@tuent/sentinel 0.1.2 → 0.1.4

package/dist/{chunk-FWIISAZZ.js → chunk-LTBVWF5H.js}

@@ -4,14 +4,14 @@ import {
 } from "./chunk-LATQNIRW.js";
 import {
   discoverPolicy
-} from "./chunk-FMZWHT4M.js";
+} from "./chunk-B6S2PBS4.js";
 import {
   FORBIDDEN_BASENAMES
-} from "./chunk-QIYQWOLO.js";
+} from "./chunk-FIEIGBYL.js";
 import {
   loadPolicy,
   loadPolicyFromString
-} from "./chunk-WLIDSTS4.js";
+} from "./chunk-KWZ7JKKO.js";
 
 // src/setup/initClaudeCode.ts
 import { access, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
@@ -32,6 +32,7 @@ var HOOK_SCRIPT_SOURCE = `#!/usr/bin/env node
 import { readFileSync, appendFileSync, existsSync } from "node:fs";
 import { join, resolve, sep } from "node:path";
 import { spawn } from "node:child_process";
+import { createRequire } from "node:module";
 
 const GATEWAY_ENTRY_POINT = "__GATEWAY_ENTRY_POINT__";
 const PORT = 7847;
@@ -93,19 +94,45 @@ const FLOOR_HIGH = ["Bash", "Write", "Edit", "WebFetch", "NotebookEdit", "Task",
 // The marker default is [] \u2014 an un-substituted script stays strictest.
 const ALLOW_UNKNOWN_TOOLS = /* __ALLOW_UNKNOWN_TOOLS__ */ [];
 
-// Tier config uses flat format: { high, low, mcpDefault, unknownDefault } (plan v3.1 spec'd nested but simplified during 5a)
+// Tier config uses flat format: { high, low, mcpDefault } (plan v3.1 spec'd nested but simplified during 5a)
+// Validated field-by-field against safe defaults (enforcement-config sanity class):
+// the hook must never block the cc session on a config error, so invalid values
+// fall back to the fail-closed default AND are logged \u2014 never silently honored.
+// In particular mcpDefault was compared with === "high", so any typo silently
+// demoted ALL MCP tools to low tier gateway-down (allow-unlogged, the F-8 hole).
 function loadTiers() {
+  const DEFAULT_TIERS = {
+    high: ["Bash", "Write", "Edit", "WebFetch", "NotebookEdit", "Task", "Skill"],
+    low: ["Read", "Glob", "Grep", "WebSearch"],
+    mcpDefault: "high",
+  };
+  let parsed;
   try {
-    return JSON.parse(readFileSync(TIERS_PATH, "utf-8"));
+    parsed = JSON.parse(readFileSync(TIERS_PATH, "utf-8"));
   } catch {
-    // Default tiers if config is missing
-    return {
-      high: ["Bash", "Write", "Edit", "WebFetch", "NotebookEdit", "Task", "Skill"],
-      low: ["Read", "Glob", "Grep", "WebSearch"],
-      mcpDefault: "high",
-      unknownDefault: "high",
-    };
+    return DEFAULT_TIERS; // missing/unreadable config \u2014 safe defaults
   }
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    logFallback({ event: "tiers-config-invalid", reason: "top level must be an object", treatedAs: "defaults" });
+    return DEFAULT_TIERS;
+  }
+  const tiers = { ...DEFAULT_TIERS };
+  if (Array.isArray(parsed.high)) tiers.high = parsed.high.filter((t) => typeof t === "string");
+  else if (parsed.high !== undefined) logFallback({ event: "tiers-config-invalid", field: "high", reason: "must be an array of tool names", treatedAs: "defaults" });
+  if (Array.isArray(parsed.low)) tiers.low = parsed.low.filter((t) => typeof t === "string");
+  else if (parsed.low !== undefined) logFallback({ event: "tiers-config-invalid", field: "low", reason: "must be an array of tool names", treatedAs: "defaults" });
+  if (parsed.mcpDefault === "high" || parsed.mcpDefault === "low") tiers.mcpDefault = parsed.mcpDefault;
+  else if (parsed.mcpDefault !== undefined) logFallback({ event: "tiers-config-invalid", field: "mcpDefault", value: String(parsed.mcpDefault), reason: 'must be "high" or "low"', treatedAs: "high" });
+  // unknownDefault is NOT supported: unknown tools are ALWAYS high-tier
+  // gateway-down (see isHighSensitivity). It used to be written by init and
+  // read by nothing \u2014 a silent no-op knob. Warn so the operator knows.
+  if (parsed.unknownDefault !== undefined) logFallback({ event: "tiers-config-ignored", field: "unknownDefault", reason: "unsupported \u2014 unknown tools are always high-tier gateway-down" });
+  for (const key of Object.keys(parsed)) {
+    if (!["high", "low", "mcpDefault", "unknownDefault"].includes(key)) {
+      logFallback({ event: "tiers-config-unknown-key", key: key });
+    }
+  }
+  return tiers;
 }
 
