@switchbot/openapi-cli 2.7.2 → 3.1.0

package/dist/commands/doctor.js

@@ -1,6 +1,7 @@
 import fs from 'node:fs';
 import os from 'node:os';
 import path from 'node:path';
+import { execSync } from 'node:child_process';
 import { printJson, isJsonMode, exitWithError } from '../utils/output.js';
 import { getEffectiveCatalog } from '../devices/catalog.js';
 import { configFilePath, listProfiles, readProfileMeta } from '../config.js';
@@ -9,32 +10,128 @@ import { DAILY_QUOTA, todayUsage } from '../utils/quota.js';
 import { AGENT_BOOTSTRAP_SCHEMA_VERSION } from './agent-bootstrap.js';
 import { CATALOG_SCHEMA_VERSION } from '../devices/catalog.js';
 import { createSwitchBotMcpServer, listRegisteredTools } from './mcp.js';
+import { resolvePolicyPath, loadPolicyFile, PolicyFileNotFoundError, PolicyYamlParseError, } from '../policy/load.js';
+import { validateLoadedPolicy } from '../policy/validate.js';
+import { selectCredentialStore } from '../credentials/keychain.js';
+import { getActiveProfile } from '../lib/request-context.js';
+import { readDaemonState } from '../lib/daemon-state.js';
+import { isPidAlive } from '../rules/pid-file.js';
 export const DOCTOR_SCHEMA_VERSION = 1;
 async function checkCredentials() {
     const envOk = Boolean(process.env.SWITCHBOT_TOKEN && process.env.SWITCHBOT_SECRET);
-    if (envOk)
-        return { name: 'credentials', status: 'ok', detail: 'env: SWITCHBOT_TOKEN + SWITCHBOT_SECRET' };
+    const profile = getActiveProfile() ?? 'default';
+    let backendName = 'file';
+    let backendLabel = 'file';
+    let writable = true;
+    let keychainHasProfile = false;
+    try {
+        const store = await selectCredentialStore();
+        const desc = store.describe();
+        backendName = store.name;
+        backendLabel = desc.backend;
+        writable = desc.writable;
+        try {
+            const creds = await store.get(profile);
+            keychainHasProfile = Boolean(creds && creds.token && creds.secret);
+        }
+        catch {
+            keychainHasProfile = false;
+        }
+    }
+    catch {
+        // selectCredentialStore falls back to file; a throw here is unexpected but
+        // non-fatal — downstream callers degrade to the file path.
+    }
+    if (envOk) {
+        return {
+            name: 'credentials',
+            status: 'ok',
+            detail: {
+                source: 'env',
+                backend: backendName,
+                backendLabel,
+                writable,
+                profile,
+                message: 'env: SWITCHBOT_TOKEN + SWITCHBOT_SECRET',
+            },
+        };
+    }
+    if (keychainHasProfile && backendName !== 'file') {
+        return {
+            name: 'credentials',
+            status: 'ok',
+            detail: {
+                source: 'keychain',
+                backend: backendName,
+                backendLabel,
+                writable,
+                profile,
+                message: `keychain (${backendLabel}) has credentials for profile "${profile}"`,
+            },
+        };
+    }
     const file = configFilePath();
     if (!fs.existsSync(file)) {
         return {
             name: 'credentials',
             status: 'fail',
-            detail: `No env vars and no config at ${file}. Run 'switchbot config set-token'.`,
+            detail: {
+                source: 'none',
+                backend: backendName,
+                backendLabel,
+                writable,
+                profile,
+                message: `No env vars, no keychain entry for profile "${profile}", and no config at ${file}. Run 'switchbot config set-token' or 'switchbot auth keychain set'.`,
+            },
         };
     }
     try {
         const raw = fs.readFileSync(file, 'utf-8');
         const cfg = JSON.parse(raw);
         if (!cfg.token || !cfg.secret) {
-            return { name: 'credentials', status: 'fail', detail: `Config ${file} missing token/secret.` };
+            return {
+                name: 'credentials',
+                status: 'fail',
+                detail: {
+                    source: 'file',
+                    backend: backendName,
+                    backendLabel,
+                    writable,
+                    profile,
+                    message: `Config ${file} missing token/secret.`,
+                },
+            };
         }
-        return { name: 'credentials', status: 'ok', detail: `file: ${file}` };
+        const status = writable && backendName !== 'file' ? 'warn' : 'ok';
+        const hint = status === 'warn'
+            ? `Consider running 'switchbot auth keychain migrate' to move credentials into ${backendLabel}.`
+            : undefined;
+        return {
+            name: 'credentials',
+            status,
+            detail: {
+                source: 'file',
+                backend: backendName,
+                backendLabel,
+                writable,
+                profile,
+                message: `file: ${file}`,
+                ...(hint ? { hint } : {}),
+            },
+        };
     }
     catch (err) {
         return {
             name: 'credentials',
             status: 'fail',
-            detail: `Unreadable config ${file}: ${err instanceof Error ? err.message : String(err)}`,
+            detail: {
+                source: 'file',
+                backend: backendName,
+                backendLabel,
+                writable,
+                profile,
+                message: `Unreadable config ${file}: ${err instanceof Error ? err.message : String(err)}`,
+            },
         };
     }
 }
@@ -308,6 +405,124 @@ function checkAudit() {
         };
     }
 }
+function checkPolicy() {
+    // A policy file is optional — many users run the CLI without one. Report
+    // `ok` with `present: false` so agents can tell the difference between
+    // "no policy configured" (fine) and "policy broken" (needs attention).
