@vellumai/cli 0.7.1 → 0.7.2

package/src/lib/upgrade-lifecycle.ts

@@ -1,4 +1,8 @@
 import { randomBytes } from "crypto";
+import { spawnSync } from "child_process";
+import { existsSync, mkdirSync, writeFileSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
 
 import type { AssistantEntry } from "./assistant-config.js";
 import { saveAssistantEntry } from "./assistant-config.js";
@@ -18,6 +22,62 @@ import { resolveImageRefs } from "./platform-releases.js";
 import { exec, execOutput } from "./step-runner.js";
 import { compareVersions } from "./version-compat.js";
 
+// ---------------------------------------------------------------------------
+// Failure log capture
+// ---------------------------------------------------------------------------
+
+/** XDG-compliant directory for upgrade failure logs */
+function getUpgradeLogsDir(): string {
+  const stateHome =
+    process.env.XDG_STATE_HOME?.trim() || join(homedir(), ".local", "state");
+  return join(stateHome, "vellum", "upgrade-logs");
+}
+
+/**
+ * Capture stdout/stderr from all three containers after a readiness failure
+ * and write them to an XDG state directory. Returns the directory path so
+ * the caller can print it for the user.
+ *
+ * Runs best-effort — never throws.
+ */
+export async function captureUpgradeFailureLogs(
+  res: ReturnType<typeof dockerResourceNames>,
+  label: string,
+): Promise<string | null> {
+  const isoTimestamp = new Date().toISOString().replace(/[:.]/g, "-");
+  const logDir = join(getUpgradeLogsDir(), `${label}-${isoTimestamp}`);
+  try {
+    mkdirSync(logDir, { recursive: true });
+
+    const containers: [string, string][] = [
+      [res.assistantContainer, "assistant.log"],
+      [res.gatewayContainer, "gateway.log"],
+      [res.cesContainer, "credential-executor.log"],
+    ];
+
+    for (const [container, filename] of containers) {
+      try {
+        // Capture stdout + stderr together so container logs written to either
+        // stream (docker logs writes container stdout→stdout, stderr→stderr)
+        // are preserved in a single file. spawnSync avoids the execOutput
+        // limitation of returning only stdout on success.
+        const result = spawnSync("docker", ["logs", "--tail", "500", container], {
+          encoding: "utf8",
+          maxBuffer: 10 * 1024 * 1024, // 10 MB
+        });
+        const output = [result.stdout, result.stderr].filter(Boolean).join("");
+        if (output) writeFileSync(join(logDir, filename), output);
+      } catch {
+        // Container may not exist or may have already been removed
+      }
+    }
+
+    return existsSync(logDir) ? logDir : null;
+  } catch {
+    return null;
+  }
+}
+
 // ---------------------------------------------------------------------------
 // Shared constants & builders for upgrade / rollback lifecycle events
 // ---------------------------------------------------------------------------
@@ -734,6 +794,11 @@ export async function performDockerRollback(
     // Failure path — attempt auto-rollback to original version
     console.error(`\n❌ Containers failed to become ready within the timeout.`);
 
+    const logDir = await captureUpgradeFailureLogs(res, `${instanceName}-rollback-failure`);
+    if (logDir) {
+      console.log(`📋 Container logs saved to: ${logDir}`);
+    }
+
     if (currentImageRefs) {
       await broadcastUpgradeEvent(
         entry.runtimeUrl,

