apply ghcr-pull failed: ${result.stderr.split('\n')[0] ?? ''}` };
|
|
467
|
+
}
|
|
468
|
+
return { skipped: false };
|
|
469
|
+
}
|
|
470
|
+
/** k3d node container name olam uses by convention. */
|
|
471
|
+
const K3D_NODE_CONTAINER = 'k3d-olam-host-server-0';
|
|
472
|
+
/**
|
|
473
|
+
* Default implementation: run `docker inspect k3d-olam-host-server-0` and
|
|
474
|
+
* scan the Mounts array to determine which bind form is in use.
|
|
475
|
+
*
|
|
476
|
+
* Returns:
|
|
477
|
+
* 'new-form' — /host-colima/ bind present (correct form per Phase B B1)
|
|
478
|
+
* 'old-form' — /var/run/docker.sock direct file-bind present (broken on colima, R3-A)
|
|
479
|
+
* 'none' — container not found or neither bind detectable (non-k3d / bare k3s)
|
|
480
|
+
*/
|
|
481
|
+
async function defaultCheckK3dNodeMounts() {
|
|
482
|
+
const { execFile } = await import('node:child_process');
|
|
483
|
+
const { promisify } = await import('node:util');
|
|
484
|
+
const execFileAsync = promisify(execFile);
|
|
485
|
+
try {
|
|
486
|
+
const { stdout } = await execFileAsync('docker', ['inspect', K3D_NODE_CONTAINER, '--format', '{{json .HostConfig.Binds}}'], { timeout: 8_000 });
|
|
487
|
+
const binds = JSON.parse(stdout.trim());
|
|
488
|
+
if (!Array.isArray(binds))
|
|
489
|
+
return 'none';
|
|
490
|
+
// New form: bind contains /host-colima/ (directory bind from Phase B B1).
|
|
491
|
+
if (binds.some((b) => b.includes('/host-colima/')))
|
|
492
|
+
return 'new-form';
|
|
493
|
+
// Old form: bind contains /var/run/docker.sock as a file source (R3-A broken form).
|
|
494
|
+
if (binds.some((b) => b.startsWith('/var/run/docker.sock:')))
|
|
495
|
+
return 'old-form';
|
|
496
|
+
return 'none';
|
|
497
|
+
}
|
|
498
|
+
catch {
|
|
499
|
+
// Container not found, docker unavailable, or JSON parse error — treat as non-k3d.
|
|
500
|
+
return 'none';
|
|
501
|
+
}
|
|
502
|
+
}
|
|
503
|
+
/**
|
|
504
|
+
* Step 0.5 — Phase D D4: k3d node docker socket bind-mount preflight (Decision #11).
|
|
505
|
+
*
|
|
506
|
+
* Detects whether the k3d-olam-host cluster was created with the correct
|
|
507
|
+
* `--volume "$HOME/.colima/default/:/host-colima/@server:*"` bind (new form,
|
|
508
|
+
* Phase B B1) or the old `--volume /var/run/docker.sock:/var/run/docker.sock`
|
|
509
|
+
* direct file-bind (broken on colima, R3-A).
|
|
510
|
+
*
|
|
511
|
+
* - 'new-form' → proceed (correct)
|
|
512
|
+
* - 'old-form' → hard error with actionable Decision #11 recreate command
|
|
513
|
+
* - 'none' → WARN only (non-k3d or bare k3s without socket bind; may work)
|
|
514
|
+
*
|
|
515
|
+
* Runs ONLY on kubernetes substrate. The check is host-side (`docker inspect`)
|
|
516
|
+
* so it can fire BEFORE any kubectl apply (pre-step 0b runs AFTER cluster is
|
|
517
|
+
* deployed; this runs BEFORE step 0 so fresh-install operators catch the
|
|
518
|
+
* broken bind before wasting a full upgrade attempt).
|
|
519
|
+
*
|
|
520
|
+
* Returns null on pass/warn (upgrade should continue);
|
|
521
|
+
* returns error message string on hard failure (upgrade should abort).
|
|
522
|
+
*/
|
|
523
|
+
async function preflightK3dNodeMounts(deps, stderr) {
|
|
524
|
+
const check = deps.checkK3dNodeMountsImpl ?? defaultCheckK3dNodeMounts;
|
|
525
|
+
const form = await check();
|
|
526
|
+
if (form === 'new-form') {
|
|
527
|
+
// Correct bind — proceed silently.
|
|
528
|
+
return null;
|
|
529
|
+
}
|
|
530
|
+
if (form === 'old-form') {
|
|
531
|
+
// Decision #11 backward-compat error: operator must recreate the cluster.
|
|
532
|
+
return (`Your k3d cluster was created with the old --volume form which fails on colima.\n` +
|
|
533
|
+
` Recreate the cluster with:\n` +
|
|
534
|
+
` k3d cluster delete olam-host\n` +
|
|
535
|
+
` k3d cluster create olam-host --volume "$HOME/.colima/default/:/host-colima/@server:*"\n` +
|
|
536
|
+
` Then re-run olam upgrade.`);
|
|
537
|
+
}
|
|
538
|
+
// 'none': k3d node container not found or non-k3d cluster (bare k3s, minikube, etc.).
|
|
539
|
+
// Emit WARN only — we cannot detect the bind on non-k3d setups, so do not block.