+    const policyPath = resolvePolicyPath();
+    try {
+        const loaded = loadPolicyFile(policyPath);
+        const result = validateLoadedPolicy(loaded);
+        if (result.valid) {
+            return {
+                name: 'policy',
+                status: 'ok',
+                detail: {
+                    path: policyPath,
+                    present: true,
+                    valid: true,
+                    schemaVersion: result.schemaVersion,
+                },
+            };
+        }
+        return {
+            name: 'policy',
+            status: 'fail',
+            detail: {
+                path: policyPath,
+                present: true,
+                valid: false,
+                schemaVersion: result.schemaVersion,
+                errorCount: result.errors.length,
+                firstError: result.errors[0]
+                    ? {
+                        path: result.errors[0].path,
+                        line: result.errors[0].line,
+                        message: result.errors[0].message,
+                    }
+                    : undefined,
+                message: "run 'switchbot policy validate' for full diagnostics",
+            },
+        };
+    }
+    catch (err) {
+        if (err instanceof PolicyFileNotFoundError) {
+            return {
+                name: 'policy',
+                status: 'ok',
+                detail: {
+                    path: policyPath,
+                    present: false,
+                    message: "no policy file (optional — run 'switchbot policy new' to scaffold one)",
+                },
+            };
+        }
+        if (err instanceof PolicyYamlParseError) {
+            const first = err.yamlErrors[0];
+            return {
+                name: 'policy',
+                status: 'fail',
+                detail: {
+                    path: policyPath,
+                    present: true,
+                    valid: false,
+                    parseError: true,
+                    line: first?.line,
+                    col: first?.col,
+                    message: first?.message ?? err.message,
+                },
+            };
+        }
+        return {
+            name: 'policy',
+            status: 'warn',
+            detail: {
+                path: policyPath,
+                message: `could not read policy file: ${err instanceof Error ? err.message : String(err)}`,
+            },
+        };
+    }
+}
+async function checkKeychain() {
+    try {
+        const { selectCredentialStore } = await import('../credentials/keychain.js');
+        const store = await selectCredentialStore();
+        const desc = store.describe();
+        const isNative = desc.backend !== 'file';
+        if (!isNative) {
+            // Native keychain not available or not detected
+            return {
+                name: 'keychain',
+                status: 'warn',
+                detail: {
+                    backend: desc.backend,
+                    message: 'OS native keychain not detected — credentials stored in plain file (~/.switchbot/config.json). Consider installing a keychain backend for better security.',
+                    hint: process.platform === 'linux'
+                        ? 'Install libsecret (secret-tool) for GNOME Keyring support.'
+                        : process.platform === 'darwin'
+                            ? 'macOS Keychain is available — re-run `switchbot config set-token` to store credentials there.'