 function isHighSensitivity(toolName, tiers) {
@@ -214,65 +241,37 @@ if (mode === "pre") {
   process.exit(0);
 
 } else if (mode === "session-start") {
-  // P5 cold-start readiness poll (kept byte-equivalent to
-  // setup/gatewayReadiness.ts \u2014 a generated string can't import it). Bounded WAIT
-  // on /api/sentinel/health so cc's first PreToolUse hits a LISTENING gateway
-  // instead of racing the daemon's warmup into the tiered fail-closed. Health
-  // returns 200 only once the port is bound AFTER baseline+translator wiring, so
-  // 200 == evaluation-ready. On timeout we exit anyway; the first pre-tool-use
-  // uses the existing fail-closed, UNCHANGED. Never fail-opens.
-  async function waitForGatewayReady() {
-    const deadline = Date.now() + 5000;
-    while (Date.now() < deadline) {
-      try {
-        const controller = new AbortController();
-        const timer = setTimeout(() => controller.abort(), 500);
-        try {
-          const res = await fetch(BASE_URL + "/api/sentinel/health", { signal: controller.signal });
-          if (res.ok) return; // evaluation-ready
-        } finally { clearTimeout(timer); }
-      } catch { /* not listening yet \u2014 retry until the bound */ }
-      await new Promise((r) => setTimeout(r, 100));
-    }
-    // timed out \u2014 fall through; the first pre-tool-use uses the existing fail-closed.
-  }
-
-  // Check if gateway is already running (simple liveness; full PID validity is 5c)
-  if (existsSync(PID_PATH)) {
+  // Delegate the FULL lifecycle decision \u2014 liveness, build-version check, relaunch
+  // on stale build, and spawn \u2014 to runSessionStart via the dual-mode daemon entry.
+  // One source of truth: this generated file carries NO copy of that logic
+  // (anti-drift). We resolve the daemon entry from the PROJECT (cwd) at
+  // hook-runtime so a relocated install (pnpm / version bump) launches the CURRENT
+  // build rather than the init-time baked path; we fall back to the baked path
+  // (dev tree, or package not resolvable from cwd). The launcher itself performs
+  // the bounded readiness wait, so awaiting its exit preserves the cold-start
+  // guarantee (first PreToolUse hits a ready gateway, or the existing fail-closed).
+  function resolveDaemonEntry() {
     try {
-      const pid = parseInt(readFileSync(PID_PATH, "utf-8").trim(), 10);
-      process.kill(pid, 0); // throws if process doesn't exist
-      await waitForGatewayReady(); // alive but may still be warming \u2014 wait, bounded
-      process.exit(0); // gateway is running (and now ready, or timed out)
-    } catch {
-      // Stale PID \u2014 continue to launch
-    }
+      const require = createRequire(join(process.cwd(), "package.json"));
+      const pkg = require.resolve("@tuent/sentinel/package.json");
+      const candidate = join(pkg, "..", "dist", "gatewayDaemon.js");
+      if (existsSync(candidate)) return candidate;
+    } catch { /* not resolvable from cwd \u2014 fall back */ }
+    return GATEWAY_ENTRY_POINT;
   }
 
