@sherwoodagent/cli 0.40.5 → 0.40.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,13 +1,14 @@
1
1
  {
2
2
  "name": "@sherwoodagent/cli",
3
- "version": "0.40.5",
3
+ "version": "0.40.6",
4
4
  "description": "CLI for agent-managed investment syndicates — onchain DeFi syndicates with XMTP chat",
5
5
  "type": "module",
6
6
  "bin": {
7
7
  "sherwood": "./dist/index.js"
8
8
  },
9
9
  "files": [
10
- "dist"
10
+ "dist",
11
+ "scripts/pin-xmtp-bindings.cjs"
11
12
  ],
12
13
  "publishConfig": {
13
14
  "access": "public"
@@ -27,7 +28,8 @@
27
28
  "test": "vitest run",
28
29
  "test:unit": "vitest run --config vitest.config.unit.ts",
29
30
  "test:integration": "vitest run --config vitest.config.integration.ts",
30
- "test:watch": "vitest"
31
+ "test:watch": "vitest",
32
+ "postinstall": "node scripts/pin-xmtp-bindings.cjs"
31
33
  },
32
34
  "dependencies": {
33
35
  "@inquirer/prompts": "^8.3.2",
@@ -0,0 +1,91 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * Force the @xmtp/node-bindings dev build into this install.
4
+ *
5
+ * Why this exists:
6
+ * cli/package.json pins "@xmtp/node-bindings": "1.10.0-dev.97e86c6" in the
7
+ * `overrides` block. That pin IS honored during local development
8
+ * (cli/package.json is the root of its install tree) but is silently
9
+ * dropped on global install — `npm i -g @sherwoodagent/cli` treats the CLI
10
+ * as a dependency of an implicit "global root" package, and npm only
11
+ * applies `overrides` from the true root.
12
+ *
13
+ * Result: `npm i -g` pulls the published @xmtp/node-bindings@1.10.0
14
+ * (requires glibc 2.38), not the pinned dev build (max glibc 2.18).
15
+ * Hosts on glibc 2.36 (e.g. Debian 12 containers Hermes often runs in)
16
+ * then see `GLIBC_2.38 not found` on any XMTP call.
17
+ *
18
+ * This postinstall forcibly replaces the installed binding with the dev
19
+ * version. --no-save keeps package.json unchanged. --force tells npm to
20
+ * ignore the semver conflict with @xmtp/node-sdk's own dep range (the
21
+ * dev pre-release doesn't satisfy `^1.10.0` under npm's strict semver).
22
+ * After the force-install, `npm dedupe` collapses any nested copies
23
+ * inside @xmtp/node-sdk's own node_modules.
24
+ *
25
+ * If npm isn't available or the network is unreachable at postinstall
26
+ * time, this script exits quietly with status 0. Runtime XMTP calls
27
+ * will still fail the same way they would without this fix, but the
28
+ * install itself isn't blocked — non-XMTP CLI commands keep working.
29
+ *
30
+ * Proper long-term fix: adopt the sidecar pattern already in use by
31
+ * sherwoodagent/sherwood-hermes-plugin — bundle XMTP in a sub-install
32
+ * tree whose own package.json IS a root and whose overrides WILL apply.
33
+ * Tracked as a future refactor.
34
+ */
35
+
36
+ "use strict";
37
+
38
+ const { execSync } = require("node:child_process");
39
+ const { existsSync } = require("node:fs");
40
+ const path = require("node:path");
41
+
42
+ const PINNED = "@xmtp/node-bindings@1.10.0-dev.97e86c6";
43
+
44
+ // Skip in CI / test / sandbox envs where network is unavailable or unwanted.
45
+ if (process.env.SHERWOOD_SKIP_XMTP_BINDING_PIN === "1") {
46
+ process.stderr.write(
47
+ "[sherwood-cli] postinstall: binding pin skipped (env)\n",
48
+ );
49
+ process.exit(0);
50
+ }
51
+
52
+ // Skip when running from the monorepo (cli/ is itself the root during dev;
53
+ // overrides work and this would create a redundant nested copy).
54
+ const parentDir = path.resolve(__dirname, "..", "..");
55
+ if (existsSync(path.join(parentDir, "contracts")) && existsSync(path.join(parentDir, "cli"))) {
56
+ process.stderr.write(
57
+ "[sherwood-cli] postinstall: monorepo dev install detected — skipping binding pin\n",
58
+ );
59
+ process.exit(0);
60
+ }
61
+
62
+ try {
63
+ process.stderr.write(
64
+ `[sherwood-cli] postinstall: forcing ${PINNED} to work around npm global-install override limitation\n`,
65
+ );
66
+ execSync(`npm install --no-save --force ${PINNED}`, {
67
+ stdio: ["ignore", "pipe", "pipe"],
68
+ cwd: path.resolve(__dirname, ".."),
69
+ });
70
+ // Collapse any nested copies that @xmtp/node-sdk installed separately
71
+ // (its own deps range `^1.10.0` rejects our pre-release by strict semver).
72
+ try {
73
+ execSync("npm dedupe @xmtp/node-bindings", {
74
+ stdio: ["ignore", "pipe", "pipe"],
75
+ cwd: path.resolve(__dirname, ".."),
76
+ });
77
+ } catch {
78
+ // dedupe is best-effort; failure doesn't mean the primary install failed.
79
+ }
80
+ process.stderr.write("[sherwood-cli] postinstall: binding pin applied\n");
81
+ } catch (err) {
82
+ // Don't fail the install — non-XMTP commands still work. The error
83
+ // message is printed so users on broken-binding hosts can see why chat
84
+ // is failing and run the pin manually.
85
+ process.stderr.write(
86
+ `[sherwood-cli] postinstall: binding pin failed (${err && err.message ? err.message : err}). ` +
87
+ "XMTP features may fail at runtime. To retry manually:\n" +
88
+ ` cd $(dirname $(readlink -f $(which sherwood)))/../lib/node_modules/@sherwoodagent/cli && npm install --no-save --force ${PINNED}\n`,
89
+ );
90
+ process.exit(0);
91
+ }