+                            : 'Windows Credential Manager is available — re-run `switchbot config set-token` to use it.',
+                },
+            };
+        }
+        return {
+            name: 'keychain',
+            status: 'ok',
+            detail: {
+                backend: desc.backend,
+                writable: desc.writable,
+                message: `Credentials stored in OS keychain (${desc.backend}).`,
+            },
+        };
+    }
+    catch (err) {
+        return {
+            name: 'keychain',
+            status: 'warn',
+            detail: { message: `Keychain probe failed: ${err instanceof Error ? err.message : String(err)}` },
+        };
+    }
+}
 function checkNodeVersion() {
     const major = Number(process.versions.node.split('.')[0]);
     if (Number.isFinite(major) && major < 18) {
@@ -315,6 +530,181 @@ function checkNodeVersion() {
     }
     return { name: 'node', status: 'ok', detail: `Node ${process.versions.node}` };
 }
+function detectShellFlavor() {
+    const shell = (process.env.SHELL ?? '').toLowerCase();
+    const comspec = (process.env.COMSPEC ?? '').toLowerCase();
+    if (shell.includes('pwsh') || shell.includes('powershell'))
+        return 'powershell';
+    if (comspec.includes('powershell') || comspec.includes('pwsh'))
+        return 'powershell';
+    if (comspec.endsWith('cmd.exe'))
+        return 'cmd';
+    if (shell.endsWith('/fish') || shell === 'fish')
+        return 'fish';
+    if (shell.endsWith('/zsh') || shell === 'zsh')
+        return 'zsh';
+    if (shell.endsWith('/bash') || shell === 'bash')
+        return 'bash';
+    return process.platform === 'win32' ? 'powershell' : 'unknown';
+}
+function buildPathFix(shell, missingSegment, npmBinDir) {
+    if (!npmBinDir) {
+        return process.platform === 'win32'
+            ? 'Run: npm prefix -g and add that directory to your PATH.'
+            : 'Run: npm prefix -g and add <prefix>/bin to your PATH.';
+    }
+    switch (shell) {
+        case 'powershell':
+            return `$env:Path = "${missingSegment};" + $env:Path  # persist via your PowerShell profile or System Properties`;
+        case 'cmd':
+            return `set PATH=${missingSegment};%PATH%  &&  setx PATH "${missingSegment};%PATH%"`;
+        case 'fish':
+            return `fish_add_path "${missingSegment}"`;
+        case 'zsh':
+            return `export PATH="${missingSegment}:$PATH"  # add to ~/.zshrc`;
+        case 'bash':
+            return `export PATH="${missingSegment}:$PATH"  # add to ~/.bashrc`;
+        default:
+            return `export PATH="${missingSegment}:$PATH"`;
+    }
+}
+function checkPathDiscoverability() {
+    // Detect whether the `switchbot` binary is reachable on PATH.
+    // This catches the common "npm install -g worked but PATH not updated" failure.
+    const isWindows = process.platform === 'win32';
+    const binaryName = isWindows ? 'switchbot.cmd' : 'switchbot';
+    // Find where npm puts global bins.
+    let npmBinDir = null;
+    try {
+        const prefix = execSync('npm prefix -g', { timeout: 4000, encoding: 'utf-8' }).trim();
+        npmBinDir = isWindows ? prefix : path.join(prefix, 'bin');
+    }
+    catch {
+        // npm not on PATH or other error; fall through.
+    }
+    // Check whether `switchbot` resolves via PATH.
+    let binaryOnPath = false;
+    let resolvedPath = null;
+    try {
+        const which = execSync(isWindows ? `where ${binaryName}` : `which ${binaryName}`, { timeout: 3000, encoding: 'utf-8' }).trim().split(/\r?\n/)[0];
+        if (which) {
+            binaryOnPath = true;
+            resolvedPath = which;
+        }
+    }
+    catch {
+        binaryOnPath = false;
+    }
+    if (binaryOnPath) {
+        return {
+            name: 'path',
+            status: 'ok',
+            detail: {
+                binaryOnPath: true,
+                resolvedPath,
+                npmBinDir,
+                message: `switchbot is reachable at ${resolvedPath}`,
+            },
+        };
+    }
+    // Not on PATH — figure out what the user should add.
