@rubytech/create-realagent 1.0.852 → 1.0.854

package/dist/__tests__/preflight-port-classifier.test.js

@@ -1,163 +1,330 @@
-// Task 938 — acceptance grid for classifyPortHolder.
+// Task 938 — acceptance grid for classifyPortHolder (chromium argv-anchor).
+// Task 939 — extended grid for Xtigervnc display anchor + websockify port
+// anchor + holder-type detection on argv[0] basename / full-argv scan.
 //
 // The wrapper in index.ts owns ss(8), /proc reads, kill(2), and the operator-
 // override exit. This suite exercises only the pure decision rule: ssOutput +
-// configDir context → kind. Inputs in, decision out — no fs, no exec, no spawn.
+// brand identities → kind. Inputs in, decision out — no fs, no exec, no spawn.
 //
 // Cmdlines below mimic /proc/<pid>/cmdline format: argv joined by NUL bytes,
-// possibly with a trailing NUL. The classifier requires this format so it can
-// distinguish `--user-data-dir=PATH` (a real ownership claim) from a different
-// flag whose value happens to contain the profile path substring.
+// possibly with a trailing NUL. The classifier requires this format so it
+// can distinguish a flag value (a real ownership claim) from a different
+// flag whose value happens to contain the marker substring.
 //
 // Runs via Node's built-in test runner — same convention as
 // peer-brand-detect.test.ts.
 import test from "node:test";
 import assert from "node:assert/strict";
 import { classifyPortHolder } from "../preflight-port-classifier.js";
-const ALL_BRANDS = [".maxy", ".realagent", ".maxy-2", ".maxy-3", ".maxy-4"];
-const peers = (own) => ALL_BRANDS.filter(c => c !== own);
+// Per-brand identities mirror the live brands/<brand>/brand.json values that
+// bundle.js stamps into payload/platform/config/brand-registry.json. Values
+// are derived from the brand manifests, not hardcoded as ground-truth here:
+// the test suite asserts the rule, not the numbers. Any rebalance in
+// brands/*/brand.json updates the registry on the next bundle and the
+// classifier consumes the new values without source change.
+const MAXY = { configDir: ".maxy", vncDisplay: 99, websockifyPort: 6080 };
+const REAL = { configDir: ".realagent", vncDisplay: 100, websockifyPort: 6081 };
+const MAXY_2 = { configDir: ".maxy-2", vncDisplay: 101, websockifyPort: 6082 };
+const MAXY_3 = { configDir: ".maxy-3", vncDisplay: 102, websockifyPort: 6083 };
+const MAXY_4 = { configDir: ".maxy-4", vncDisplay: 103, websockifyPort: 6084 };
+const ALL = [MAXY, REAL, MAXY_2, MAXY_3, MAXY_4];
+const peers = (own) => ALL.filter(b => b.configDir !== own.configDir);
 const SS_PID_42 = "LISTEN 0 4096  *:9222  *:*  users:((\"chrome\",pid=42,fd=12))";
 const SS_PID_99 = "LISTEN 0 4096  *:9223  *:*  users:((\"chrome\",pid=99,fd=12))";
+const SS_PID_777 = "LISTEN 0 5  127.0.0.1:5900  0.0.0.0:*  users:((\"Xtigervnc\",pid=777,fd=9))";
+const SS_PID_888 = "LISTEN 0 5  127.0.0.1:5901  0.0.0.0:*  users:((\"Xtigervnc\",pid=888,fd=9))";
+const SS_PID_555 = "LISTEN 0 5  *:6080  *:*  users:((\"websockify\",pid=555,fd=8))";
 const cmd = (...argv) => argv.join("\0") + "\0";
+// ---------------------------------------------------------------------------
+// EMPTY / no pid / cmdline race
+// ---------------------------------------------------------------------------
 test("empty ssOutput → EMPTY", () => {
     const r = classifyPortHolder({
         ssOutput: "",
-        ownConfigDir: ".maxy",
-        peerConfigDirs: peers(".maxy"),
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
         getCmdline: () => { throw new Error("should not be called"); },
     });
     assert.equal(r.kind, "EMPTY");
 });
-test("OWN_BRAND: --user-data-dir=PATH single argv", () => {
+test("UNRELATED: ssOutput non-empty but no pid= token", () => {
+    const r = classifyPortHolder({
+        ssOutput: "Recv-Q Send-Q  Local Address:Port  Peer Address:Port",
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: () => { throw new Error("should not be called"); },
+    });
+    assert.equal(r.kind, "UNRELATED");
+    assert.equal(r.pid, undefined);
+});
+test("UNRELATED: getCmdline throws (race — process exited between ss and read)", () => {
+    const r = classifyPortHolder({
+        ssOutput: SS_PID_42,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: () => { const e = new Error("ENOENT"); e.code = "ENOENT"; throw e; },
+    });
+    assert.equal(r.kind, "UNRELATED");
+    assert.equal(r.pid, 42);
+    assert.equal(r.cmdlineReadFailed, true);
+});
+test("ss header line containing 'pid=': last pid= wins", () => {
+    // If a future ss locale prepends header text containing the literal `pid=`,
+    // the first-match heuristic would lift the wrong value. The LISTEN row is
+    // always last, so taking the last pid= match is the structural fix.
