@venturewild/workspace 0.3.0 → 0.3.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@venturewild/workspace",
-  "version": "0.3.0",
+  "version": "0.3.2",
   "description": "Claude Code Web — Replit/Lovable-style chat-first browser UI that wraps the AI agent already installed on your machine.",
   "license": "MIT",
   "bin": {

package/server/src/daemon-bin.mjs

@@ -5,7 +5,7 @@
 // lookup chain so it works both in development (a locally built binary in
 // vendor/ or on PATH) and in a published install (the platform subpackage).
 
-import { existsSync } from 'node:fs';
+import { existsSync, readFileSync } from 'node:fs';
 import path from 'node:path';
 import url from 'node:url';
 import { createRequire } from 'node:module';
@@ -68,3 +68,21 @@ export function resolveDaemonBinary({ env = process.env, vendorRoot, requireReso
   // 4. last resort — spawn by name and let PATH resolve it.
   return { path: binName, source: 'path' };
 }
+
+/**
+ * The version of the INSTALLED per-platform daemon subpackage (e.g. `"0.1.3"`),
+ * or null when it can't be determined (resolved via PATH/vendor, or not found).
+ * Used by the supervisor to detect a stale running daemon after an auto-update
+ * (the daemon's own /health doesn't report a version), so it can recycle it.
+ */
+export function resolveDaemonVersion({ env = process.env, requireResolve } = {}) {
+  const tag = platformTag();
+  const resolvePkg = requireResolve || ((id) => require.resolve(id));
+  try {
+    const pkgJson = resolvePkg(`@venturewild/workspace-daemon-${tag}/package.json`);
+    const parsed = JSON.parse(readFileSync(pkgJson, 'utf8'));
+    return typeof parsed.version === 'string' ? parsed.version : null;
+  } catch {
+    return null;
+  }
+}

package/server/src/daemon-supervisor.mjs

@@ -192,6 +192,21 @@ export class DaemonSupervisor {
     return { stopped: true, pid };
   }
 
+  /**
+   * Recycle the daemon so it loads a freshly-resolved binary (after an
+   * auto-update). Stop the running process, wait for it to release its API port,
+   * then spawn again. Returns the `spawnDaemon` result.
+   */
+  async recycle() {
+    await this.stop();
+    // Wait for the old process to exit + free :PORT, else the new one can't bind.
+    const deadline = Date.now() + 5000;
+    while (Date.now() < deadline && (await this.health()).running) {
+      await new Promise((r) => setTimeout(r, 200));
+    }
+    return this.spawnDaemon();
+  }
+
   /** Combined status for `wild-workspace daemon status`. */
   async status() {
     const { running } = await this.health();

package/server/src/index.mjs

@@ -36,7 +36,15 @@ import { ActivityBus } from './activity.mjs';
 import { loadIdentity, saveIdentity, markOnboarded, TONES } from './agent-identity.mjs';
 import { probeAgentReadiness } from './agent-readiness.mjs';
 import { AutoUpdater, npmInstall, recordUpdate, loadUpdateSettings, PACKAGE_NAME } from './auto-update.mjs';
-import { consentStatus, revokeConsent, readAudit, OPERATE_TIER } from './support-consent.mjs';
+import {
+  consentStatus,
+  revokeConsent,
+  readAudit,
+  grantConsent,
+  OPERATE_TIER,
+  MAX_TIER,
+  MAX_GRANT_MINUTES,
+} from './support-consent.mjs';
 import { ClaudeLoginSession } from './agent-login.mjs';
 import { ErrorReporter } from './error-reporter.mjs';
 import { DaemonBridge } from './daemon.mjs';
@@ -1081,6 +1089,10 @@ export async function createServer(overrides = {}) {
       remainingMs: s.remainingMs,
       active,
       operate,
+      // Whether THIS viewer may grant/revoke (owner only) — drives the banner's
+      // one-tap "Allow VentureWild support" control so consent is never a CLI paste.
+      canGrant: Boolean(ROLE_CAPABILITIES[c.get('role')]?.chatWrite),
+      maxTier: MAX_TIER,
       lastAction: last ? { action: last.action, ts: last.ts, ok: last.ok } : null,
     });
   });
@@ -1092,6 +1104,31 @@ export async function createServer(overrides = {}) {
     return c.json({ audit: readAudit(globalDir(), { limit }) });
   });
 
+  // Phase 4 (Pillar E): the owner grants time-boxed support consent with a UI tap —
+  // so "yes, VentureWild may help" is a browser click, never a terminal paste (the
+  // CLI `support allow` still works too). Owner-only. Operate tiers (3/4) require an
+  // explicit confirmOperate so a stray tap can't hand over agent/shell control.
+  app.post('/api/support/grant', async (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    let body;
+    try {
+      body = await c.req.json();
+    } catch {
+      body = {};
+    }
+    const tier = Math.min(MAX_TIER, Math.max(1, Math.floor(Number(body.tier) || 1)));
+    const minutes = Math.min(MAX_GRANT_MINUTES, Math.max(1, Math.floor(Number(body.minutes) || 30)));
+    if (tier >= OPERATE_TIER && body.confirmOperate !== true) {
+      return c.json({ error: 'operate-confirm-required', tier }, 400);
+    }
+    const rec = grantConsent(globalDir(), { tier, minutes });
+    if (!rec) return c.json({ error: 'write-failed' }, 500);
+    appendLine('operator', `support consent granted via UI tier=${rec.tier} minutes=${minutes}`);
+    activityBus.publish({ type: 'support-granted', tier: rec.tier, at: Date.now() });
+    return c.json({ granted: true, tier: rec.tier, expiresAt: rec.expiresAt });
+  });
+
   app.post('/api/support/revoke', (c) => {
     const forbidden = require(c, 'chatWrite');
     if (forbidden) return forbidden;

