@vellumai/cli 0.6.3 → 0.6.4

package/src/lib/retire-apple-container.ts

@@ -0,0 +1,102 @@
+import { createConnection } from "net";
+import { existsSync } from "fs";
+
+import type { AssistantEntry } from "./assistant-config.js";
+
+/**
+ * Retire an Apple Container assistant by sending a retire command to the
+ * macOS app via the management socket. The app handles the full lifecycle:
+ * stop the pod, archive the instance directory, remove the guardian token,
+ * deregister from the platform, and remove the lockfile entry.
+ */
+export async function retireAppleContainer(
+  name: string,
+  entry: AssistantEntry,
+): Promise<void> {
+  console.log(`\u{1F5D1}\ufe0f  Retiring Apple Container assistant '${name}'...\n`);
+
+  const mgmtSocket = entry.mgmtSocket as string | undefined;
+  if (!mgmtSocket) {
+    console.error(
+      `No management socket found for '${name}'.\n` +
+        "The assistant may not be running. If the macOS app is closed, " +
+        "open it and try again.",
+    );
+    process.exit(1);
+  }
+
+  if (!existsSync(mgmtSocket)) {
+    console.error(
+      `Management socket not found at ${mgmtSocket}.\n` +
+        "The assistant may have been stopped. Open the macOS app and try again.",
+    );
+    process.exit(1);
+  }
+
+  const handshake = JSON.stringify({ action: "retire" }) + "\n";
+
+  return new Promise<void>((resolve, reject) => {
+    const socket = createConnection({ path: mgmtSocket }, () => {
+      socket.write(handshake);
+    });
+
+    const TIMEOUT_MS = 30_000;
+    const chunks: Buffer[] = [];
+    let totalLen = 0;
+
+    socket.setTimeout(TIMEOUT_MS);
+    socket.on("timeout", () => {
+      console.error("Timed out waiting for retire response from the macOS app.");
+      socket.destroy();
+      process.exit(1);
+    });
+
+    socket.on("data", (data: Buffer) => {
+      chunks.push(data);
+      totalLen += data.length;
+      const accumulated = Buffer.concat(chunks, totalLen);
+      const nlIndex = accumulated.indexOf(0x0a);
+      if (nlIndex === -1) return;
+
+      const responseLine = accumulated.slice(0, nlIndex).toString("utf-8");
+      socket.destroy();
+
+      let response: { status: string; message?: string };
+      try {
+        response = JSON.parse(responseLine) as {
+          status: string;
+          message?: string;
+        };
+      } catch {
+        reject(new Error("Invalid response from management socket."));
+        return;
+      }
+
+      if (response.status === "ok") {
+        console.log(`\u2705 Apple Container assistant '${name}' retired.`);
+        resolve();
+      } else {
+        reject(
+          new Error(
+            `Retire failed: ${response.message || "unknown error"}`,
+          ),
+        );
+      }
+    });
+
+    socket.on("error", (err) => {
+      reject(new Error(`Management socket error: ${err.message}`));
+    });
+
+    socket.on("end", () => {
+      if (chunks.length === 0) {
+        reject(
+          new Error(
+            "Management socket closed without responding. " +
+              "The macOS app may have crashed during retire.",
+          ),
+        );
+      }
+    });
+  });
+}

package/src/lib/upgrade-lifecycle.ts

@@ -125,6 +125,72 @@ export async function captureContainerEnv(
   return captured;
 }
 
+/**
+ * Best-effort fetch of the running service group version from the gateway
+ * `/healthz` endpoint.  Returns `undefined` when the endpoint is
+ * unreachable or does not include a version field.
+ */
+export async function fetchCurrentVersion(
+  runtimeUrl: string,
+): Promise<string | undefined> {
+  try {
+    const resp = await fetch(`${runtimeUrl}/healthz`, {
+      signal: AbortSignal.timeout(5000),
+    });
+    if (resp.ok) {
+      const body = (await resp.json()) as { version?: string };
+      return body.version;
+    }
+  } catch {
+    // Best-effort
+  }
+  return undefined;
+}
+
+/**
+ * Determine the version that was running before the current one.
+ *
+ * Checks (in order):
+ *  1. `entry.previousVersion` (saved by the upgrade flow from health).
+ *  2. The releases list from the platform API — finds the version
+ *     immediately before `currentVersion`.
+ *
+ * Returns `undefined` when neither source yields a result.
+ */
+export async function fetchPreviousVersion(
+  currentVersion: string | undefined,
+  previousVersionFromLockfile: string | undefined,
+): Promise<string | undefined> {
+  // 1. Lockfile-cached value (written during upgrade from health endpoint)
+  if (previousVersionFromLockfile) return previousVersionFromLockfile;
+
+  // 2. Derive from releases list
+  if (!currentVersion) return undefined;
+  try {
+    const { getPlatformUrl } = await import("./platform-client.js");
+    const platformUrl = getPlatformUrl();
+    const resp = await fetch(`${platformUrl}/v1/releases/?stable=true`, {
+      signal: AbortSignal.timeout(10_000),
+    });
+    if (!resp.ok) return undefined;
+
+    const releases = (await resp.json()) as Array<{ version?: string }>;
+    const normalizedCurrent = currentVersion.replace(/^v/, "");
+
+    // Releases are ordered newest-first; find the entry right after the
+    // current version (i.e. the one that was running before the upgrade).
+    const idx = releases.findIndex(
+      (r) => (r.version ?? "").replace(/^v/, "") === normalizedCurrent,
+    );
+    if (idx >= 0 && idx + 1 < releases.length) {
+      return releases[idx + 1].version;
+    }
+  } catch {
+    // Best-effort
+  }
+  return undefined;
+}
+
 /**
  * Poll the gateway `/readyz` endpoint until it returns 200 or the timeout
  * elapses. Returns whether the assistant became ready.
@@ -314,27 +380,8 @@ export async function performDockerRollback(
     throw new Error("targetVersion is required for performDockerRollback");
   }
 