-  // Discover .sentinel.yaml by walking up from cwd
-  let dir = process.cwd();
-  let policyPath = null;
-  while (true) {
-    const candidate = join(dir, ".sentinel.yaml");
-    if (existsSync(candidate)) { policyPath = candidate; break; }
-    const parent = join(dir, "..");
-    if (parent === dir) break; // filesystem root
-    dir = parent;
-  }
-
-  if (!policyPath) {
-    process.stderr.write("Sentinel: no .sentinel.yaml found. Gateway not started.\\n", () => process.exit(0));
-  }
-
-  // Launch gateway daemon (detached). Extension-aware: an installed package
-  // substitutes dist/gatewayDaemon.js (plain node); the dev tree substitutes a
-  // .ts (node --import tsx/esm).
-  const gatewayArgs = GATEWAY_ENTRY_POINT.endsWith(".ts")
-    ? ["--import", "tsx/esm", GATEWAY_ENTRY_POINT, "--policy", policyPath, "--port", String(PORT)]
-    : [GATEWAY_ENTRY_POINT, "--policy", policyPath, "--port", String(PORT)];
-  const child = spawn("node", gatewayArgs, { detached: true, stdio: "ignore" });
-  child.unref();
-  await waitForGatewayReady(); // bounded wait for the just-spawned daemon to bind
+  const entry = resolveDaemonEntry();
+  const launchArgs = entry.endsWith(".ts")
+    ? ["--import", "tsx/esm", entry, "--session-start", "--port", String(PORT), "--cwd", process.cwd()]
+    : [entry, "--session-start", "--port", String(PORT), "--cwd", process.cwd()];
+  await new Promise((res) => {
+    const child = spawn("node", launchArgs, { stdio: "ignore" });
+    // Safety bound: a wedged launcher must never hang the cc session. On timeout
+    // we return; the daemon may still be coming up and the first call fail-closes.
+    const safety = setTimeout(() => { try { child.kill(); } catch {} res(undefined); }, 15000);
+    child.on("exit", () => { clearTimeout(safety); res(undefined); });
+    child.on("error", () => { clearTimeout(safety); res(undefined); });
+  });
   process.exit(0);
 
 } else if (mode === "session-end") {
@@ -487,8 +486,7 @@ enforcement:
 var FAIL_CLOSED_TIERS = {
   high: ["Bash", "Write", "Edit", "WebFetch", "NotebookEdit", "Task", "Skill"],
   low: ["Read", "Glob", "Grep", "WebSearch"],
-  mcpDefault: "high",
-  unknownDefault: "high"
+  mcpDefault: "high"
 };
 async function runInitClaudeCode(options) {
   const force = options.force ?? false;
@@ -588,9 +586,22 @@ async function writeIfAbsent(path, content, force, report, mode) {
   report.created.push(path);
 }
 
+// src/setup/buildId.ts
+import { createHash } from "crypto";
+import { readFileSync } from "fs";
+function computeBuildId(entryPath) {
+  try {
+    return createHash("sha256").update(readFileSync(entryPath)).digest("hex");
+  } catch {
+    return "unknown";
+  }
+}
+
 // src/setup/sessionStart.ts
 import { spawn } from "child_process";
 import { homedir } from "os";
+import { openSync, closeSync, unlinkSync, statSync, mkdirSync } from "fs";
+import { join as join2 } from "path";
 
 // src/setup/gatewayReadiness.ts
 var GATEWAY_READY_TIMEOUT_MS = 5e3;
@@ -619,6 +630,87 @@ async function waitForGatewayReady(port, options) {
 }
 