+    const currentPath = process.env.PATH ?? '';
+    const missingSegment = npmBinDir && !currentPath.split(path.delimiter).includes(npmBinDir)
+        ? npmBinDir
+        : null;
+    const currentShell = detectShellFlavor();
+    const shellFix = buildPathFix(currentShell, missingSegment, npmBinDir);
+    return {
+        name: 'path',
+        status: 'warn',
+        detail: {
+            binaryOnPath: false,
+            resolvedPath: null,
+            npmBinDir,
+            missingPathSegment: missingSegment,
+            currentShell,
+            fix: shellFix,
+            message: `'switchbot' is not on PATH. ${shellFix}`,
+        },
+    };
+}
+function checkDaemon() {
+    const state = readDaemonState();
+    if (!state) {
+        return {
+            name: 'daemon',
+            status: 'warn',
+            detail: {
+                present: false,
+                message: 'No daemon state file found. Start one with `switchbot daemon start` if you want long-running automation.',
+            },
+        };
+    }
+    const pid = state.pid;
+    const running = pid !== null && (pid === process.pid || isPidAlive(pid));
+    return {
+        name: 'daemon',
+        status: running ? 'ok' : 'warn',
+        detail: {
+            present: true,
+            status: running ? 'running' : state.status,
+            pid: running ? pid : null,
+            stateFile: state.stateFile,
+            pidFile: state.pidFile,
+            logFile: state.logFile,
+            startedAt: state.startedAt ?? null,
+            stoppedAt: state.stoppedAt ?? null,
+            lastReloadAt: state.lastReloadAt ?? null,
+            lastReloadStatus: state.lastReloadStatus ?? null,
+            healthConfigured: typeof state.healthzPort === 'number',
+            healthzPort: state.healthzPort ?? null,
+            message: running
+                ? 'daemon running'
+                : 'daemon not running; use `switchbot daemon start` for long-running automation',
+        },
+    };
+}
+async function checkHealthEndpoint() {
+    const state = readDaemonState();
+    if (!state || typeof state.healthzPort !== 'number') {
+        return {
+            name: 'health',
+            status: 'warn',
+            detail: {
+                present: false,
+                message: 'No health endpoint configured. Start the daemon with `--healthz-port <n>` to enable it.',
+            },
+        };
+    }
+    const url = `http://127.0.0.1:${state.healthzPort}/healthz`;
+    try {
+        const res = await fetch(url);
+        const body = await res.json();
+        const overall = body?.data?.overall ?? 'unknown';
+        return {
+            name: 'health',
+            status: res.ok && overall !== 'down' ? 'ok' : 'warn',
+            detail: {
+                present: true,
+                url,
+                httpStatus: res.status,
+                overall,
+                message: res.ok ? `health endpoint reachable at ${url}` : `health endpoint returned HTTP ${res.status}`,
+            },
+        };
+    }
+    catch (err) {
+        return {
+            name: 'health',
+            status: 'warn',
+            detail: {
+                present: true,
+                url,
+                message: `health endpoint probe failed: ${err instanceof Error ? err.message : String(err)}`,
+            },
+        };
+    }
+}
 function checkMqtt() {
     // MQTT credentials are auto-provisioned from the SwitchBot API using the
     // account's token+secret — no extra env vars needed. Report availability
@@ -431,7 +821,9 @@ function checkMcp() {
 }
 const CHECK_REGISTRY = [
     { name: 'node', description: 'Node.js version compatibility', run: () => checkNodeVersion() },
+    { name: 'path', description: 'switchbot binary reachable on PATH', run: () => checkPathDiscoverability() },
     { name: 'credentials', description: 'credentials file present and parseable', run: () => checkCredentials() },
+    { name: 'keychain', description: 'OS keychain backend availability and usage', run: () => checkKeychain() },
     { name: 'profiles', description: 'profile definitions valid', run: () => checkProfiles() },
     { name: 'catalog', description: 'catalog loads', run: () => checkCatalog() },
     { name: 'catalog-schema', description: 'catalog vs agent-bootstrap version aligned', run: () => checkCatalogSchema() },
@@ -444,7 +836,10 @@ const CHECK_REGISTRY = [
         run: ({ probe }) => (probe ? checkMqttProbe() : checkMqtt()),
     },
     { name: 'mcp', description: 'MCP server instantiable + tool count', run: () => checkMcp() },
+    { name: 'policy', description: 'policy.yaml present + schema-valid (if configured)', run: () => checkPolicy() },
     { name: 'audit', description: 'recent command errors (last 24h)', run: () => checkAudit() },
+    { name: 'daemon', description: 'daemon state file + runtime status', run: () => checkDaemon() },
