@rubytech/create-realagent 1.0.630 → 1.0.632

package/dist/index.js

@@ -384,7 +384,10 @@ function installClaudeCode() {
     let needsInstall = true;
     if (commandExists("claude")) {
         try {
-            const installed = execFileSync("claude", ["--version"], { encoding: "utf-8", timeout: 10_000 }).trim();
+            // `claude --version` prints "2.1.114 (Claude Code)" — extract the semver so
+            // the equality check against `npm view` (which returns bare "2.1.114") works.
+            const rawVersion = execFileSync("claude", ["--version"], { encoding: "utf-8", timeout: 10_000 }).trim();
+            const installed = rawVersion.match(/^(\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?)/)?.[1] ?? rawVersion;
             let latest = null;
             try {
                 latest = execFileSync("npm", ["view", "@anthropic-ai/claude-code", "version"], { encoding: "utf-8", timeout: 30_000 }).trim();
@@ -408,9 +411,19 @@ function installClaudeCode() {
         log("3", TOTAL, "Installing Claude Code...");
     }
     if (needsInstall) {
-        console.log("  This may take 15–30 minutes on Raspberry Pi...");
-        shellRetry("npm", ["install", "-g", ...NPM_NET_FLAGS, "--loglevel", "verbose", "@anthropic-ai/claude-code@latest"], { sudo: true, timeout: 2_400_000 }, // 40 min — Pi downloads can take 25+ min
-        3, 30);
+        // `npm install -g` needs write access to the global prefix, which on Linux is
+        // root-owned by default — so we run it under sudo. When sudo requires a password
+        // and the installer is running non-interactively (e.g. systemd-run --scope on
+        // upgrade), sudo fails instantly. Skip the upgrade in that case; the running
+        // installation is assumed adequate. Matches the apt-get skip in step 1.
+        if (isLinux() && !canSudo()) {
+            console.log("  Skipping Claude Code upgrade (sudo unavailable non-interactively — keeping installed version)");
+        }
+        else {
+            console.log("  This may take 15–30 minutes on Raspberry Pi...");
+            shellRetry("npm", ["install", "-g", ...NPM_NET_FLAGS, "--loglevel", "verbose", "@anthropic-ai/claude-code@latest"], { sudo: true, timeout: 2_400_000 }, // 40 min — Pi downloads can take 25+ min
+            3, 30);
+        }
     }
     console.log("  Registering claude-plugins-official marketplace...");
     const marketplaceList = spawnSync("claude", ["plugin", "marketplace", "list"], { stdio: "pipe", encoding: "utf-8" });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-realagent",
-  "version": "1.0.630",
+  "version": "1.0.632",
   "description": "Install Real Agent — Built for agents. By agents.",
   "bin": {
     "create-realagent": "./dist/index.js"

package/payload/platform/plugins/cloudflare/references/manual-setup.md

@@ -298,13 +298,24 @@ Prints the UUID from Step 3. If it prints empty or null, the heredoc's env expan
 
 You do **not** run `cloudflared` manually. The brand's existing user-space systemd unit (`~/.config/systemd/user/${BRAND}.service`) declares `ExecStartPre=/home/<user>/${BRAND}/platform/scripts/resume-tunnel.sh`, and that pre-start script reads `${CFG_DIR}/tunnel.state` and `${CFG_DIR}/config.yml` (the files Steps 5 and 5b just wrote) and spawns the connector in the user's cgroup. Restarting the brand service is what picks up the new config.
 
-> **Note:** When walking through by hand you run this step yourself. The automation script `platform/plugins/cloudflare/scripts/setup-tunnel.sh` runs it for you — the script is autonomous and completes the deployment, including the service restart and post-restart verification (ps-grep for the connector + curl each subdomain). If you used the script, this step is already done.
+> **Note:** When walking through by hand you run this step yourself. The automation script `platform/plugins/cloudflare/scripts/setup-tunnel.sh` runs it for you — with a critical twist documented below. If you used the script, this step is already done and the service will restart a few seconds after the script exits.
 
 
 ```
 systemctl --user restart "${BRAND}.service"
 ```
 
+**Why the script dispatches the restart via `systemd-run` instead of a direct `systemctl restart` (Task 558):** when the admin agent invokes `setup-tunnel.sh` via the Bash tool, the script runs *inside* `${BRAND}.service`'s cgroup. A direct `systemctl --user restart ${BRAND}.service` from that cgroup tells systemd to SIGTERM the entire cgroup — the node server, the claude subprocess, the Bash child, and the script itself all die simultaneously. cgroup membership is inherited: `setsid`, `nohup`, `disown`, and `&` all stay in the caller's cgroup, and `systemd-run --scope` runs in the caller's scope. Only `systemd-run --user --unit=<name> --on-active=<N>s` creates a genuinely new transient unit with its own cgroup. The script uses that primitive to arm the restart a few seconds after its own exit:
+
+```
+systemd-run --user --unit=maxy-tunnel-restart-<nonce>.service --on-active=3s --collect \
+  /bin/systemctl --user restart "${BRAND}.service"
+```
+
+The script then emits `[setup-tunnel] step=service-restart-dispatched` and `step=service-restart-armed exit=0` in the per-conversation stream log so operators see exactly when the restart was scheduled, exits 0, and the transient timer fires from outside the service's cgroup — semantically identical to this manual runbook's `systemctl --user restart`.
+
+When walking through manually you do **not** need `systemd-run` — your SSH shell already lives in a separate user-scope cgroup (`user@<uid>.service`), so the direct `systemctl restart` does not kill the caller. The script's extra indirection only matters when the caller *is* the service being restarted.
+
 **Why:** `resume-tunnel.sh` is the deterministic, brand-scoped spawner. Running `cloudflared` manually duplicates the connector (two processes for one tunnel) and races the brand service on every service restart. The service path is the only correct production path.
 