+    const ssOutput = `State pid= notes\nLISTEN 0 4096  *:9222 *:*  users:(("chrome",pid=42,fd=12))`;
+    const cmdline = cmd("chromium", "--user-data-dir=/home/neo/.maxy/chromium-profile");
+    const r = classifyPortHolder({
+        ssOutput,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: pid => { assert.equal(pid, 42, "must pick the LISTEN row's pid"); return cmdline; },
+    });
+    assert.equal(r.kind, "OWN_BRAND");
+    assert.equal(r.pid, 42);
+});
+// ---------------------------------------------------------------------------
+// Chromium (Task 938 grid, migrated to BrandIdentity API)
+// ---------------------------------------------------------------------------
+test("chromium OWN_BRAND: --user-data-dir=PATH single argv", () => {
     const cmdline = cmd("/opt/google/chrome/chrome", "--user-data-dir=/home/neo/.maxy/chromium-profile", "--remote-debugging-port=9222");
     const r = classifyPortHolder({
         ssOutput: SS_PID_42,
-        ownConfigDir: ".maxy",
-        peerConfigDirs: peers(".maxy"),
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
         getCmdline: pid => { assert.equal(pid, 42); return cmdline; },
     });
     assert.equal(r.kind, "OWN_BRAND");
+    assert.equal(r.holderType, "chromium");
     assert.equal(r.pid, 42);
     assert.equal(r.profilePath, "/home/neo/.maxy/chromium-profile");
 });
-test("OWN_BRAND: --user-data-dir PATH split across two argvs", () => {
+test("chromium OWN_BRAND: --user-data-dir PATH split across two argvs", () => {
     const cmdline = cmd("/usr/bin/chromium", "--user-data-dir", "/home/admin/.maxy/chromium-profile", "--remote-debugging-port=9222");
     const r = classifyPortHolder({
         ssOutput: SS_PID_42,
-        ownConfigDir: ".maxy",
-        peerConfigDirs: peers(".maxy"),
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
         getCmdline: () => cmdline,
     });
     assert.equal(r.kind, "OWN_BRAND");
+    assert.equal(r.holderType, "chromium");
     assert.equal(r.profilePath, "/home/admin/.maxy/chromium-profile");
 });
-test("PEER_BRAND: cmdline holds another known brand's profile path", () => {
+test("chromium PEER_BRAND: cmdline holds another known brand's profile path", () => {
     const cmdline = cmd("/usr/bin/chromium", "--user-data-dir=/home/admin/.realagent/chromium-profile", "--remote-debugging-port=9223");
     const r = classifyPortHolder({
         ssOutput: SS_PID_99,
-        ownConfigDir: ".maxy",
-        peerConfigDirs: peers(".maxy"),
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
         getCmdline: () => cmdline,
     });
     assert.equal(r.kind, "PEER_BRAND");
+    assert.equal(r.holderType, "chromium");
     assert.equal(r.pid, 99);
     assert.equal(r.profilePath, "/home/admin/.realagent/chromium-profile");
 });
-test("UNRELATED: cmdline matches no known brand profile", () => {
-    const cmdline = cmd("/usr/bin/python3", "-m", "http.server", "9222");
+test("chromium UNRELATED: cmdline matches no known brand profile", () => {
+    // Anchors only on the basename — "/usr/bin/python3" is not chromium.
+    // Use an actual chromium binary with a non-brand profile path instead.