package/server/src/supervisor.mjs

@@ -25,6 +25,7 @@ import fs from 'node:fs';
 import os from 'node:os';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
+import { resolveDaemonVersion } from './daemon-bin.mjs';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const DEFAULT_SERVER_ENTRY = path.join(__dirname, 'index.mjs');
@@ -125,6 +126,14 @@ export class WorkspaceSupervisor {
     superviseDaemon = env.WILD_WORKSPACE_NO_DAEMON_SUPERVISION !== '1',
     daemonPollMs = 10000, //          probe the daemon every 10s
     daemonSupervisorFactory = null, // test seam: (supervisor) => DaemonSupervisor-like
+    // Daemon version-drift restart (the daemon analog of RC1b): after an
+    // auto-update installs a new daemon binary, the long-lived daemon process
+    // keeps running the OLD code until something restarts it — so the support
+    // channel silently won't activate. We recycle the daemon when the installed
+    // subpackage version differs from the version the running daemon was spawned
+    // under (tracked in `daemon-runtime.json`, since the daemon's /health reports
+    // no version). Test seam: inject a version function.
+    daemonVersionImpl = () => resolveDaemonVersion({ env }),
   } = {}) {
     Object.assign(this, {
       serverEntry, workspaceDir, port, globalDir, node, pollMs,
@@ -132,13 +141,14 @@ export class WorkspaceSupervisor {
       crashLoopThreshold, diagnosticsImpl,
       autoRestartOnVersionDrift, versionImpl, installedVersionImpl,
       autoUpdate, updatePollMs, autoUpdaterFactory,
-      superviseDaemon, daemonPollMs, daemonSupervisorFactory,
+      superviseDaemon, daemonPollMs, daemonSupervisorFactory, daemonVersionImpl,
     });
     this.autoUpdater = null;
     this.updateTimer = null;
     this.daemonSupervisor = null;
     this.daemonTimer = null;
     this._daemonTicking = false;
+    this.daemonRuntimeFile = path.join(globalDir, 'daemon-runtime.json');
     this.logFile = path.join(globalDir, 'supervisor.log');
     this.serverLogFile = path.join(globalDir, 'server.out.log');
     this.lockFile = path.join(globalDir, 'supervisor.lock');
@@ -390,14 +400,58 @@ export class WorkspaceSupervisor {
    * channel) must stay up even when the server is crashed/mid-upgrade. Re-entrancy
    * guarded so a slow spawn can't overlap the next tick. Never throws.
    */
+  /** The daemon version the currently-running daemon was spawned under, or null. */
+  readDaemonMarker() {
+    try {
+      const v = JSON.parse(fs.readFileSync(this.daemonRuntimeFile, 'utf8'))?.daemonVersion;
+      return typeof v === 'string' ? v : null;
+    } catch {
+      return null;
+    }
+  }
+
+  writeDaemonMarker(version) {
+    if (!version) return; // unknown installed version (PATH/vendor) — don't pin
+    try {
+      fs.mkdirSync(this.globalDir, { recursive: true });
+      fs.writeFileSync(this.daemonRuntimeFile, JSON.stringify({ daemonVersion: version }));
+    } catch {
+      /* best-effort */
+    }
+  }
+
   async daemonTick() {
     if (!this.daemonSupervisor || this._daemonTicking) return 'skip';
     this._daemonTicking = true;
     try {
+      const installed = this.daemonVersionImpl();
       const h = await this.daemonSupervisor.health();
-      if (h && h.running) return 'healthy';
+      if (h && h.running) {
+        // Running — but is it the CURRENT binary? After an auto-update the daemon
+        // keeps the old code until recycled (RC1b analog). Recycle when the
+        // installed version differs from what we recorded at spawn (a null marker
+        // = spawned by a pre-drift-aware supervisor → treat as drift, recycle once).
+        if (installed && this.readDaemonMarker() !== installed && this.daemonSupervisor.recycle) {
+          this.log(
+            `daemon version drift (marker=${this.readDaemonMarker() || 'none'} installed=${installed}) — recycling`,
+          );
+          const r = await this.daemonSupervisor.recycle();
+          if (r && r.started) {
+            this.writeDaemonMarker(installed);
+            this.log(`daemon recycled to ${installed} (pid=${r.pid})`);
+            return 'recycled';
+          }
+          this.log(`daemon recycle failed: ${r?.error || 'unknown'}`);
+          return 'recycle-failed';
+        }
+        return 'healthy';
+      }
       const r = await this.daemonSupervisor.ensureRunning();
-      if (r && r.started) { this.log(`daemon respawned (pid=${r.pid})`); return 'respawned'; }
+      if (r && r.started) {
+        this.writeDaemonMarker(installed);
+        this.log(`daemon respawned (pid=${r.pid})`);
+        return 'respawned';
+      }
       if (r && r.alreadyRunning) return 'healthy';
       this.log(`daemon down, respawn not started: ${r?.error || 'unknown'}`);
       return 'failed';