+    { name: 'health', description: 'health endpoint availability (daemon --healthz-port)', run: () => checkHealthEndpoint() },
 ];
 function applyFixes(checks, writeOk) {
     const results = [];
@@ -495,7 +890,7 @@ function applyFixes(checks, writeOk) {
 export function registerDoctorCommand(program) {
     program
         .command('doctor')
-        .description('Self-check the SwitchBot CLI setup: credentials, catalog, cache, quota, MQTT, MCP')
+        .description('Self-check the SwitchBot CLI setup: credentials, catalog, cache, quota, MQTT, daemon, health, MCP')
         .option('--section <names>', 'Comma-separated list of checks to run (see --list for names)')
         .option('--list', 'Print the registered check names and exit 0 without running any check')
         .option('--fix', 'Apply safe, reversible remediations for failing checks (e.g. clear stale cache)')
@@ -510,6 +905,7 @@ Examples:
   $ switchbot --json doctor | jq '.checks[] | select(.status != "ok")'
   $ switchbot doctor --list
   $ switchbot doctor --section credentials,mcp --json
+  $ switchbot doctor --section daemon,health --json
   $ switchbot doctor --probe --json
   $ switchbot doctor --fix --yes --json
 `)
@@ -561,6 +957,13 @@ Examples:
         };
         const overallFail = summary.fail > 0;
         const overall = overallFail ? 'fail' : summary.warn > 0 ? 'warn' : 'ok';
+        const total = summary.ok + summary.warn + summary.fail;
+        const rawScore = total > 0 ? Math.round(((summary.ok + summary.warn * 0.5) / total) * 100) : 100;
+        const maturityScore = Math.min(100, Math.max(0, rawScore));
+        const maturityLabel = maturityScore >= 90 ? 'production-ready'
+            : maturityScore >= 70 ? 'mostly-ready'
+                : maturityScore >= 40 ? 'needs-work'
+                    : 'not-ready';
         let fixes;
         if (opts.fix) {
             fixes = applyFixes(checks, Boolean(opts.yes));
@@ -574,6 +977,8 @@ Examples:
             const payload = {
                 ok: overall === 'ok',
                 overall,
+                maturityScore,
+                maturityLabel,
                 generatedAt: new Date().toISOString(),
                 schemaVersion: DOCTOR_SCHEMA_VERSION,
                 summary,
@@ -586,7 +991,11 @@ Examples:
         else {
             for (const c of checks) {
                 const icon = c.status === 'ok' ? '✓' : c.status === 'warn' ? '!' : '✗';
-                const detailStr = typeof c.detail === 'string' ? c.detail : JSON.stringify(c.detail);
+                const detailStr = typeof c.detail === 'string'
+                    ? c.detail
+                    : (typeof c.detail.message === 'string'
+                        ? (c.detail.message)
+                        : JSON.stringify(c.detail));
                 console.log(`${icon} ${c.name.padEnd(12)} ${detailStr}`);
             }
             console.log('');

package/dist/commands/events.js

@@ -114,10 +114,10 @@ export function startReceiver(port, pathMatch, filter, onEvent) {
             if (size > MAX_BODY_BYTES) {
                 bailed = true;
                 res.statusCode = 413;
-                res.setHeader('connection', 'close');
                 res.end('payload too large');
-                // Drop remaining upload without destroying the socket mid-flush.
-                req.on('data', () => { });
+                // Drain remaining upload so the client can read the 413 response before
+                // the connection closes naturally (avoids ECONNRESET racing the response).
+                req.resume();
                 return;
             }
             chunks.push(c);

package/dist/commands/explain.js

@@ -50,7 +50,6 @@ Examples:
                         parameter: c.parameter,
                         idempotent: c.idempotent,
                         ...(tier ? { safetyTier: tier } : {}),
-                        destructive: c.destructive,
                     };
                 })
                 : [];
@@ -114,7 +113,7 @@ function printHuman(r) {
     if (r.commands.length) {
         console.log('commands:');
         for (const c of r.commands) {
-            const flags = [c.idempotent && 'idempotent', c.destructive && 'destructive']
+            const flags = [c.idempotent && 'idempotent', c.safetyTier === 'destructive' && 'destructive']
                 .filter(Boolean)
                 .join(', ');
             const suffix = flags ? `  [${flags}]` : '';

package/dist/commands/health.js

@@ -0,0 +1,113 @@
+import http from 'node:http';
+import { printJson, isJsonMode, printTable, handleError } from '../utils/output.js';
+import { getHealthReport, toPrometheusText } from '../utils/health.js';
+import { intArg } from '../utils/arg-parsers.js';
+const HEALTHZ_SCHEMA_VERSION = '1.1';
+/**
+ * Create an HTTP request handler for the health endpoints. Exposed separately
+ * so integration tests can call it directly without binding a port.