+    const cmdline = cmd("chromium", "--user-data-dir=/tmp/scratch", "--remote-debugging-port=9999");
     const r = classifyPortHolder({
         ssOutput: SS_PID_42,
-        ownConfigDir: ".maxy",
-        peerConfigDirs: peers(".maxy"),
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
         getCmdline: () => cmdline,
     });
     assert.equal(r.kind, "UNRELATED");
+    assert.equal(r.holderType, "chromium");
     assert.equal(r.pid, 42);
-    assert.equal(r.cmdline, "/usr/bin/python3 -m http.server 9222");
-});
-test("UNRELATED: ssOutput non-empty but no pid= token", () => {
-    const r = classifyPortHolder({
-        ssOutput: "Recv-Q Send-Q  Local Address:Port  Peer Address:Port",
-        ownConfigDir: ".maxy",
-        peerConfigDirs: peers(".maxy"),
-        getCmdline: () => { throw new Error("should not be called"); },
-    });
-    assert.equal(r.kind, "UNRELATED");
-    assert.equal(r.pid, undefined);
-});
-test("UNRELATED: getCmdline throws (race — process exited between ss and read)", () => {
-    const r = classifyPortHolder({
-        ssOutput: SS_PID_42,
-        ownConfigDir: ".maxy",
-        peerConfigDirs: peers(".maxy"),
-        getCmdline: () => { const e = new Error("ENOENT"); e.code = "ENOENT"; throw e; },
-    });
-    assert.equal(r.kind, "UNRELATED");
-    assert.equal(r.pid, 42);
-    assert.equal(r.cmdlineReadFailed, true);
 });
-test("UNRELATED: --user-data-dir absent (no profile claim)", () => {
+test("chromium UNRELATED: --user-data-dir absent (no profile claim)", () => {
     // Kernel threads, GPU/zygote/utility chrome processes inherit profile via
-    // fork without re-stating --user-data-dir on their argv. They wouldn't be
-    // listening anyway, but if one ever showed up here we must classify as
-    // UNRELATED, never as OWN_BRAND on a substring fluke.
+    // fork without re-stating --user-data-dir. They wouldn't be listening
+    // anyway, but if one ever showed up here we must classify as UNRELATED.
     const cmdline = cmd("/opt/google/chrome/chrome", "--type=gpu-process", "--no-sandbox");
     const r = classifyPortHolder({
         ssOutput: SS_PID_42,
-        ownConfigDir: ".maxy",
-        peerConfigDirs: peers(".maxy"),
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
         getCmdline: () => cmdline,
     });
     assert.equal(r.kind, "UNRELATED");
+    assert.equal(r.holderType, "chromium");
 });
-test("substring boundary: own=.maxy must NOT match .maxy-2 cmdline", () => {
+test("chromium substring boundary: own=.maxy must NOT match .maxy-2 cmdline", () => {
     const cmdline = cmd("chromium", "--user-data-dir=/home/neo/.maxy-2/chromium-profile");
     const r = classifyPortHolder({
         ssOutput: SS_PID_42,
-        ownConfigDir: ".maxy",
-        peerConfigDirs: peers(".maxy"),
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
         getCmdline: () => cmdline,
     });
     assert.equal(r.kind, "PEER_BRAND");
     assert.equal(r.profilePath, "/home/neo/.maxy-2/chromium-profile");
 });
-test("substring boundary: own=.maxy-2 must NOT misclassify .maxy cmdline as own", () => {
+test("chromium substring boundary: own=.maxy-2 must NOT misclassify .maxy cmdline as own", () => {
     const cmdline = cmd("chromium", "--user-data-dir=/home/neo/.maxy/chromium-profile");
     const r = classifyPortHolder({
         ssOutput: SS_PID_42,
-        ownConfigDir: ".maxy-2",
-        peerConfigDirs: peers(".maxy-2"),
+        ownBrand: MAXY_2,
+        peerBrands: peers(MAXY_2),
         getCmdline: () => cmdline,
     });
     assert.equal(r.kind, "PEER_BRAND");
     assert.equal(r.profilePath, "/home/neo/.maxy/chromium-profile");
 });
-test("argv-anchor safety: marker in --load-extension value must NOT classify as OWN_BRAND", () => {
-    // Adversarial case from review: a Chrome flag whose value contains the
-    // profile-path substring, but no actual --user-data-dir claim. Naive
-    // substring matching would false-positive OWN_BRAND.