-  const currentVersion = entry.serviceGroupVersion;
-
-  // Validate target version < current version
-  if (currentVersion) {
-    const cmp = compareVersions(targetVersion, currentVersion);
-    if (cmp !== null) {
-      if (cmp > 0) {
-        const msg =
-          "Cannot roll back to a newer version. Use `vellum upgrade` instead.";
-        console.error(msg);
-        emitCliError("VERSION_DIRECTION", msg);
-        process.exit(1);
-      }
-      if (cmp === 0) {
-        const msg = `Already on version ${targetVersion}. Nothing to roll back to.`;
-        console.error(msg);
-        emitCliError("VERSION_DIRECTION", msg);
-        process.exit(1);
-      }
-    }
-  }
+  // Fetch the current running version from the health endpoint.
+  let currentVersion: string | undefined;
 
   const instanceName = entry.assistantId;
   const res = dockerResourceNames(instanceName);
@@ -383,7 +430,7 @@ export async function performDockerRollback(
   console.log("📸 Capturing current image references for rollback...");
   const currentImageRefs = await captureImageRefs(res);
 
-  // Capture current migration state for rollback targeting
+  // Capture current migration state and running version for rollback targeting
   let preMigrationState: {
     dbVersion?: number;
     lastWorkspaceMigrationId?: string;
@@ -395,25 +442,54 @@ export async function performDockerRollback(
     );
     if (healthResp.ok) {
       const health = (await healthResp.json()) as {
+        version?: string;
         migrations?: { dbVersion?: number; lastWorkspaceMigrationId?: string };
       };
       preMigrationState = health.migrations ?? {};
+      currentVersion = health.version;
     }
   } catch {
     // Best-effort
   }
 
+  // Validate target version < current version
+  if (!currentVersion) {
+    console.warn(
+      "⚠️  Could not determine current version from health endpoint — skipping version-direction check.\n",
+    );
+  }
+  if (currentVersion) {
+    const cmp = compareVersions(targetVersion, currentVersion);
+    if (cmp !== null) {
+      if (cmp > 0) {
+        const msg =
+          "Cannot roll back to a newer version. Use `vellum upgrade` instead.";
+        console.error(msg);
+        emitCliError("VERSION_DIRECTION", msg);
+        process.exit(1);
+      }
+      if (cmp === 0) {
+        const msg = `Already on version ${targetVersion}. Nothing to roll back to.`;
+        console.error(msg);
+        emitCliError("VERSION_DIRECTION", msg);
+        process.exit(1);
+      }
+    }
+  }
+
   // Persist rollback state to lockfile BEFORE any destructive changes
-  if (entry.serviceGroupVersion && entry.containerInfo) {
+  if (entry.containerInfo) {
     const rollbackEntry: AssistantEntry = {
       ...entry,
-      previousServiceGroupVersion: entry.serviceGroupVersion,
       previousContainerInfo: { ...entry.containerInfo },
+      previousVersion: currentVersion,
       previousDbMigrationVersion: preMigrationState.dbVersion,
       previousWorkspaceMigrationId: preMigrationState.lastWorkspaceMigrationId,
     };
     saveAssistantEntry(rollbackEntry);
-    console.log(`   Saved rollback state: ${entry.serviceGroupVersion}\n`);
+    if (currentVersion) {
+      console.log(`   Saved rollback state: ${currentVersion}\n`);
+    }
   }
 
   // Record rollback start in workspace git history
@@ -613,7 +689,6 @@ export async function performDockerRollback(
     // Swap current/previous state to enable "rollback the rollback"
     const updatedEntry: AssistantEntry = {
       ...entry,
-      serviceGroupVersion: targetVersion,
       containerInfo: {
         assistantImage: targetImageTags.assistant,
         gatewayImage: targetImageTags.gateway,
@@ -623,7 +698,6 @@ export async function performDockerRollback(
         cesDigest: newDigests?.["credential-executor"],
         networkName: res.network,
       },
-      previousServiceGroupVersion: entry.serviceGroupVersion,
       previousContainerInfo: entry.containerInfo,
       previousDbMigrationVersion: preMigrationState.dbVersion,
       previousWorkspaceMigrationId: preMigrationState.lastWorkspaceMigrationId,
@@ -749,7 +823,6 @@ export async function performDockerRollback(
                 currentImageRefs["credential-executor"],
               networkName: res.network,
             },
-            previousServiceGroupVersion: undefined,
             previousContainerInfo: undefined,
             previousDbMigrationVersion: undefined,
             previousWorkspaceMigrationId: undefined,