+ */
+export function createHealthHandler(auditLogPath) {
+    return (req, res) => {
+        const url = (req.url ?? '/').split('?')[0];
+        if (url === '/healthz') {
+            const report = getHealthReport(auditLogPath);
+            const statusCode = report.overall === 'down' ? 503 : 200;
+            res.writeHead(statusCode, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ schemaVersion: HEALTHZ_SCHEMA_VERSION, data: report }));
+        }
+        else if (url === '/metrics') {
+            const report = getHealthReport(auditLogPath);
+            res.writeHead(200, { 'Content-Type': 'text/plain; version=0.0.4; charset=utf-8' });
+            res.end(toPrometheusText(report));
+        }
+        else {
+            res.writeHead(404, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Not found', paths: ['/healthz', '/metrics'] }));
+        }
+    };
+}
+export function registerHealthCommand(program) {
+    const health = program
+        .command('health')
+        .description('Report process health: quota, audit error rate, circuit breaker state.');
+    health
+        .command('check')
+        .description('Print a one-shot health report.')
+        .option('--prometheus', 'Emit Prometheus text format.')
+        .option('--audit-log <path>', 'Audit log path (default: ~/.switchbot/audit.log).')
+        .action((opts) => {
+        const report = getHealthReport(opts.auditLog);
+        if (opts.prometheus) {
+            process.stdout.write(toPrometheusText(report));
+            return;
+        }
+        if (isJsonMode()) {
+            printJson(report);
+            return;
+        }
+        const statusEmoji = report.overall === 'ok' ? '✓' : report.overall === 'degraded' ? '⚠' : '✗';
+        console.log(`${statusEmoji} overall: ${report.overall}  (${report.generatedAt})`);
+        console.log('');
+        printTable(['Component', 'Status', 'Detail'], [
+            ['quota', report.quota.status,
+                `${report.quota.used}/${report.quota.limit} (${report.quota.percentUsed}% used, ${report.quota.remaining} remaining)`],
+            ['audit', report.audit.status,
+                report.audit.present
+                    ? `${report.audit.recentErrors}/${report.audit.recentTotal} errors in 24h (${report.audit.errorRatePercent}%)`
+                    : 'log not present'],
+            ['circuit', report.circuit.status,
+                `${report.circuit.name}: ${report.circuit.state} (failures: ${report.circuit.failures})`],
+            ['process', 'ok',
+                `pid ${report.process.pid} · uptime ${report.process.uptimeSeconds}s · mem ${report.process.memoryMb}MB`],
+        ]);
+        if (report.overall !== 'ok')
+            process.exit(1);
+    });
+    // switchbot health serve [--port <n>]
+    health
+        .command('serve')
+        .description('Start an HTTP server exposing /healthz (JSON) and /metrics (Prometheus).')
+        .option('--port <n>', 'Port to listen on.', intArg('--port'), '3100')
+        .option('--host <host>', 'Bind address.', '127.0.0.1')
+        .option('--audit-log <path>', 'Audit log path.')
+        .addHelpText('after', `
+Endpoints:
+  GET /healthz   JSON health report (HTTP 200 ok/degraded, 503 when circuit is open).
+  GET /metrics   Prometheus text metrics.
+
+Example:
+  $ switchbot health serve --port 3100
+  $ curl http://127.0.0.1:3100/healthz
+`)
+        .action((opts) => {
+        const port = parseInt(opts.port, 10);
+        const handler = createHealthHandler(opts.auditLog);
+        const server = http.createServer(handler);
+        server.on('error', (err) => {
+            if (err.code === 'EADDRINUSE') {
+                handleError(Object.assign(new Error(`Port ${port} is already in use. Choose a different port with --port.`), { code: err.code }));
+            }
+            else {
+                handleError(err);
+            }
+        });
+        server.listen(port, opts.host, () => {
+            const addr = server.address();
+            const boundPort = typeof addr === 'object' && addr !== null ? addr.port : port;
+            if (isJsonMode()) {
+                printJson({ status: 'listening', host: opts.host, port: boundPort, endpoints: ['/healthz', '/metrics'] });
+            }
+            else {
+                console.log(`health server listening on ${opts.host}:${boundPort}`);
+                console.log('  GET /healthz  — JSON health report');
+                console.log('  GET /metrics  — Prometheus text metrics');
+            }
+        });
+        function shutdown() {
+            server.close(() => process.exit(0));
+        }
+        process.on('SIGTERM', shutdown);
+        process.on('SIGINT', shutdown);
+    });
+}