+test("chromium argv-anchor safety: marker in --load-extension value must NOT match", () => {
+    // Adversarial case: a Chrome flag whose value contains the profile-path
+    // substring, but no actual --user-data-dir claim. Naive substring matching
+    // would false-positive OWN_BRAND.
     const cmdline = cmd("chromium", "--load-extension=/tmp/decoy/.maxy/chromium-profile", "--remote-debugging-port=9222");
     const r = classifyPortHolder({
         ssOutput: SS_PID_42,
-        ownConfigDir: ".maxy",
-        peerConfigDirs: peers(".maxy"),
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
         getCmdline: () => cmdline,
     });
     assert.equal(r.kind, "UNRELATED");
 });
-test("ss header line containing 'pid=': last pid= wins", () => {
-    // If a future ss locale prepends header text containing the literal `pid=`
-    // (e.g., "Process pid="), the first-match heuristic would lift the wrong
-    // value. The LISTEN row is always last, so taking the last pid= match is
-    // the structural fix.
-    const ssOutput = `State pid= notes\nLISTEN 0 4096  *:9222 *:*  users:(("chrome",pid=42,fd=12))`;
-    const cmdline = cmd("chromium", "--user-data-dir=/home/neo/.maxy/chromium-profile");
+test("chromium variant basenames: google-chrome-stable detected as chromium", () => {
+    // Ubuntu Noble laptop replaces snap-confined chromium with
+    // google-chrome-stable (Task 929). The classifier must still recognise
+    // it as a chromium-family holder.
+    const cmdline = cmd("/usr/bin/google-chrome-stable", "--user-data-dir=/home/neo/.maxy/chromium-profile", "--remote-debugging-port=9222");
     const r = classifyPortHolder({
-        ssOutput,
-        ownConfigDir: ".maxy",
-        peerConfigDirs: peers(".maxy"),
-        getCmdline: pid => { assert.equal(pid, 42, "must pick the LISTEN row's pid, not the header's"); return cmdline; },
+        ssOutput: SS_PID_42,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: () => cmdline,
+    });
+    assert.equal(r.kind, "OWN_BRAND");
+    assert.equal(r.holderType, "chromium");
+});
+// ---------------------------------------------------------------------------
+// Xtigervnc (Task 939 — display-number anchor)
+// ---------------------------------------------------------------------------
+test("xtigervnc OWN_BRAND: argv[1] :99 matches own.vncDisplay", () => {
+    // Reproduces the laptop-maxy and Pi-maxy install-time log:
+    //   cmdline: Xtigervnc :99 -geometry 1280x800 -depth 24 -rfbport 5900 …
+    const cmdline = cmd("Xtigervnc", ":99", "-geometry", "1280x800", "-depth", "24", "-rfbport", "5900", "-localhost", "-SecurityTypes", "None", "-AlwaysShared", "-BlacklistThreshold", "1000000");
+    const r = classifyPortHolder({
+        ssOutput: SS_PID_777,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: pid => { assert.equal(pid, 777); return cmdline; },
+    });
+    assert.equal(r.kind, "OWN_BRAND");
+    assert.equal(r.holderType, "xtigervnc");
+    assert.equal(r.pid, 777);
+    assert.equal(r.vncDisplay, 99);
+});
+test("xtigervnc PEER_BRAND: argv[1] :100 matches Real Agent vncDisplay when own is Maxy", () => {
+    const cmdline = cmd("Xtigervnc", ":100", "-rfbport", "5901");
+    const r = classifyPortHolder({
+        ssOutput: SS_PID_888,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: () => cmdline,
+    });
+    assert.equal(r.kind, "PEER_BRAND");
+    assert.equal(r.holderType, "xtigervnc");
+    assert.equal(r.vncDisplay, 100);
+});
+test("xtigervnc UNRELATED: argv display number matches no known brand", () => {
+    const cmdline = cmd("Xtigervnc", ":42", "-rfbport", "5942");
+    const r = classifyPortHolder({
+        ssOutput: SS_PID_777,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: () => cmdline,
+    });
+    assert.equal(r.kind, "UNRELATED");
+    assert.equal(r.holderType, "xtigervnc");
+    assert.equal(r.vncDisplay, 42);
+});
+test("xtigervnc UNRELATED: no `:N` token in argv", () => {
+    // Defence-in-depth: if argv parsing ever sees an Xtigervnc invocation
+    // with no display literal, classify UNRELATED rather than guessing.