|
|
540
|
+
stderr.write(`${pc.yellow('[warn]')} step 0.5: k3d node container "${K3D_NODE_CONTAINER}" not found or bind form undetectable.\n` +
|
|
541
|
+
` This is expected on non-k3d clusters (bare k3s, minikube). Continuing.\n` +
|
|
542
|
+
` On colima+k3d: ensure the cluster was created with:\n` +
|
|
543
|
+
` k3d cluster create olam-host --volume "$HOME/.colima/default/:/host-colima/@server:*"\n`);
|
|
544
|
+
return null;
|
|
545
|
+
}
|
|
397
546
|
/**
|
|
398
547
|
* Main entrypoint for the kubernetes upgrade path.
|
|
399
548
|
*
|
|
@@ -420,6 +569,25 @@ export async function runUpgradeKubernetes(opts = {}, deps = {}) {
|
|
|
420
569
|
}
|
|
421
570
|
// skipped: dir exists or bundle absent (dev context) — no output, continue.
|
|
422
571
|
}
|
|
572
|
+
// ── Step 0.4: R3-C — create/update ghcr-pull imagePullSecret ────────
|
|
573
|
+
// RELOCATED (R4-W2-A): this step previously ran before ensureK8sBootstrap,
|
|
574
|
+
// but the `olam` namespace doesn't exist yet on a fresh cluster — `kubectl
|
|
575
|
+
// apply` failed with `namespaces "olam" not found` and `(continuing)`
|
|
576
|
+
// silently dropped the secret. Subsequent host-cp rollouts then 401'd on
|
|
577
|
+
// image pull. Step 0.4 now runs AFTER Step 0.5 (B4 bootstrap creates the
|
|
578
|
+
// namespace + RBAC) — see below.
|
|
579
|
+
// ── Step 0.5: D4 — k3d node docker socket bind-mount preflight (Decision #11) ──
|
|
580
|
+
// Runs BEFORE API reachability (step 0) so operators on a mis-configured k3d
|
|
581
|
+
// cluster get an actionable error before wasting a full upgrade attempt.
|
|
582
|
+
// Only meaningful on k3d clusters where the node container is named
|
|
583
|
+
// k3d-olam-host-server-0. Non-k3d clusters emit WARN and proceed.
|
|
584
|
+
{
|
|
585
|
+
const step05Error = await preflightK3dNodeMounts(deps, stderr);
|
|
586
|
+
if (step05Error !== null) {
|
|
587
|
+
stderr.write(`${pc.red('error:')} ${step05Error}\n`);
|
|
588
|
+
return { exitCode: 1, summary: 'k3d node bind-mount preflight failed (Decision #11)' };
|
|
589
|
+
}
|
|
590
|
+
}
|
|
423
591
|
// ── Pre-step 0a-prelude: B3 — resolve kubectl context ONCE (config + env) ──
|
|
424
592
|
// The context is needed by ALL kubectl-invoking pre-steps and steps below.
|
|
425
593
|
// Resolution policy lives in `kubectl-context.ts` (single source of truth):
|
|
@@ -521,6 +689,31 @@ export async function runUpgradeKubernetes(opts = {}, deps = {}) {
|
|
|
521
689
|
const note = skippedCount > 0 ? ` (${skippedCount} skipped — see warnings above)` : '';
|
|
522
690
|
step05Spinner.succeed(`k8s bootstrap: ${appliedCount} applied${note}`);
|
|
523
691
|
}
|
|
692
|
+
// ── Step 0.6: R3-C — create/update ghcr-pull imagePullSecret ────────
|
|
693
|
+
// Relocated from before Step 0.5 (see R4-W2-A retest finding). Must run
|
|
694
|
+
// AFTER ensureK8sBootstrap because the secret is namespaced to `olam` and
|
|
695
|
+
// ensureK8sBootstrap is what creates that namespace on a fresh cluster.
|
|
696
|
+
//
|
|
697
|
+
// Failure mode is still soft-warn rather than abort: rollouts that depend
|
|
698
|
+
// on the secret (private GHCR image pulls) surface their own clear 401
|
|
699
|
+
// ImagePullBackOff downstream, which is preferable to blocking operators
|
|
700
|
+
// who don't have GH_TOKEN configured but also aren't pulling private
|
|
701
|
+
// images (e.g. local dev with mirrored public copies).
|
|
702
|
+
{
|
|
703
|
+
const step06Spinner = ora('Creating ghcr-pull imagePullSecret (R3-C)').start();
|
|
704
|
+
const pullSecretResult = await createGhcrPullSecret(pinnedContext, deps, stderr);
|
|
705
|
+
if (pullSecretResult.skipped) {
|
|
706
|
+
step06Spinner.warn(`ghcr-pull Secret skipped: ${pullSecretResult.reason ?? 'no token'}`);
|
|
707
|
+
}
|
|
708
|
+
else if (pullSecretResult.reason) {
|
|
709
|
+
const warnMsg = `ghcr-pull Secret apply failed (continuing): ${pullSecretResult.reason}`;
|
|
710
|
+
step06Spinner.warn(warnMsg);
|
|
711
|
+
stderr.write(`${pc.yellow('[warn]')} ${warnMsg}\n`);
|
|
712
|
+
}
|
|
713
|
+
else {
|
|
714
|
+
step06Spinner.succeed('ghcr-pull imagePullSecret created/updated');
|
|
715
|
+
}
|
|
716
|
+
}
|
|
524
717
|
// ── Step 1: D10 — context-allowlist validation ───────────────────
|
|
525
718
|
// The context was already resolved (config-first, env-fallback) before
|
|
526
719
|
// pre-step 0a. Step 1 keeps the D10 allowlist gate + the audit WARN so
|