 **Success:**

package/payload/platform/plugins/cloudflare/scripts/setup-tunnel.sh

@@ -306,7 +306,23 @@ echo "wrote ${CFG_DIR}/tunnel.state"
 # --------------------------------------------------------------------------
 # Restart the brand's user-space service so resume-tunnel.sh (its
 # ExecStartPre) picks up the new tunnel.state + config.yml and spawns the
-# connector. The script is autonomous — it completes the deployment.
+# connector.
+#
+# CRITICAL: this script runs inside ${BRAND}.service's cgroup whenever the
+# admin agent invokes it via the Bash tool. `systemctl --user restart
+# ${BRAND}.service` from inside that cgroup SIGTERMs the whole cgroup —
+# the node server, the claude subprocess, the Bash child, and this script
+# itself (Task 558). Dispatching the restart to a transient systemd-run
+# unit is the ONLY primitive that creates a new cgroup outside the service
+# — setsid/nohup/disown/& all inherit cgroup membership, and
+# `systemd-run --scope` runs in the caller's scope.
+#
+# The transient timer fires $RESTART_DELAY seconds after dispatch; the
+# script exits 0 cleanly in microseconds, then the timer restarts the
+# service from its own cgroup — semantically identical to an operator
+# SSH-invoked `systemctl restart`. Post-restart verification (connector
+# up + hostname probe) is out of scope here — the client reconnects and
+# the next admin turn can verify via MCP tools.
 # --------------------------------------------------------------------------
 
 if ! systemctl --user list-unit-files "${BRAND}.service" --no-pager --no-legend | grep -q "${BRAND}.service"; then
@@ -315,48 +331,57 @@ if ! systemctl --user list-unit-files "${BRAND}.service" --no-pager --no-legend
   exit 1
 fi
 
-echo "Restarting ${BRAND}.service to spawn the connector with the new tunnel state..."
-systemctl --user restart "${BRAND}.service"
-
-# Give resume-tunnel.sh a moment to spawn the connector before probing.
-sleep 3
+if ! command -v systemd-run >/dev/null 2>&1; then
+  phase_line setup-tunnel step=service-restart-dispatched result=error \
+    reason=systemd-run-missing
+  echo "ERROR: systemd-run is not in PATH." >&2
+  echo "       The script dispatches the ${BRAND}.service restart to a transient" >&2
+  echo "       systemd user unit so it does not kill its own cgroup (Task 558)." >&2
+  echo "       Install systemd userspace (standard on supported Maxy Pi images)." >&2
+  exit 1
+fi
 
-# --------------------------------------------------------------------------
-# Post-restart verification — connector running and subdomains live?
-# Poll each hostname up to VERIFY_TIMEOUT seconds so DNS propagation has
-# time to catch up (subdomains routed by cloudflared typically resolve
-# within 10-30s; apex-flattened or freshly-created records may need longer).
-# --------------------------------------------------------------------------
+RESTART_DELAY=3
+TRANSIENT_UNIT="maxy-tunnel-restart-$$-$(date +%s)"
+phase_line setup-tunnel step=service-restart-dispatched \
+  unit="${TRANSIENT_UNIT}" delay="${RESTART_DELAY}s" \
+  cmd="systemctl --user restart ${BRAND}.service"
+
+# Dispatch via systemd-run --user --on-active — creates a transient unit
+# with its own cgroup that fires the restart after RESTART_DELAY seconds.
+# --collect auto-GCs the unit after it terminates. The script exits before
+# the timer fires; no race because the exit is microseconds and the timer
+# is seconds. Capture stderr so the operator sees the actual systemd-run
+# failure reason (e.g. "Failed to connect to bus" when linger is disabled).
+SYSTEMD_RUN_ERR="$(mktemp -t maxy-systemd-run-err.XXXXXX)"
+if systemd-run --user --unit="${TRANSIENT_UNIT}.service" \
+    --description="Detached restart of ${BRAND}.service (Task 558)" \
+    --on-active="${RESTART_DELAY}s" \
+    --collect \
+    /bin/systemctl --user restart "${BRAND}.service" 2>"${SYSTEMD_RUN_ERR}"; then
+  RESTART_RC=0
+else
+  RESTART_RC=$?
+fi
 