+    const cmdline = cmd("Xtigervnc", "-help");
+    const r = classifyPortHolder({
+        ssOutput: SS_PID_777,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: () => cmdline,
+    });
+    assert.equal(r.kind, "UNRELATED");
+    assert.equal(r.holderType, "xtigervnc");
+    assert.equal(r.vncDisplay, undefined);
+});
+// ---------------------------------------------------------------------------
+// websockify (Task 939 — bind-port anchor with full-argv scan for the binary)
+// ---------------------------------------------------------------------------
+test("websockify OWN_BRAND: bind port [::]:6080 matches own.websockifyPort (direct invocation)", () => {
+    const cmdline = cmd("websockify", "--web", "/usr/share/novnc", "[::]:6080", "localhost:5900");
+    const r = classifyPortHolder({
+        ssOutput: SS_PID_555,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: pid => { assert.equal(pid, 555); return cmdline; },
+    });
+    assert.equal(r.kind, "OWN_BRAND");
+    assert.equal(r.holderType, "websockify");
+    assert.equal(r.pid, 555);
+    assert.equal(r.websockifyPort, 6080);
+});
+test("websockify OWN_BRAND: detected via argv scan when invoked through python", () => {
+    // Pi Bookworm packages websockify as a python script with no shebang
+    // honoured by systemd in some configs — argv[0] may be `python3` and
+    // argv[1] = `/usr/bin/websockify`. The detector scans the full argv.
+    const cmdline = cmd("/usr/bin/python3", "/usr/bin/websockify", "--web", "/usr/share/novnc", "[::]:6080", "localhost:5900");
+    const r = classifyPortHolder({
+        ssOutput: SS_PID_555,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: () => cmdline,
     });
     assert.equal(r.kind, "OWN_BRAND");
+    assert.equal(r.holderType, "websockify");
+    assert.equal(r.websockifyPort, 6080);
+});
+test("websockify PEER_BRAND: bind port matches Real Agent websockifyPort when own is Maxy", () => {
+    const cmdline = cmd("websockify", "--web", "/usr/share/novnc", "[::]:6081", "localhost:5901");
+    const r = classifyPortHolder({
+        ssOutput: SS_PID_555,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: () => cmdline,
+    });
+    assert.equal(r.kind, "PEER_BRAND");
+    assert.equal(r.holderType, "websockify");
+    assert.equal(r.websockifyPort, 6081);
+});
+test("websockify UNRELATED: bind port matches no known brand", () => {
+    const cmdline = cmd("websockify", "--web", "/usr/share/novnc", "[::]:9999", "localhost:5900");
+    const r = classifyPortHolder({
+        ssOutput: SS_PID_555,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: () => cmdline,
+    });
+    assert.equal(r.kind, "UNRELATED");
+    assert.equal(r.holderType, "websockify");
+    assert.equal(r.websockifyPort, undefined);
+});
+// ---------------------------------------------------------------------------
+// Unknown holder (defence-in-depth)
+// ---------------------------------------------------------------------------
+test("UNRELATED holderType=unknown: argv[0] is neither chromium, Xtigervnc, nor websockify", () => {
+    const cmdline = cmd("/usr/bin/python3", "-m", "http.server", "9222");
+    const r = classifyPortHolder({
+        ssOutput: SS_PID_42,
+        ownBrand: MAXY,
+        peerBrands: peers(MAXY),
+        getCmdline: () => cmdline,
+    });
+    assert.equal(r.kind, "UNRELATED");
+    assert.equal(r.holderType, "unknown");
     assert.equal(r.pid, 42);
+    assert.equal(r.cmdline, "/usr/bin/python3 -m http.server 9222");
 });

package/dist/index.js

@@ -2457,12 +2457,13 @@ function installService() {
     // three brand-scoped ports is already held by a process that is NOT this
     // brand's own on-demand browser nor a peer brand's edge stack.
     //
-    // Classification (Task 938) reads `/proc/<pid>/cmdline` and matches on the
-    // user-data-dir profile path, not on `comm` regex. The previous
-    // `comm`-regex approach (`/Xtigervnc|websockify|chromium/`) failed on the
-    // laptop where Task 929 selects google-chrome-stable: comm is `chrome`,
-    // so the brand's own browser was misclassified UNRELATED and the install
-    // aborted against a port it could legitimately reclaim.
+    // Classification (Task 938 chromium, Task 939 Xtigervnc + websockify) reads
+    // `/proc/<pid>/cmdline` and applies a holder-specific argv anchor. Task 938
+    // covered chromium-only via `--user-data-dir=`; Task 939 closed the gap on
+    // Xtigervnc (no such flag — anchor on the `:N` display literal) and
+    // websockify (anchor on bind port). Brand identities (configDir,
+    // vncDisplay, websockifyPort) come from brand-registry.json which the
+    // bundler stamps at build time from every brands/<brand>/brand.json.