 // src/setup/sessionStart.ts
+var KILL_GRACE_MS = 3e3;
+var KILL_POLL_MS = 100;
+var RELAUNCH_LOCK_STALE_MS = 15e3;
+function relaunchLockPath(home) {
+  return join2(home, ".dahlia", "gateway-relaunch.lock");
+}
+async function fetchHealthBuildId(port) {
+  try {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), 500);
+    try {
+      const res = await fetch(`http://localhost:${port}/api/sentinel/health`, {
+        signal: controller.signal
+      });
+      if (!res.ok) return null;
+      const body = await res.json();
+      return typeof body.buildId === "string" ? body.buildId : null;
+    } finally {
+      clearTimeout(timer);
+    }
+  } catch {
+    return null;
+  }
+}
+function isAlive(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function terminateDaemon(pid) {
+  try {
+    process.kill(pid, "SIGTERM");
+  } catch {
+    return;
+  }
+  const deadline = Date.now() + KILL_GRACE_MS;
+  while (Date.now() < deadline) {
+    if (!isAlive(pid)) return;
+    await new Promise((r) => setTimeout(r, KILL_POLL_MS));
+  }
+  if (isAlive(pid)) {
+    try {
+      process.kill(pid, "SIGKILL");
+    } catch {
+    }
+  }
+}
+function acquireRelaunchLock(home) {
+  const path = relaunchLockPath(home);
+  try {
+    closeSync(openSync(path, "wx"));
+    return true;
+  } catch {
+    try {
+      const age = Date.now() - statSync(path).mtimeMs;
+      if (age > RELAUNCH_LOCK_STALE_MS) {
+        unlinkSync(path);
+        closeSync(openSync(path, "wx"));
+        return true;
+      }
+    } catch {
+    }
+    return false;
+  }
+}
+function releaseRelaunchLock(home) {
+  try {
+    unlinkSync(relaunchLockPath(home));
+  } catch {
+  }
+}
+function spawnDaemon(entry, policyPath, port, home) {
+  const args = entry.endsWith(".ts") ? ["--import", "tsx/esm", entry, "--policy", policyPath, "--port", String(port)] : [entry, "--policy", policyPath, "--port", String(port)];
+  const child = spawn("node", args, { detached: true, stdio: "ignore" });
+  child.unref();
+  if (child.pid) writePidFile(home, child.pid);
+  return child.pid;
+}
 async function runSessionStart(options) {
   const cwd = options?.cwd ?? process.cwd();
   const home = options?.home ?? homedir();
@@ -627,24 +719,53 @@ async function runSessionStart(options) {
   if (!policyPath) {
     return { action: "no-policy" };
   }
+  mkdirSync(join2(home, ".dahlia"), { recursive: true });
+  const gatewayEntry = options?.gatewayEntry ?? resolveGatewayEntryPoint();
+  const localBuildId = computeBuildId(gatewayEntry);
   const lock = acquireGatewayLock(home);
   if (lock.reused) {
+    const remoteBuildId = await fetchHealthBuildId(port);
+    if (remoteBuildId !== null && remoteBuildId === localBuildId) {
+      await waitForGatewayReady(port);
+      return { action: "reused", pid: lock.pid, policyPath, relaunchReason: null };
+    }
+    const reason = remoteBuildId === null ? "health-unreachable-or-unknown" : "build-mismatch";
+    if (!acquireRelaunchLock(home)) {
+      await waitForGatewayReady(port);
+      const peerPid = acquireGatewayLock(home).pid ?? lock.pid;
+      return { action: "reused", pid: peerPid, policyPath, relaunchReason: null };
+    }
+    try {
+      if (lock.pid) await terminateDaemon(lock.pid);
+      const pid = spawnDaemon(gatewayEntry, policyPath, port, home);
+      await waitForGatewayReady(port);
+      return { action: "relaunched", pid, policyPath, relaunchReason: reason };
+    } finally {
+      releaseRelaunchLock(home);
+    }
+  }
+  if (!acquireRelaunchLock(home)) {
     await waitForGatewayReady(port);
-    return { action: "reused", pid: lock.pid, policyPath };
+    const peerPid = acquireGatewayLock(home).pid ?? void 0;
+    return { action: "reused", pid: peerPid, policyPath, relaunchReason: null };
   }
-  const gatewayEntry = resolveGatewayEntryPoint();
-  const gatewayArgs = gatewayEntry.endsWith(".ts") ? ["--import", "tsx/esm", gatewayEntry, "--policy", policyPath, "--port", String(port)] : [gatewayEntry, "--policy", policyPath, "--port", String(port)];
-  const child = spawn("node", gatewayArgs, { detached: true, stdio: "ignore" });
-  child.unref();
-  if (child.pid) {
-    writePidFile(home, child.pid);
+  try {
+    const relock = acquireGatewayLock(home);
+    if (relock.reused) {
+      await waitForGatewayReady(port);
+      return { action: "reused", pid: relock.pid, policyPath, relaunchReason: null };
+    }
+    const pid = spawnDaemon(gatewayEntry, policyPath, port, home);
+    await waitForGatewayReady(port);
+    return { action: "spawned", pid, policyPath, relaunchReason: null };
+  } finally {
+    releaseRelaunchLock(home);
   }
-  await waitForGatewayReady(port);
-  return { action: "spawned", pid: child.pid, policyPath };
 }
 
 export {
   runInitClaudeCode,
+  computeBuildId,
   runSessionStart
 };
-//# sourceMappingURL=chunk-FWIISAZZ.js.map
+//# sourceMappingURL=chunk-LTBVWF5H.js.map

package/dist/chunk-TKAKHSZ3.js

@@ -0,0 +1 @@
+//# sourceMappingURL=chunk-TKAKHSZ3.js.map