package/src/commands/pair.ts

@@ -1,212 +0,0 @@
-import { createHash } from "crypto";
-import { readFileSync } from "fs";
-import jsQR from "jsqr";
-import { hostname, userInfo } from "os";
-import { PNG } from "pngjs";
-
-import { saveAssistantEntry } from "../lib/assistant-config";
-import type { AssistantEntry } from "../lib/assistant-config";
-import type { Species } from "../lib/constants";
-import { saveGuardianToken } from "../lib/guardian-token";
-import type { GuardianTokenData } from "../lib/guardian-token";
-import { generateInstanceName } from "../lib/random-name";
-
-interface QRPairingPayload {
-  type: string;
-  v: number;
-  id?: string;
-  g: string;
-  pairingRequestId: string;
-  pairingSecret: string;
-}
-
-interface PairingResponse {
-  status: "approved" | "pending";
-  bearerToken?: string;
-  gatewayUrl?: string;
-}
-
-function decodeQRCodeFromPng(pngPath: string): string {
-  const fileData = readFileSync(pngPath);
-  const png = PNG.sync.read(fileData);
-  const code = jsQR(new Uint8ClampedArray(png.data), png.width, png.height);
-  if (!code) {
-    throw new Error("Could not decode QR code from the provided PNG image.");
-  }
-  return code.data;
-}
-
-function safeUserInfoUsername(): string {
-  try {
-    return userInfo().username;
-  } catch {
-    return "";
-  }
-}
-
-function getDeviceId(): string {
-  const raw = hostname() + safeUserInfoUsername();
-  return createHash("sha256").update(raw).digest("hex");
-}
-
-const PAIRING_POLL_INTERVAL_MS = 2000;
-const PAIRING_POLL_TIMEOUT_MS = 120_000;
-
-async function pollForApproval(
-  gatewayUrl: string,
-  pairingRequestId: string,
-  pairingSecret: string,
-): Promise<PairingResponse> {
-  const startTime = Date.now();
-
-  while (Date.now() - startTime < PAIRING_POLL_TIMEOUT_MS) {
-    const statusUrl = `${gatewayUrl}/pairing/status?id=${encodeURIComponent(pairingRequestId)}&secret=${encodeURIComponent(pairingSecret)}`;
-    const statusRes = await fetch(statusUrl);
-
-    if (!statusRes.ok) {
-      const body = await statusRes.text().catch(() => "");
-      throw new Error(
-        `Failed to check pairing status: HTTP ${statusRes.status}: ${body || statusRes.statusText}`,
-      );
-    }
-
-    const statusBody = (await statusRes.json()) as PairingResponse;
-
-    if (statusBody.status === "approved") {
-      return statusBody;
-    }
-
-    await new Promise((resolve) =>
-      setTimeout(resolve, PAIRING_POLL_INTERVAL_MS),
-    );
-  }
-
-  throw new Error("Pairing timed out waiting for approval.");
-}
-
-export async function pair(): Promise<void> {
-  const args = process.argv.slice(3);
-
-  if (args.includes("--help") || args.includes("-h")) {
-    console.log("Usage: vellum pair <path-to-qrcode.png>");
-    console.log("");
-    console.log(
-      "Pair with a remote assistant by scanning the QR code PNG generated during setup.",
-    );
-    process.exit(0);
-  }
-
-  const qrCodePath = args[0] || process.env.VELLUM_CUSTOM_QR_CODE_PATH;
-
-  if (!qrCodePath) {
-    console.error("Usage: vellum pair <path-to-qrcode.png>");
-    console.error("");
-    console.error(
-      "Pair with a remote assistant by scanning the QR code PNG generated during setup.",
-    );
-    process.exit(1);
-  }
-
-  const species: Species = "vellum";
-
-  try {
-    console.log("Reading QR code from provided image...");
-    const qrData = decodeQRCodeFromPng(qrCodePath);
-
-    let payload: QRPairingPayload;
-    try {
-      payload = JSON.parse(qrData) as QRPairingPayload;
-    } catch {
-      throw new Error("QR code does not contain valid pairing data.");
-    }
-
-    if (
-      payload.type !== "vellum-daemon" ||
-      !payload.g ||
-      !payload.pairingRequestId ||
-      !payload.pairingSecret
-    ) {
-      throw new Error("QR code does not contain valid Vellum pairing data.");
-    }
-
-    const instanceName = generateInstanceName(species);
-    const runtimeUrl = payload.g;
-    const deviceId = getDeviceId();
-    const deviceName = hostname();
-
-    console.log(`Pairing with remote assistant at ${runtimeUrl}...`);
-
-    const requestUrl = `${runtimeUrl}/pairing/request`;
-    const requestRes = await fetch(requestUrl, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        pairingRequestId: payload.pairingRequestId,
-        pairingSecret: payload.pairingSecret,
-        deviceId,
-        deviceName,
-      }),
-    });
-
-    if (!requestRes.ok) {
-      const body = await requestRes.text().catch(() => "");
-      throw new Error(
-        `Failed to initiate pairing: HTTP ${requestRes.status}: ${body || requestRes.statusText}`,
-      );
-    }
-
-    const requestBody = (await requestRes.json()) as PairingResponse;
-
-    let bearerToken: string | undefined;
-
-    if (requestBody.status === "approved") {
-      bearerToken = requestBody.bearerToken;
-    } else if (requestBody.status === "pending") {
-      console.log("Waiting for pairing approval...");
-      const approvedResponse = await pollForApproval(
-        runtimeUrl,
-        payload.pairingRequestId,
-        payload.pairingSecret,
-      );
-      bearerToken = approvedResponse.bearerToken;
-    } else {
-      throw new Error(
-        `Unexpected pairing response status: ${requestBody.status}`,
-      );
-    }
-
-    const customEntry: AssistantEntry = {
-      assistantId: instanceName,
-      runtimeUrl,
-      cloud: "custom",
-      species,
-      hatchedAt: new Date().toISOString(),
-    };
-    saveAssistantEntry(customEntry);
-
-    if (bearerToken) {
-      const tokenData: GuardianTokenData = {
-        guardianPrincipalId: "",
-        accessToken: bearerToken,
-        accessTokenExpiresAt: "",
-        refreshToken: "",
-        refreshTokenExpiresAt: "",
-        refreshAfter: "",
-        isNew: true,
-        deviceId: getDeviceId(),
-        leasedAt: new Date().toISOString(),
-      };
-      saveGuardianToken(instanceName, tokenData);
-    }
-
-    console.log("");
-    console.log("Successfully paired with remote assistant!");
-    console.log("Instance details:");
-    console.log(`  Name: ${instanceName}`);
-    console.log(`  Runtime URL: ${runtimeUrl}`);
-    console.log("");
-  } catch (error) {
-    console.error("Error:", error instanceof Error ? error.message : error);
-    process.exit(1);
-  }
-}