     //
     // Decisions per holder:
     //   OWN_BRAND  — SIGTERM, recheck, SIGKILL on stragglers, exit-1 only if
@@ -2471,9 +2472,42 @@ function installService() {
     //   UNRELATED  — refuse to write service files; emit operator override.
     // macOS dev hosts (no ss) fall through the catch and skip pre-flight
     // entirely — the runtime check in vnc.sh covers Linux production.
-    const peerConfigDirs = KNOWN_BRAND_HOSTNAMES
-        .filter(h => h !== BRAND.hostname)
-        .map(h => `.${h}`);
+    const ownBrand = {
+        configDir: BRAND.configDir,
+        vncDisplay: VNC_DISPLAY,
+        websockifyPort: WEBSOCKIFY_PORT_BRAND,
+    };
+    // Peer registry — load from payload/platform/config/brand-registry.json
+    // when present (Task 939+ bundles). Older bundles ship without the
+    // registry; in that case peerBrands stays empty. PEER_BRAND classification
+    // for Xtigervnc/websockify is a defence-in-depth case anyway (port sets
+    // are disjoint by Task 924), so the empty-list fallback is safe — peer
+    // chromium will fall through to UNRELATED, matching pre-Task 938 behaviour
+    // for the only realistic scenario (a stale peer browser on the wrong CDP
+    // port).
+    const peerBrands = (() => {
+        const registryPath = join(PAYLOAD_DIR, "platform", "config", "brand-registry.json");
+        if (!existsSync(registryPath)) {
+            logFile(`  [preflight] brand-registry.json not in payload — peer matching disabled`);
+            return [];
+        }
+        try {
+            const raw = JSON.parse(readFileSync(registryPath, "utf-8"));
+            const entries = [];
+            for (const b of raw.brands ?? []) {
+                if (b.hostname === BRAND.hostname)
+                    continue;
+                if (typeof b.configDir !== "string" || typeof b.vncDisplay !== "number" || typeof b.websockifyPort !== "number")
+                    continue;
+                entries.push({ configDir: b.configDir, vncDisplay: b.vncDisplay, websockifyPort: b.websockifyPort });
+            }
+            return entries;
+        }
+        catch (err) {
+            logFile(`  [preflight] brand-registry.json parse failed: ${err instanceof Error ? err.message : String(err)} — peer matching disabled`);
+            return [];
+        }
+    })();
     const ssReadHolder = (port) => {
         return execFileSync("ss", ["-tlnpH", `sport = :${port}`], {
             encoding: "utf-8", timeout: 3000, stdio: ["ignore", "pipe", "ignore"],
@@ -2513,8 +2547,22 @@ function installService() {
         }
     };
     const classify = (ssOutput) => classifyPortHolder({
-        ssOutput, ownConfigDir: BRAND.configDir, peerConfigDirs, getCmdline: readCmdline,
+        ssOutput, ownBrand, peerBrands, getCmdline: readCmdline,
     });
+    // Task 939 — log line varies by detected holder so the operator can see
+    // which OWN_BRAND stack is being killed. The kill loop is identical for
+    // all three holders (SIGTERM → 300ms → recheck → SIGKILL → recheck), so
+    // only the announce line differs.
+    const ownBrandAnnounceLine = (label, port, c) => {
+        if (c.holderType === "xtigervnc") {
+            return `  [preflight] ${label}=${port} held by OWN brand Xtigervnc display=:${c.vncDisplay} pid=${c.pid} — sending SIGTERM`;
+        }
+        if (c.holderType === "websockify") {
+            return `  [preflight] ${label}=${port} held by OWN brand websockify pid=${c.pid} — sending SIGTERM`;
+        }
+        // Default — chromium / unknown OWN_BRAND
+        return `  [preflight] ${label}=${port} held by OWN brand process pid=${c.pid} profile=${c.profilePath} — sending SIGTERM`;
+    };
     const checkInstallPortFree = (label, port) => {
         let firstSsOutput;
         try {
@@ -2541,7 +2589,7 @@ function installService() {
             return;
         }
         if (r.kind === "OWN_BRAND" && r.pid !== undefined) {
-            logFile(`  [preflight] ${label}=${port} held by OWN brand process pid=${r.pid} profile=${r.profilePath} — sending SIGTERM`);
+            logFile(ownBrandAnnounceLine(label, port, r));
             killNoThrow(r.pid, "SIGTERM");
             sleepMs(300);
             const after = classify(ssReadOrAbort(label, port));