-if ! ps -ef | grep -q "[c]loudflared.*--config ${CFG_DIR}/config.yml"; then
-  echo "" >&2
-  echo "ERROR: ${BRAND}.service restarted but no cloudflared connector is running" >&2
-  echo "       with --config ${CFG_DIR}/config.yml." >&2
-  echo "       Check ${HOME}/.${BRAND}/logs/cloudflared.log for the failure reason." >&2
+if [ "${RESTART_RC}" -ne 0 ]; then
+  STDERR_TEXT="$(cat "${SYSTEMD_RUN_ERR}" 2>/dev/null | tr '\n' ' ' | head -c 500 || echo 'unavailable')"
+  rm -f "${SYSTEMD_RUN_ERR}"
+  phase_line setup-tunnel step=service-restart-dispatched result=error \
+    reason=systemd-run-failed exit="${RESTART_RC}" unit="${TRANSIENT_UNIT}" \
+    stderr="${STDERR_TEXT}"
+  echo "ERROR: systemd-run failed to dispatch the transient restart (exit=${RESTART_RC})." >&2
+  echo "       systemd-run stderr: ${STDERR_TEXT}" >&2
+  echo "       If stderr mentions 'Failed to connect to bus', the user-scope systemd" >&2
+  echo "       instance isn't running. Fix: 'loginctl enable-linger \$(whoami)' and retry." >&2
+  echo "       The service was NOT restarted. Re-run the script or restart manually:" >&2
+  echo "         systemctl --user restart ${BRAND}.service" >&2
   exit 1
 fi
+rm -f "${SYSTEMD_RUN_ERR}"
 
-VERIFY_TIMEOUT=60
-POLL_INTERVAL=5
-echo "Connector running against ${CFG_DIR}/config.yml — verifying each subdomain hostname (up to ${VERIFY_TIMEOUT}s per host for DNS propagation):"
-for H in "${HOSTNAMES[@]}"; do
-  if is_apex "$H"; then continue; fi
-  ELAPSED=0
-  STATUS="000"
-  while [ "${ELAPSED}" -lt "${VERIFY_TIMEOUT}" ]; do
-    STATUS=$(curl -o /dev/null -s -w '%{http_code}' --max-time 5 -I "https://${H}" || echo "000")
-    if [ "${STATUS}" != "530" ] && [ "${STATUS}" != "000" ]; then
-      break
-    fi
-    sleep "${POLL_INTERVAL}"
-    ELAPSED=$((ELAPSED + POLL_INTERVAL))
-  done
-  if [ "${STATUS}" = "530" ] || [ "${STATUS}" = "000" ]; then
-    echo "  ${H}: HTTP ${STATUS} after ${VERIFY_TIMEOUT}s — DNS propagation slow or connector-to-edge issue"
-  else
-    echo "  ${H}: HTTP ${STATUS} — live (after ${ELAPSED}s)"
-  fi
-done
+phase_line setup-tunnel step=service-restart-armed exit=0 unit="${TRANSIENT_UNIT}"
+echo "${BRAND}.service restart armed via ${TRANSIENT_UNIT} (fires in ${RESTART_DELAY}s)."
 
 # --------------------------------------------------------------------------
 # Apex ACTION REQUIRED summary
@@ -380,6 +405,8 @@ if [ "${#APEX_HOSTNAMES[@]}" -gt 0 ]; then
   echo "============================================================"
 fi
 
+phase_line setup-tunnel step=done tunnel="${TUNNEL_NAME}" id="${TUNNEL_ID}"
 echo ""
 echo "Done. tunnel=${TUNNEL_NAME} id=${TUNNEL_ID}"
-echo "Verify subdomain hostnames with: curl -I https://${HOSTNAMES[0]}"
+echo "Service will restart in ~${RESTART_DELAY}s to load the new config."
+echo "Verify hostnames with: curl -I https://${HOSTNAMES[0]}"

package/payload/platform/plugins/cloudflare/skills/setup-tunnel/SKILL.md

@@ -20,7 +20,7 @@ Any Cloudflare action outside these four surfaces is a discipline violation —
 
 ## 1. Autonomous path — `setup-tunnel.sh`
 
-Use this when the operator wants Cloudflare set up (or re-set up) end-to-end on the device. The script handles OAuth login, tunnel creation, DNS routing for each subdomain, config.yml + tunnel.state, service restart, and post-restart verification — all in one invocation. Apex hostnames cannot be routed by the CLI; when one is passed, the script prints an `ACTION REQUIRED` block naming the exact dashboard record to edit.
+Use this when the operator wants Cloudflare set up (or re-set up) end-to-end on the device. The script handles OAuth login, tunnel creation, DNS routing for each subdomain, config.yml + tunnel.state, and dispatches the `${BRAND}.service` restart to a transient `systemd-run` unit (Task 558) — all in one invocation. The restart fires a few seconds after the script exits so the script does not kill its own cgroup when invoked via the Bash tool; the chat UI receives a `server_shutdown` SSE frame and reconnects automatically. Post-restart hostname verification is out of scope for the script (connector is not up when the script exits) — verify via the next admin turn or manually with `curl -I https://<hostname>`. Apex hostnames cannot be routed by the CLI; when one is passed, the script prints an `ACTION REQUIRED` block naming the exact dashboard record to edit.
 
 ### Inputs to collect before invoking